Skip to content

Do not show cluster image scanning vulnerabilities on development tab

What does this MR do and why?

Related #468330 (closed)

Do not show cluster image scanning vulnerabilities on development tab. This was happening because since the advanced filtering for the vulnerability report, the reportTypes was not set to the default preset when no tool was selected.

This also properly tests the graphql filter functions in the vulnerability_report_tabs component. It also simplifies the case where the feature flag containerScanningForRegistryFlag is enabled by making it the default case and removing unnecessary tests when the feature flag is disabled.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

How to set up and validate locally

  1. Import https://gitlab.com/gitlab-examples/security/security-reports
  2. Run pipeline in project
  3. Go to vulnerability report (by default already on the development tab), check graphql call to projectVulnerabilities and validate that the variable reportTypes contains the default preset for report types on the development tab (and not does contain "CLUSTER_IMAGE_SCANNING".
  4. If you use the tool filter to select some scanners, you can validate the variable scanner should contain those tools, and reportTypes will not be sent.
  5. You can also go to the group level vulnerability report and validate that, when no tools are selected, reportTypes is added with the default values. If you filter by tool, it will now add reportTypes with your selected tools (and not scanner because the group level report does not filter by the third-party scanners).

Merge request reports