Your work - security - vulnerability report - Organization isolation

Your work > security - vulnerability report needs to be Organization isolated.

  • Scoping the URL to Organizations
  • Filtering queries to be isolated by Organization

Screenshot_2025-09-16_at_9.50.40_AM

Implementation guide

Frontend

We need to pass basePath to Vue router based on guidelines in https://docs.gitlab.com/development/fe_guide/vue/#vue-router. See below patch:

diff --git a/ee/app/assets/javascripts/security_dashboard/vulnerability_report_init.js b/ee/app/assets/javascripts/security_dashboard/vulnerability_report_init.js
index 5625ca806309..aa9e11e4faa8 100644
--- a/ee/app/assets/javascripts/security_dashboard/vulnerability_report_init.js
+++ b/ee/app/assets/javascripts/security_dashboard/vulnerability_report_init.js
@@ -75,6 +75,7 @@ export default (el, dashboardType) => {
     vulnerabilityQuotaFull,
     showRetentionAlert,
     validityChecksEnabled,
+    basePath,
   } = el.dataset;
 
   if (isUnavailable) {
@@ -150,7 +151,7 @@ export default (el, dashboardType) => {
     };
   }
 
-  const router = createRouter();
+  const router = createRouter({ basePath });
 
   return new Vue({
     el,
diff --git a/ee/app/views/security/vulnerabilities/index.html.haml b/ee/app/views/security/vulnerabilities/index.html.haml
index 9575d3034257..a82b2b440157 100644
--- a/ee/app/views/security/vulnerabilities/index.html.haml
+++ b/ee/app/views/security/vulnerabilities/index.html.haml
@@ -3,4 +3,4 @@
 - @noteable_type = 'Vulnerability'
 - @gfm_form = true
 
-#js-vulnerabilities{ data: instance_security_dashboard_data }
+#js-vulnerabilities{ data: instance_security_dashboard_data.merge({ base_path: security_vulnerabilities_path }) }
Edited by Peter Hegman