Skip to content

Change order of unknown and info severity

Lorenz van Herwaarden requested to merge consistent-unknown-info-status into master

What does this MR do and why?

This brings consistency in the order of the info and unknown severities in several places.

The "Unknown" severity should come after "Info".

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Location Before After
Vulnerability Report Count Tiles (order remains the same!) before-severity_counts after-severity_counts
Vulnerability Report Severity Filter before-vulnerability_report_severity_filter after-vulnerability_report_severity_filter
Vulnerability Report Grouping by Severity before-vulnerability_report_grouping after-vulnerability_report_grouping
New vulnerability form before-new_vulnerability after-new_vulnerability
Project Security Dashboard before-project_security_dashboard after-project_security_dashboard
Security Policy Scan Rule Builder before-security_orchestration_components_policy_editor_scan_result_rule_scan_filters_severity_filter after-security_orchestration_components_policy_editor_scan_result_rule_scan_filters_severity_filter

How to set up and validate locally

Prerequisites

  1. You need an EE license
  2. You need to have runners enabled (See $2408961 for setting up a runner)
  3. Import https://gitlab.com/gitlab-examples/security/security-reports
  4. Run a pipeline on master

Vulnerability Report (count, severity filter, grouping)

  1. Go to security report vulnerability report
  2. Validate that in the vulnerability count tiles, the "Unknown" severity is still last in order (after "Info")
  3. Validate that when clicking the severity filter dropdown, "Unknown" severity is now the last option
  4. Select Group By > Severity and validate that "Unknown" is the last group

New Vulnerability Form

  1. Go to security report vulnerability report
  2. Click Submit vulnerability
  3. Open the severity dropdown and validate that "Unknown" is the last option

Project Security Dashboard

  1. Go to the Security Report Security Dashboard (Secure > Security Dashboard)
  2. Validate that "Unknown" is the last severity in the legend

Security Policy Scan Rule Builder

  1. Go to Secure > Policies in the Security Reports project
  2. Click New Policy
  3. Click Select Policy in the Scan Result Policy tile
  4. In Select scan type dropdown, select Security scan
  5. Click on the All severity levels dropdown and validate that the "Unknown" option is last

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Lorenz van Herwaarden

Merge request reports