Malware Package Status Filters
## TL;DR
Enable users to filter Dependency Lists and Vulnerability Reports by malicious package status.
## Scope
### In Scope
- Backend filter parameters for GraphQL APIs (project + group)
- Backend filter parameters for REST APIs (group-level only, if not yet migrated to GraphQL)
- Filter token UI for Dependency Lists (project + group)
- Filter token UI for Vulnerability Reports (project + group)
- URL query parameter sync for filters
### API Migration Note
Project-level APIs are fully migrated to GraphQL - no REST changes needed. Group-level APIs may require REST endpoint updates depending on the current migration status.
### Out of Scope
- Badge display (covered in [Display Malicious Package Information](https://gitlab.com/groups/gitlab-org/-/epics/20572))
- License gating (covered in [Gate Malicious Packages Behind SSCS Add-on](https://gitlab.com/groups/gitlab-org/-/epics/20574))
## Phase
* **Epic Phase:** Phase 2 - Malicious Package Status Filters
* **Parent Epic:** Malicious Package UI Representation and Filters
## Problem Statement
Users cannot filter their dependency or vulnerability lists to focus specifically on malicious package findings. This makes triage difficult when mixed with hundreds of CVE vulnerabilities.
## Proposed Approach
1. Backend adds `isMalicious` filter parameter to finders
2. Frontend adds filter token to existing filtered search components
3. Filter syncs to URL for shareability
## Feature Flag
- [x] Required
- **Flag name:** `malicious_package_filters`
- **Default state:** Disabled
- **Rollout plan:** Enable after badges are stable
## Success Criteria
- [ ] Users can filter Dependency List to show only malicious packages
- [ ] Users can filter Vulnerability Report to show only malware vulnerabilities
- [ ] Filters persist in URL and can be shared
- [ ] Filters work alongside existing filters (severity, state, etc.)
## Timeline
## Dependencies
- Blocked by: [Display Malicious Package Information](https://gitlab.com/groups/gitlab-org/-/epics/20572) (`isMalicious` field must exist)
- Blocks: [Gate Malicious Packages Behind SSCS Add-on](https://gitlab.com/groups/gitlab-org/-/epics/20574) (filters must exist to gate)
## Tasks
- [ ] [Backend - Add filtering support to Dependency APIs](https://gitlab.com/gitlab-org/gitlab/-/issues/587758)
- [ ] [Backend - Add filtering support to Vulnerability APIs](https://gitlab.com/gitlab-org/gitlab/-/issues/587759)
- [ ] [Frontend - Add filter token to Dependency Lists](https://gitlab.com/gitlab-org/gitlab/-/issues/587762)
- [ ] [Frontend - Add filter token to Vulnerability Reports](https://gitlab.com/gitlab-org/gitlab/-/issues/587760)
## Implementation Notes
_Keep this updated as work progresses._
## Decisions
- **Filter UX:** Standalone "Malicious" / `isMalicious` filter token on both Dependency List and Vulnerability Report (decided in [#551225](https://gitlab.com/gitlab-org/gitlab/-/issues/551225))
## Resources
- Design: https://gitlab.com/gitlab-org/gitlab/-/issues/551225
epic