Proposal: Alternative approach for filtering where VR is enabled

I'm creating this issue to propose an alternative approach to [SPIKE] Add ability to filter vulnerability whe... (#477284 - closed) based on the assumption that the customer result we're trying to achieve is to make it easier to find vulnerabilities that can be resolved with AI.

Background

The approach proposed in [SPIKE] Add ability to filter vulnerability whe... (#477284 - closed) could introduce performance issues or issues with stale data in filter results. Finishing the work in Filter by Identifier on the Vulnerability Report (&13340) could make the filtering more performant, but that work is still in progress, and more investigation and testing is needed.

Proposal

While the team works out the complexities of filtering, we can still provide customer value by displaying just the AI badge icon for high-confidence CWEs when they appear in the vulnerability list — for example, in this design:

image.png

This MVC would make it easier for customers to see at a glance which vulnerabilities can be resolved with AI as they page through the list, vs ones that have AI for VE. While not the final solution, it's an improvement over the experience that exists today, and could be delivered sooner and won't get in the way when filtering is added later.

What do you all think about this alternative? @abellucci @nmccorrison @beckalippert @mbenayoun @rvider @sming-gitlab @subashis @dpisek

Edited by Becka Lippert