Pipeline Security Listing Migration and Enhancements
As part of https://gitlab.com/groups/gitlab-org/-/epics/8054+, this epic is focused on migrating the pipeline security listing table to GraphQL and retaining feature parity. Work is done behind the `:pipeline_security_dashboard_graphql` feature flag. It is enabled in the verification project [security-reports-pipeline-security-listing-migration-and-enhancements](https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/security-reports-pipeline-security-listing-migration-and-enhancements/-/pipelines/1100011493/security) ## Scope of work ### MVC * Bulk state (status) change for dismissal and needs triage * Related issue (activity column) * Status filtering (without dismissal reason) * Show dismissal reason * https://gitlab.com/gitlab-org/gitlab/-/issues/436975+ ### Post-MVC * Bulk state change for all states (add confirmed and resolved) * Dismissal reason filtering * Sorting * Activity column * Activity filter * Custom tool filtering <table> <tr> <th>Description</th> <th>Current</th> <th>Behind feature flag</th> <th>Issues</th> <th>Comments</th> </tr> <tr> <td>Overview</td> <td> ![report_overview_current](/uploads/00cca47bae8d55ca1ec69631727746bc/report_overview_current.png) </td> <td> ![report_overview_next](/uploads/53672ba15db08fb75a6edaec16fba265/report_overview_next.png) </td> <td> </td> <td> </td> </tr> <tr> <td>Show dismissal reason</td> <td>N/A</td> <td> ![Screenshot 2023-11-21 at 11.51.41.png](/uploads/5c7a1f078838875f234dad7bb97e3cab/Screenshot_2023-11-21_at_11.51.41.png) </td> <td> 1. https://gitlab.com/gitlab-org/gitlab/-/issues/432910+s, ~backend 2. https://gitlab.com/gitlab-org/gitlab/-/issues/433336+s, ~frontend </td> <td>The UI supports showing the dismissal reason badge, but the frontend needs to request the dismissal reason from the backend</td> </tr> <tr> <td>Related issue</td> <td> ![Screen_Shot_2022-05-10_at_9.34.28_pm](/uploads/2709d0704ac81bcd403be6bff5a155d1/Screen_Shot_2022-05-10_at_9.34.28_pm.png) </td> <td>Not yet implemented</td> <td> 1. https://gitlab.com/gitlab-org/gitlab/-/issues/362575+, ~frontend 2. https://gitlab.com/gitlab-org/gitlab/-/issues/433477+, ~frontend </td> <td>The vulnerability report has a column for this called "Activity", follow the same pattern here.</td> </tr> <tr> <td>Bulk state changes</td> <td> ![Screenshot 2023-11-15 at 18.26.47.png](/uploads/ae162eff39a42cd2d27b6bcf6d00e5d9/Screenshot_2023-11-15_at_18.26.47.png) <small>note: only dismissal and dismissal reasons aren't the canonical ones</small> </td> <td> ![Screenshot 2023-11-02 at 5.54.19 pm.png](/uploads/79372135cc0f38668994c73d990361e9/Screenshot_2023-11-02_at_5.54.19_pm.png) </td> <td> 1. https://gitlab.com/gitlab-org/gitlab/-/issues/331408+s 2. https://gitlab.com/gitlab-org/gitlab/-/issues/431818+s </td> <td>The UI is working but the mutations for findings are not linked and we currently only have mutations for findings for dismissing and reverting to detected, not for confirmed or resolved.</td> </tr> <tr> <td>"Dismissed as ..." filtering</td> <td> N/A <small>note: only a toggle to hide/show dismissed findings</small> </td> <td> ![Screenshot 2023-11-02 at 6.04.11 pm.png](/uploads/e00fd77e71d7680a275b74542a9a6c3d/Screenshot_2023-11-02_at_6.04.11_pm.png) </td> <td> 1. https://gitlab.com/gitlab-org/gitlab/-/issues/433033+s, ~backend 2. https://gitlab.com/gitlab-org/gitlab/-/issues/433337+s, ~frontend </td> <td>The UI is working, but the findings query does not support dismissal reasons filtering. There is some backend work required.