Skip to content

[FE] - [CS For Registry] Add tag details to show vulnerability page

Description

Include tag details on the vulnerability page following the design at https://gitlab.com/groups/gitlab-org/-/uploads/9eedfd23cd22a5749c8a2f8fc2d7b8bd/option-3-vulns-details.png.

Note:

  1. Explore options like linking to the registry image or utilizing existing information due to potential cost implications of adding tag details.
  2. Given the significance of this issue, consider breaking it down into multiple sub-issues.
  3. This could potentially be elevated to an epic.

User Impact

Users should be able to view tag details as depicted in the design at https://gitlab.com/groups/gitlab-org/-/uploads/9eedfd23cd22a5749c8a2f8fc2d7b8bd/option-3-vulns-details.png for vulnerabilities identified by CS for the registry.

Non-functional requirements

  • FF: This feature should be toggleable via a feature flag.
  • Testing: Incorporate unit tests/specs.

Implementation plan

Notes from PM

  • We want to link to the page that shows all versions of a particular image. We don't want to scope down to a particular tag.

backend needs

Weight Reasoning

  • 2 if provided the URL path, and tag from backend as part of the existing vulnerability object. The location field needs to be updated.

Verification steps

  1. Activate the feature flag.
  2. Enable the CS for registry feature.
  3. Ingest a SBOM report with metadata.tools as registry event set as a part of [CS For Registry] Set SBOM occurrence source to... (#443634 - closed)
  4. Verify that db records are created as per the requirements.
  5. Run advisory scanner and report parser.
  6. Verify that the vulnerabilities are created with report_type: CONTAINER_SCANNING_FOR_REGISTRY
  7. Verify that the group and project GraphQL endpoints returns these vulnerabilities on applying the filter for report_type: CONTAINER_SCANNING_FOR_REGISTRY.
  8. Confirm the presence of tag details on vulnerability page.
Edited by Fernando Cardenas