Skip to content

Vulnerability info isn't serialized properly in Dependency List view

Summary

Request /:group/:project/security/dependencies returns array of dependencies when vulnerabilities value returns array of hashes with null values.

Example response:

[{
           ...
            "vulnerabilities": [
                {
                    "name": null,
                    "severity": null
                }
            ]
        }]

This lead to the issue when frontend doesn't render info about vulnerabilities in the table:

Screen_Shot_2019-07-31_at_16.00.42

Steps to reproduce

Note: this bug can be reproduced only on staging right now cause the whole feature is behind feature flag

  1. Go to the project with found dependency scanning vulnerabilities
  2. Go to Side menu Security & Complience => Dependency List
  3. Find dependency with vulnerabilities.
  4. Click on drop-down list "# vulnerabilities".

Example Project

https://staging.gitlab.com/secure-team-test/multiple-reports-per-category/dependencies

What is the current bug behavior?

No info about vulnerabilities

What is the expected correct behavior?

We should see info about vulnerabilities' name and severity.

Output of checks

this bug is happens on staging.gitlab.com

Possible fixes

Dig into how vulnerabilities are serialized

Related issue

https://gitlab.com/gitlab-org/gitlab-ee/issues/12406