</td> </tr> <tr> <td>Technical Debt</td> <td> </td> <td> </td> <td> 1. https://gitlab.com/gitlab-org/gitlab/-/issues/355840+s 2. https://gitlab.com/gitlab-org/gitlab/-/issues/362579+s 3. https://gitlab.com/gitlab-org/gitlab/-/issues/300757+s 4. https://gitlab.com/gitlab-org/gitlab/-/issues/431796+s 5. https://gitlab.com/gitlab-org/gitlab/-/issues/431800+s </td> <td>Issues tracking non-feature or functional changes.</td> </tr> <tr> <td>Filtered result empty state</td> <td> ![current_no_filters_results](/uploads/823b102d348e3b7e2bc934b89bfcdeed/current_no_filters_results.png) </td> <td> ![Screen_Shot_2022-05-12_at_4.27.22_pm](/uploads/6046d311326a34e753097d278a42c7f7/Screen_Shot_2022-05-12_at_4.27.22_pm.png) <small>note: the vulnerability report renders "Sorry, your filters produced no resuls"</small> </td> <td> https://gitlab.com/gitlab-org/gitlab/-/issues/362576+ </td> <td>The current behavior is the same as the one behind the feature flag, however on the vulnerability report we see a more specific message</td> </tr> <tr> <td>Sorting</td> <td>N/A</td> <td> ![Screen_Shot_2022-05-12_at_4.32.46_pm](/uploads/8542624c64fe01d8be3dc7ed38345b93/Screen_Shot_2022-05-12_at_4.32.46_pm.png) </td> <td> 1. https://gitlab.com/gitlab-org/gitlab/-/issues/360480+s, ~backend 2. https://gitlab.com/gitlab-org/gitlab/-/issues/361152+s, ~frontend </td> <td> Sortable columns: 1. Severity 2. Status 3. Description 4. Tool This is a ~"feature::enhancement". The current pipeline table does not show any sorting. </td> </tr> <tr> <td>Activity column (other than related issue)</td> <td>N/A</td> <td> ![Screenshot 2023-11-02 at 5.56.42 pm.png](/uploads/77bdb7930e40fce0c684fbc756686e38/Screenshot_2023-11-02_at_5.56.42_pm.png) </td> <td> </td> <td> UI can be reused. This is ~"feature::enhancement". There is some backend work to add the required filters to the GraphQL query. </td> </tr> <tr> <td>Activity filtering</td> <td>N/A</td> <td> ![Screenshot 2023-11-02 at 6.01.21 pm.png](/uploads/a952eadd2655a260859230a0dc4d3511/Screenshot_2023-11-02_at_6.01.21_pm.png) </td> <td> </td> <td> This is ~"feature::enhancement" UI can be reused. There is some backend work to add the required filters to the GraphQL query. </td> </tr> <tr> <td>Custom-tool filtering</td> <td>N/A</td> <td> ![Screenshot 2023-11-02 at 6.02.41 pm.png](/uploads/5dfa852b77d60daa8457dbe2b239bafa/Screenshot_2023-11-02_at_6.02.41_pm.png) </td> <td> </td> <td> This is ~"feature::enhancement" UI can be reused. There is some backend work to add the required filters to the GraphQL query. </td> </tr> <tr> <td>Create related issue (action button)</td> <td> ![Screen_Shot_2022-05-11_at_11.47.51_am](/uploads/1d6ad337c9bc635d76774f31884afbd4/Screen_Shot_2022-05-11_at_11.47.51_am.png) </td> <td>Will not implement</td> <td> </td> <td></td> </tr> <tr> <td>Create related Jira issue (action button)</td> <td> ![Screen_Shot_2022-05-11_at_11.46.46_am](/uploads/f640de0251110d894b9c4dfe51550d82/Screen_Shot_2022-05-11_at_11.46.46_am.png) </td> <td>Will not implement</td> <td> </td> <td> </td> </tr> <tr> <td>Undo dismissal (action button)</td> <td> ![Screen_Shot_2022-05-12_at_4.22.49_pm](/uploads/162cdbc2a3cb2f56fb15d238440d3be6/Screen_Shot_2022-05-12_at_4.22.49_pm.png) </td> <td>Will not implement</td> <td> </td> <td> </td> </tr> </table>
epic