Add status indicators to Security section

Richard Chongrequested to merge
add-security-status-indicators into master

This MR adds status indicators to the Security section in team triage reports, providing at-a-glance visibility into vulnerability issues requiring attention.

What this MR does

Adds traffic light status indicators (Red/Amber/Green) to the Security section with a two-level structure:

  1. Summary table (always visible) - Shows status at a glance
  2. Collapsible details - Contains filtered issues table and full heatmap

Key Features

Status Calculation

Based on unlabeled issues, severity levels, and age-based SLA tracking:

  • Red: >2 unlabeled OR any S1 approaching SLA OR >3 S2 OR >10 S3 OR >15 S4
  • Amber: 1-2 unlabeled OR 1-3 S2 OR 5-10 S3 OR 8-15 S4
  • Green: No issues requiring attention

Age-Based SLA Tracking

Issues are flagged when approaching SLA deadline (2 weeks before):

  • S1/S2: Flagged if >16 days old (30-day SLA - 14 days buffer)
  • S3: Flagged if >46 days old (60-day SLA - 14 days buffer)
  • S4: Flagged if >76 days old (90-day SLA - 14 days buffer)

Section Structure

The Security section uses an intro/outro pattern with collapsible details:

  1. Summary table (outside collapsible) - Status and counts visible at a glance
  2. Collapsible <details> section containing:
    • Subsection header with status emoji (e.g., #### 🟢 Vulnerability Issues)
    • "Showing X items requiring attention" text
    • Contextual guidance with handbook link
    • Filtered issues table (only actionable items)
    • Full heatmap (all issues by priority/severity)

Example Output 

### 🔴 Security

| Status | Area | Summary |
|--------|------|---------||
| 🔴 | Vulnerability Issues | 45 total (2 without labels, 1 severity::1, 3 severity::2) - [Issue List](https://gitlab.com/groups/gitlab-org/-/issues?label_name[]=runner_core&label_name[]=bug::vulnerability&state=opened) |

<details>
<summary><b>View detailed breakdown</b></summary>

#### 🔴 Vulnerability Issues

Showing 8 items requiring attention (2 unlabeled, 1 S1, 3 S2) out of 45 total

Please see the [Security prioritization guidelines](https://handbook.gitlab.com/handbook/security/engaging-with-security/#severity-and-priority-labels-on-security-issues) for more detail on labeling requirements and SLA timelines.

| Issue | Priority | Severity | Age |
|-------|----------|----------|-----|
| https://gitlab.com/gitlab-org/gitlab/-/issues/12345 | 1 | 1 | 20d |
| https://gitlab.com/gitlab-org/gitlab/-/issues/12346 | 2 | 2 | 3w |
| https://gitlab.com/gitlab-org/gitlab/-/issues/12347 | - | 2 | 2w |
| https://gitlab.com/gitlab-org/gitlab/-/issues/12348 | 2 | - | 2w |

#### Full Security Heatmap

Security vulnerability issues for their priority and severity label are counted here. Please take a look at the issues
which fall into the columns indicating that the priority or severity labels
are currently missing.

Please see the [Security prioritization guidelines](https://handbook.gitlab.com/handbook/security/engaging-with-security/#severity-and-priority-labels-on-security-issues) for more detail.

|   | ~"severity::1" | ~"severity::2" | ~"severity::3" | ~"severity::4" | Missing Severity |
|---|----------------|----------------|----------------|----------------|------------------|
| **~"priority::1"** | [#12345](https://gitlab.com/gitlab-org/gitlab/-/issues/12345) (20d) | | | | |
| **~"priority::2"** | | [#12346](https://gitlab.com/gitlab-org/gitlab/-/issues/12346) (25d) | | | |
| **~"priority::3"** | | | [#12350](https://gitlab.com/gitlab-org/gitlab/-/issues/12350) (84d) | | |
| **~"priority::4"** | | | | [#12352](https://gitlab.com/gitlab-org/gitlab/-/issues/12352) (155d) | |
| **Missing Priority** | | [#12347](https://gitlab.com/gitlab-org/gitlab/-/issues/12347) (15d) | | | [#12348](https://gitlab.com/gitlab-org/gitlab/-/issues/12348) (17d) |

</details>

----

What teams see:

  1. Summary table (always visible) - Status emoji and counts at a glance without expanding
  2. Collapsible details - Click to see:
    • Subsection header with status emoji
    • Count of items requiring attention with breakdown
    • Guidance text with handbook link
    • Filtered table showing only actionable items (missing labels or approaching SLA)
    • Full heatmap for complete visibility of all issues

This gives teams both quick status visibility AND detailed context when needed.

Related Work Items

Implements: gitlab-org/quality/analytics/team#476 (closed)

Part of: gitlab-org/quality/analytics/team#436

Edited by Richard Chong

Merge request reports