Skip to content

Add cluster token to enhanced vulnerability report filtering

Lorenz van Herwaarden requested to merge add-cluster-token into master

What does this MR do and why?

Related #433367 (closed)

This MR adds the cluster token which allows to filter by cluster agents on the operational project vulnerability report when the vulnerability_report_advanced_filtering feature flag is enabled.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

cluster-token

How to set up and validate locally

  1. Fork https://gitlab.com/gitlab-examples/security/security-reports
  2. Create vulnerabilities by running a pipeline against the default branch
  3. Go the Secure > Vulnerability Report inside the project and select Operational vulnerabilities tab
  4. Make sure to enable the feature flag: http://gdk.test:3000/rails/features and toggle vulnerability_report_advanced_filtering
  5. Because we don't have agents configured for this project (unless you do), we can mock the response.
    1. Use tweak chrome extension
    2. Click hamburger menu in extension and select import and use this config: tweak-config.json
    3. Make sure to replace the projectPath in the request payload with the project you're in!
    4. Enable by clicking play button. Refresh page.
  6. Interact with the Filtered Search (Cluster Token)
  7. We don't have actual operational vulnerabilities, so we validate by checking that the graphql query variables coming from the cluster_token.vue are the same when selecting cluster agents compared to when using the cluster_filter.vue. Namely: clusterAgentId variable is an array of the cluster agent ids, and is an empty array when "All clusters" is selected.
Edited by Lorenz van Herwaarden

Merge request reports