### Summary When a group already contains projects, and those projects have no vulnerabilities found, we display the wrong message to the end user. ### Steps to reproduce 1. Find a group that has at least one project. Make sure all projects within the group has no vulnerabilities found. You can create a new group and add a new project to test this. 2. Go to **Group** > **Security & Compliance** > **Vulnerability Report** ### What is the current *bug* behavior? We display the following page:  ### What is the expected *correct* behavior? Instead we should display something like (probably instead of filters produced no results we should just say that projects have no vulnerabilities):  ### Possible fixes - ~frontend `ee/app/assets/javascripts/security_dashboard/components/first_class_group_security_dashboard.vue` is where the empty message is displayed. We should add an `if` clause there to render a different message when the group contains projects and they have no vulnerabilities. - ~frontend `ee/app/assets/javascripts/security_dashboard/graphql/vulnerable_projects.query.graphql` is the query responsible for fetching the projects. It has `hasVulnerabilities: true`. If we provide that argument as `false`, the query will always return the projects and then we can understand when projects are configured but have no vulnerabilities.