Refactor vulnerability report scanner filter
What does this MR do and why?
This MR refactors the vulnerability report scanner filter to use the new components that we've been writing. Functionally it's the same as the old scanner filter except for one bug fix (mentioned in the comments below). Here's a video giving a rundown of how it works:
How to set up and validate locally
- To test the tool filter on a project without custom scanners, clone this project: https://gitlab.com/gitlab-org/govern/threat-insights-demos/personal-test-projects/security-reports-without-custom-scanner
- Run a pipeline against the master branch, then go to Security & Compliance -> Vulnerability report.
- Verify that the tool filter works as expected.
- To test the tool filter on a project with custom scanners, clone this project: https://gitlab.com/gitlab-examples/security/security-reports
- Repeat the steps above to verify that the tool filter works as expected, this time with vendor groups.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #376337 (closed)
Edited by Daniel Tian