Skip to content

Add more robust vulnerability report project filter

Daniel Tian requested to merge 284471-better-project-filter into master

What does this MR do?

On the group and instance-level security reports:

Group-level Instance-level
vulnerability_report_group vulnerability_report_instance

A project filter is shown that lets the users pick which projects to filter on (it's multi-select):
ksnip_20210415-003352

Previously, this filter would show the first 100 projects in the dropdown for a group/instance. If the group/instance has more than 100 projects (like the gitlab-org group), then any projects beyond the first 100 aren't shown, aren't selectable, and aren't searchable.

This MR fixes this bug by changing the project filter to match how other multi-select searchable dropdowns behave in GitLab, such as the assignee dropdown and labels dropdown on the MR page. We fetch the projects through a GraphQL query, but the server enforces a hard limit of 100 items per query. The dropdown search box also only does a client-side search through the dropdown options. We only do one request for projects, so we were only fetching the first 100 projects and only searching on those 100 projects, making it impossible to select anything beyond those first 100.

Video Walkthrough

project_filter

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #284471 (closed)

Edited by Daniel Tian

Merge request reports