Skip to content

Unable to filter group level vulnerability report by specific dismissal reasons

Summary

Similar to the screenshot and steps in Bug: List doesn't match the filter (#421568 - closed), filtering the vulnerability report in a group or subgroup by dismissal reason does not yield the filtered list.

Steps to reproduce

The bug reproducible in the demo project's subgroup - https://gitlab.com/groups/gitlab-org/govern/threat-insights-demos/verification-projects/-/security/vulnerabilities/?state=FALSE_POSITIVE,MITIGATING_CONTROL

What is the current bug behavior?

All vulnerabilities are returned instead of the dismissed vulnerabilities filtered by reason.

What is the expected correct behavior?

Filtered list by dismissal reason should be returned

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

Implementation plan:

Edited by Subashis Chakraborty