Show status filter without dismissal reason on pipeline security tab
The current status filter is grouped such that for the dismissed status it allows you to select: "All dismissal reasons" or one or more of the the dismissal reasons.
With the feature flag pipeline_security_dashboard_graphql
enabled, the same filter is shown on the pipeline security tab for findings. However, we can't filter findings on dismissal reasons at the moment. Because this might still be a couple milestones away, see Add the ability to do the filtering of dismissa... (#433033) • Unassigned • Backlog, as a first step we can make the status filter work for findings, by only allowing filtering by status and not dismissal reason. This is already a step forward compared to the table now which only allows you to hide dismissed findings with a toggle.
Implementation steps
There are 2 options:
- Create new status filter, e.g.
findings_status_filter.vue
which is largely based on thestatus_filter.vue
but does not allow you to filter on dismissal reasons. Instead, you can simply filter on the "Dismissed" status. - Extend the current
status_filter.vue
for the findings use case such that it does not show the dismissal reasons.
Option 1 seems like the best choice. We can easily reuse a lot of code from status_filter.vue
and make sure this component default to only showing the "Needs triage" findings (which is preferred for the findings report). Once we do have the ability to filter on dismissal reason for findings (#433033), we can simply remove this component and used the default status_filter.vue
. If we go for option 2, it'll make the existing component quite messy because we don't needs groups if we don't show dismissal reasons. This differentation will also make it quite a bit harder to test. Later on when we can use dismissal reasons, the removal of this differentation will also be harder than simply deleting a component.
Further implementation details
- create new component
findings_status_filter.vue
, largely based onstatus_filter.vue
, but without the group for dismissal reasons. This will simplify the component quite a bit. - Add spec for this new component
- Make use of this component in
ee/app/assets/javascripts/security_dashboard/components/pipeline/pipeline_vulnerability_report.vue
instead ofstatus_filter.vue
Verification steps
- go to this pipeline on a verification project (where the feature flag has been enabled): https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/security-reports-pipeline-security-listing-migration-and-enhancements/-/pipelines/1100011493/security
- verify that the status filter now does not show the dismissal reasons as possible options in the dropdown. Instead it's simply showing the possible states to filter on.
- you can test the general behavior of the filter further, like deselecting all options should select the "all" option. By default, the "Needs triage" state is selected, and that the query params sync with your selected options.