Add policy violation badge on vulnerability dependencies list

Alexander Turinskerequested to merge
561600-create-dependency-list-policy-violation-badge into master

What does this MR do and why?

Add policy violation badge on dependencies list vulnerabilities

  • check if dependency has a vulnerability that has violated a policy violation
  • show badge if it does
  • update tests

Changelog: added

EE: true

References

Screenshots or screen recordings

Before After
Screenshot_2025-12-10_at_12.21.51_PM Screenshot_2025-12-10_at_12.26.03_PM

How to set up and validate locally

  1. Upload a GitLab Ultimate license
  2. Enabled licenses in your GDK
  3. Clone https://staging.gitlab.com/govern-team-test/verification-projects/security-reports-with-dependency-paths
  4. Navigate to the project => Secure => Policies => New policy => New merge request approval policy
  5. Create a policy in warn mode and requires approval for any new or existing vulnerabilities
  6. Ensure you have runners set up for your GDK
  7. Run the pipeline for the project
  8. Create an MR that adds dependencies with vulnerabilities that would be picked up by the security policy OR modify this line to be true
  9. Navigate to the project => Secure => Dependency list
  10. Verify the Policy violation badge appears for dependencies with a tooltip

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #561600

Edited by Alexander Turinske

Merge request reports