Feedback issue - Display of Vulnerability Counts in the Vulnerability Report Page for Large Datasets

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Purpose

This issue is intended to be for collecting feedback on the usage of fuzzy counts on the vulnerability report page for severity counts.

Please add any concerns, comments or questions below.

Summary

Following the implementation of the fuzzy counts feature in GitLab 17.2, the vulnerability counts are now displayed as 1000+ for datasets exceeding 1000 vulnerabilities. While this change aimed to improve the performance of the vulnerability report page, it has raised concerns with some customers who prefer seeing the exact vulnerability count directly in the UI.

Workarounds

• GraphQL APIs project.vulnerabilitySeveritiesCount and group.vulnerabilitySeveritiesCount with the argument capped: false can be used to get exact counts. Note that for large data volumes this can timeout and that is the primary reason for using fuzzy counts.

• Security dashboard can be used to show exact numbers for detected and confirmed vulnerability counts. However it cannot give counts with the filtering options that is possible in vulnerability report.

• An alternate option is to use the export feature and perform custom parsing for the filters required to get the counts.