Skip to content

Security dashboard: fix latest vulnerability count

What does this MR do and why?

Security dashboard: fix latest vulnerability count

This commit fixes an issue where the security dashboard would show the latest vulnerability count for all states, including resolved ones.

It does so by adding a filter to the related query to only show "confirmed" and "detected" vulnerabilities.

Screenshots or screen recordings

Before After
Screenshot_2023-10-31_at_10.57.42_am Screenshot_2023-10-31_at_10.57.52_am

How to set up and validate locally

Prerequisites

  1. You need an EE license
  2. You need to have runners enabled (See $2408961 for setting up a runner)
  3. Import https://gitlab.com/gitlab-examples/security/security-reports
  4. Run pipeline on master

Validate

  1. Go to "Secure" -> "Security Dashboard"
  2. Verify that the graph is flat, especially the latest data point
  3. Open a second tab and navigate to "Secure" -> "Vulnerability Report"
  4. Make sure only the default status filters ("Needs triage" and "Confirmed" are selected)
  5. Verify that the vulnerability count matches the one for today's data on the security dashboard

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #429892 (closed)

Edited by David Pisek

Merge request reports

Loading