Switch to filtered search on Pipeline Security tab (#577180) · Issues · GitLab.org / GitLab

Switch to filtered search on Pipeline Security tab

Feasibility was checked in https://gitlab.com/gitlab-org/gitlab/-/issues/560733+s. ## Summary The pipeline security tab (see [example](https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/security-dashboard-new/security-reports/-/pipelines/2474626263/security)) still uses the legacy dropdown-based vulnerability filters ([`vulnerability_filters.vue`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_filters.vue#L3)). The group-, project-, and instance-level vulnerability reports have already been migrated to the advanced filtered search with tokens. ## Proposal Migrate the pipeline security tab to use the same token-based filtered search that is already in place for the vulnerability report at all other levels. ## Benefits - **Consistent UX**: Users get a unified filtering experience across the pipeline security tab and all vulnerability report views. - **Improved maintainability**: Consolidating on a single filtering implementation reduces the surface area for bugs and simplifies future development. - **Code cleanup**: We will be able to clean up all filter dropdown components, as well as the filter wrapper. This will also leave us in a cleaner state and easier to reason about code so we can further refactor the filtered search approach on the vulnerability report and security dashboard. ## Implementation plan **Feature flag**: `pipeline_security_advanced_search` Migrate the **pipeline security tab** from the legacy dropdown-based filter UI (`vulnerability_filters.vue`) to the advanced filtered-search UI (`vulnerability_report_filtered_search.vue`) that group/project/instance vulnerability reports already use. This unifies the filter UX across all vulnerability reports, deletes ~10 legacy filter components, and enables future filter tokens to land in one place instead of two. Group-by (a feature only offered on group/project/instance reports) must remain hidden for pipeline. This requires decoupling the group-by visibility predicate from the advanced-filter visibility predicate in `vulnerability_report.vue`. Rolled out behind a feature flag; legacy filter components removed in a follow-up MR once the flag is fully enabled and cleaned up. ### Before & After ![Screenshot_2026-05-06_at_10.50.45](/uploads/64b73ebc6109033a855cf90402fd4dd5/Screenshot_2026-05-06_at_10.50.45.png){width=47%}![Screenshot_2026-05-06_at_10.49.59](/uploads/7a891406e897116649cf69decd87d61f/Screenshot_2026-05-06_at_10.49.59.png){width=53%} ### Sequence of tasks 1. https://gitlab.com/gitlab-org/gitlab/-/work_items/598048 — Decouple group-by and enable pipeline advanced search behind feature flag 1. https://gitlab.com/gitlab-org/gitlab/-/work_items/598049 — Pipeline status token 1. https://gitlab.com/gitlab-org/gitlab/-/work_items/598050 — Pipeline report-type support 1. https://gitlab.com/gitlab-org/gitlab/-/work_items/598051 — Rollout pipeline_security_advanced_search flag 1. https://gitlab.com/gitlab-org/gitlab/-/work_items/598052 — Cleanup legacy filter components and feature flag

issue