Implement Packager filter for Project and Group dependency list

Context

After a gap analysis of the features available on the group and project level dependency pages¹, we have begun work to bring the pages to parity.

This Issue

Feature Flag

This work is behind a wip feature flag called dependencies_page_filter_by_package_manager.

The FF rollout issue is here.

Feature.enable(:dependencies_page_filter_by_package_manager)

API to get supported package managers

{
  __type(name: "PackageManager") {
    enumValues {
      name
      description
    }
  }
}

API to filter by package managers

The dependency pages currently use rails controllers² for fetching the data. This controller route now supports filtering using the package_managers[]=foo URL param³.

Group example:

https://gitlab.com/groups/gitlab-org/govern/threat-insights-demos/personal-test-projects/-/dependencies.json?sort_by=severity&sort=desc&filter=all&page=1&package_managers[]=npm

Project example:

https://gitlab.com/gitlab-org/govern/threat-insights-demos/personal-test-projects/quintasan-dogfooding-security-scanning/-/dependencies.json?sort_by=severity&sort=desc&filter=all&page=1&package_managers[]=npm

Implementation Plan

• backend Add filtering by package manager to `Sbom::Aggr... (!179530 - merged) • Michael Becker • 17.9
• backend Add package manager filter to project/dependenc... (!179513 - merged) • Michael Becker • 17.9
• frontend add filtering support to the UI

---

1. There is a table of the analysis on the epic ↩

2. The project and group pages use separate controllers. ↩

3. The support for the url param was added here and the filtering support for the group level was added here ↩