Add popover for image and tag on vuln report page
What does this MR do and why?
This is the frontend portion to Add container_repository url to vulnerability l... (!159879 - merged) • Aditya Tiwari • 17.4 for the vuln list view
Add popover for image and tag on vuln report page
- Update only for container registry vulnerabilities
Changelog: changed
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Video Demo
Before | After |
---|---|
How to set up and validate locally
-
Set up a container registry locally (GDK docs) (technical docs) -
Navigate to "Secure -> Security Configuration" -
Toggle on
theContainer Scanning For Registry
card -
Push a container image to the registry to trigger a scanning job. -
After the job completes, wait for a new advisory to identify the new vulnerability, OR you can: -
Run the following in the Rails console:
occurrence = Sbom::Occurrence.last affected_components = [Gitlab::VulnerabilityScanning::PossiblyAffectedComponent.from_sbom_occurrence(occurrence)] advisory = FactoryBot.build(:vs_advisory) response = ::Security::VulnerabilityScanning::CreateVulnerabilityService.execute(advisory: advisory, affected_components: affected_components)
-
-
This code will create a vulnerability. -
In rails console check vulnerability.location
; it should display the registry URL. -
Visit the vulnerability report page and check the browser console output for the new field in the response in the "Image and Tag" column -
Hover over the "Image and Tag" column and observe the link in the popup -
Click on the link, confirm it works
Numbered steps to set up and validate the change are strongly suggested.
Related to #480763 (closed)
Edited by Fernando Cardenas