Skip to content
Snippets Groups Projects
Open Enhanced filtering and search on the Vulnerability Report
  • Enhanced filtering and search on the Vulnerability Report

  • Enhanced filtering and search on the Vulnerability Report

    Open Epic created by Matt Wilson

    :red_square: Updated Epic For Filter Improvements.

    Problems to solve

    • As of today, there is no built-in search functionality. Customers want to search for something specific in the Vulnerability Report and currently have to go page by page and CTRL+F to look for particular keywords.
    • There are several variables that users want to filter by (e.g. location, vulnerability type, identifier, date detected) that we don't offer with our current filters.
    • The current implementation of our static filters aren't scalable because of the limited horizontal space on the page. Wrapping to other lines may work, but a) it would push the primary content further down the page for some filters that aren't relevant to the user or to their particular task and b) searching among the many static filters for the right one would be time-consuming and may cause to cognitive overload.

    Intended users

    User experience: Design

    Design: MVC: Advanced filtering on the Vulnerab... (gitlab#342079 - closed)

    Proposal

    MVC - tracked in &13339 (closed)

    Users can filter by the following fields on the vulnerability report:

    • Status
    • Severity
    • Tool
    • Activity
    • Project (Group level)
    • Filter by Identifier &13340
      • Identifier = CVE-2023 prefix match only

    Post-MVC

    • Users can search with raw text/ keyword
      • 'HTTP' in description, fuzzy-text search
    • When you filter for some CWE, you need to get also the vulnerabilities corresponding to all the child-CWEs. Example is called out in this comment.
    • Filter by Location (folder or file)
    • Cluster (operational vulnerabilities)
    • Image (operational vulnerabilities)

    Post-MVC under consideration:

    • Detected Date
    • Separating out the Tool filter into analyzer and scanner separately
      • There's also a request to separate out the DAST API filter here
    • Compliance framework labels
      • On the Group Vulnerability Report, allows users to quickly select multiple projects within a compliance framework
    • On the group Vulnerability Report, users can filter by group or sub-group in addition to project, gitlab#469106
    • Implement filtering of vulnerabilities by Compliance Framework, gitlab#469109 (closed)

    Requirements

    1. User needs to be able to find a vulnerability with a custom string from the description field, so they can find something they're looking for if they are not able to find it with another filter.
    2. User needs to be able to easily change (edit, add, remove) any variable within the filters set whenever they start a new task, without having to remove and start over.
    3. User needs to be able to choose from is, is not, or is one of operator for any value.
    4. User needs to be able to include grouping (the || “any in the set” operator)
    5. User needs to be able to delineate filtering from searching, and the user experience needs to be predictable and not confusing for either.
    6. User needs to be able to use a filter that supports multi-word strings.
    7. User needs to be able to use a filter that looks inside sub-groups/projects of all levels for all filter types.
    8. User needs the component to be largely free from significant and long-standing bugs that limit utility and negatively impact usability.
    9. User should be able to quickly determine how the data is being filtered without any interaction (such as scrolling).
    Edited by Dean Agron

    Linked items 0

  • Link items together to show that they're related or that one is blocking others.

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first