Do not show cluster image scanning vulnerabilities on development tab
What does this MR do and why?
Related #468330 (closed)
Do not show cluster image scanning vulnerabilities on development tab. This was happening because since the advanced filtering for the vulnerability report, the reportTypes
was not set to the default preset when no tool was selected.
This also properly tests the graphql filter functions in the
vulnerability_report_tabs component. It also simplifies the case where
the feature flag containerScanningForRegistryFlag
is enabled by
making it the default case and removing unnecessary tests when the
feature flag is disabled.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
How to set up and validate locally
- Import https://gitlab.com/gitlab-examples/security/security-reports
- Run pipeline in project
- Go to vulnerability report (by default already on the development tab), check graphql call to
projectVulnerabilities
and validate that the variablereportTypes
contains the default preset for report types on the development tab (and not does contain"CLUSTER_IMAGE_SCANNING"
. - If you use the tool filter to select some scanners, you can validate the variable
scanner
should contain those tools, andreportTypes
will not be sent. - You can also go to the group level vulnerability report and validate that, when no tools are selected,
reportTypes
is added with the default values. If you filter by tool, it will now addreportTypes
with your selected tools (and notscanner
because the group level report does not filter by the third-party scanners).