Add humanized summary in drawer for vulnerability management policy
What does this MR do and why?
Related #465757 (closed)
Add humanized summary in drawer for vulnerability management policy
This adds a human readable summary to the policy drawer for the vulnerability management policy type. Several util functions have been added that help humanize the rules into a human readable format.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
Because the policy list cannot fetch vulnerability policy types and we can't persist those yet (backend work coming later), we need to mock a policy of the vulnerability management type.
Apply the following patch pbpaste | git apply to do so:
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policies/list_component.vue b/ee/app/assets/javascripts/security_orchestration/components/policies/list_component.vue
index 30c694a090b4..e86a046f863b 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policies/list_component.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policies/list_component.vue
@@ -120,6 +120,57 @@ export default {
getPoliciesWithType(this.policiesByType[type], POLICY_TYPE_FILTER_OPTIONS[type].text),
);
+ policies[1] = {
+ __typename: 'VulnerabilityManagementPolicy',
+ name: 'Resolve no longer detected',
+ yaml: '---\nname: Resolve no longer detected\ndescription: Auto-resolve all no longer detected vulnerabilities.\nenabled: true\nactions:\n- type: auto_resolve\nrules:\n- type: no_longer_detected\n severity_levels: ["high", "medium"]\n scanners: ["secret_detection", "dast"]\n- type: no_longer_detected\n severity_levels: ["critical", "high", "medium"]\n scanners: ["dependency_scanning", "container_scanning", "sast"]\n- type: no_longer_detected\n severity_levels: ["info"]\n scanners: []\n- type: no_longer_detected\n severity_levels: []\n scanners: ["sast"]',
+ editPath:
+ 'https://gdk.test:3443/gitlab-org/security-reports/-/security/policies/scan+exec+1/edit?type=scan_execution_policy',
+ enabled: true,
+ policyScope: {
+ __typename: 'PolicyScope',
+ complianceFrameworks: {
+ __typename: 'ComplianceFrameworkConnection',
+ nodes: [],
+ pageInfo: {
+ __typename: 'PageInfo',
+ hasNextPage: false,
+ hasPreviousPage: false,
+ startCursor: null,
+ endCursor: null,
+ },
+ },
+ excludingProjects: {
+ __typename: 'ProjectConnection',
+ nodes: [],
+ pageInfo: {
+ __typename: 'PageInfo',
+ hasNextPage: false,
+ hasPreviousPage: false,
+ startCursor: null,
+ endCursor: null,
+ },
+ },
+ includingProjects: {
+ __typename: 'ProjectConnection',
+ nodes: [],
+ pageInfo: {
+ __typename: 'PageInfo',
+ hasNextPage: false,
+ hasPreviousPage: false,
+ startCursor: null,
+ endCursor: null,
+ },
+ },
+ },
+ source: {
+ __typename: 'ProjectSecurityPolicySource',
+ project: { __typename: 'Project', fullPath: 'gitlab-org/security-reports' },
+ },
+ updatedAt: '2024-07-03T12:50:07+00:00',
+ policyType: 'Vulnerability management',
+ };
+
return policies.flat();
},
hasSelectedPolicy() {- enable feature flag
vulnerability_management_policy_type - go to a project
- go to Secure > Policies
- click on the mocked vulnerability management policy
- validate that the drawer opens and shows the summary, name, description, scope, and status
- validate that in the lists the rules in a human readable format. It mentions the individual scanners and severity levels for each rule if not all are selected. If all are selected (or it's an empty array, which means the same), for the scanners the sentence mentions "All scanners", and for severity levels it mentions "all severity levels"