Security Dashboard Upgrade - Persist applied filters and group-by selections to Query parameters

Summary

On the Vulnerability Report, we store selected filters within the URL's query parameters.

Screenshot_2025-08-13_at_11.28.10_am

This allows our users to share, bookmark, etc. a filter-selection. E.g.: https://gitlab.com/gitlab-org/gitlab/-/security/vulnerability_report/?scanner=brakeman,eslint

For the new security dashboard, we will have to support the URL-syncing of:

  1. Global-filters (filtered-search bar)
  2. Panel-level filters and group-by selections

While 1 is relatively straightforward and can be based on the existing implementation used by the Vulnerability Report, 2 will add complexity and will need some technical discovery on how to implement.

Implementation Plan

  1. Global filters: Handle initial value from and persisting to query string parameters in the security dashboard filtered search
  2. Panel filters: Handle initial value from and persisting to query string parameters in the panel itself where the panel filters are stored and the query is executed

Verification steps

  1. Go to https://gitlab.com/groups/gitlab-org/govern/threat-insights-demos/verification-projects/security-dashboard-new/-/security/dashboard

Page level

  1. Set the reportType and project filters on top
  2. Verify it syncs the report type values (comma separated) and project ids (comma separated)
  3. Verify that clicking "All report types" leaves the parameter empty
  4. Refresh page with query parameters and notice it loads charts correctly

Panel level

  1. Set the risk score group ("no grouping" or "project") and verify this syncs the query param riskScore.groupBy (is only set for "project" grouping)
  2. Set the vulnerabilities over time
    1. Grouping and verify this syncs the query param vulnerabilitiesOverTime.groupBy (is only set for "reportType" grouping)
    2. Time period and verify this syncs the query param vulnerabilitiesOverTime.timePeriod (not for 30 days, default value)
    3. Severities and verify this syncs the query param vulnerabilitiesOverTime.severity (not for "All severities"), with comma separated values
  3. Refresh page with any of these query params and verify it sets the panels correctly
Edited by Lorenz van Herwaarden