Standalone vulnerabilities on Dependency List page - backend

Sub-issue for #214094 (closed)

Summary

Right now on Dependency List page, we have information about vulnerabilities, but it's not actionable. We need to provide a link to the standalone vulnerability page so users can interact with vulnerabilities.

Further details

We currently parse info for the Dependency List page on-fly. That means that vulnerabilities come not from the database but from the report itself. To link the Dependency List with Standalone vulnerabilities, firstly, we need to change the way we select vulnerabilities to the Dependency List payload.

We can use the vulnerability findings stored in the DB even though they're only available for the default branch, because the Dependency List is also limited to the default branch.

For now, relationship between Occurrence and Standalone vulnerability is 1:1 and it's not to be changed in near future

Implementation plan

• Add to DependencyEntity::VulnerabilityEntity field id (id of vulnerability) and url which is the path to the vulnerability's object page

Availability and Testing

SET will extend the current Dependency List End to End test to include Vulnerability verification. gitlab-org/quality/testcases#1672 (closed)