### Release notes Vulnerability Reports are often the primary way security teams triage and manage vulnerabilities. The current filtering and sorting options provide quick ways to focus the list view on a subset of vulnerabilities for more efficient workflows. You can also see any vulnerabilities that have associated Issues or which subsequent scans indicate are resolved. This Activity column indicates at a glance which vulnerabilities might be ready to close out, which are in progress, and which ones might need some attention. However, this column was not one you could filter or sort on.! You will now have even more control of your Vulnerability Report experience with the introduction of an Activity filter. Available in the Project, Group, and Security Center Vulnerability Reports, this new filter allows you to view vulnerabilities with Issues that are not yet resolved, that are resolved but have no associated Issues, that have Issues and are resolved, or that have no activity. The available filter options are mutually exclusive sets, allowing you to drill into precisely the vulnerability list view you need for any task. https://docs.gitlab.com/ee/user/application_security/vulnerability_report/ [Screen_Shot_2021-02-10_at_6.10.30_PM](/uploads/3903f5deedb3d1397874165abf798c83/Screen_Shot_2021-02-10_at_6.10.30_PM.png) ## Design (from Figma) See [Design Issue](https://gitlab.com/gitlab-org/gitlab/-/issues/222447) and parent Epics for details. | Columns/Tooltips | Filter | | - | - | |  |  | ## Proposed Behavior To keep this simple and moving forward, let's go with the following for now: * Selecting the `All` and `No activity` options will unselect all other options * `All` effectively turns off this filter and displays all vulnerabilities according to the other filter values * `No Activity` will only show vulnerabilities that do not have Issues and are still unresolved * Selecting `With issues` or `No longer detected` will unselect `All` or `No activity`. * You can select both `With issues` AND `No longer detected`. In this case, you will only see vulnerabilities that match both criteria. To help distinguish that the Activity filter behaves differently from the other filters, we will change the checkmarks next to `With issues` and `No longer detected` to checkboxes (`All` and `No activity` will remain as checkmarks\`). We can revisit the UX in a follow up issue after everyone is back from the holiday break. ## Implementation Plan - [ ] ~frontend update the filters to add a filter for activity - [x] Since these filters are static, I believe this involves just adding the filter to `ee/app/assets/javascripts/security_dashboard/helpers.js` and an update to the graphql query to filter by activity. - [x] the GraphQL query has been updated to take two more parameters `hasIssues` and `hasResolution` - [x] so the following filters should use the following parameters: - `All`: `hasIssues` = `null` and `hasResolution` = `null` - `No activity`: `hasIssues` = `false` and `hasResolution` = `false` - `With issues`: `hasIssues` = `true` and `hasResolution` = `false` - `No longer detected`: `hasIssues` = `false` and `hasResolution` = `true` - [ ] treat the `No activity` filter like the `All` filter (i.e. if `No activity` is selected, all other options are unselected, if another selection is made, `No activity` is unselected) Related to #230381