Use scope param instead of hide_dismissed
- Related issue: #9102 (closed)
- Backend MR: !16692 (merged)
- Feature flag:
hide_dismissed_vulnerabilities
What does this MR do?
When initially implementing the Hide dismissed vulnerabilities toggle, it was first decided to send a hide_dismissed
parameter to the API. We then realized that the Pipeline Security Dashboard fetches vulnerabilities through the Vulnerabilities API which accepts a scope
parameter to filter out dismissed vulnerabilities, while other security dashboards use another API that don't accept any parameter for filtering out dismissed vulnerabilities.
The changes introduced in this MR ensure that the toggle works in all security dashboards, whatever the context, by replacing the hide_dismissed
API parameter with scope
.
Additionally, since we expect dismissed vulnerabilities to be hidden by default, the scope
parameter's initial value has been changed from all
to dismissed
in the Pipeline Security Dashboard (which results in dismissed vulnerabilities being filtered out).
How to test this?
- Make sure you've enabled the
hide_dismissed_vulnerabilities
feature flag - These changes should be effective right off the bat in Pipeline Security Dashboards.
- In other Project & Group Security Dashboards, the backend had to be updated to implement the
scope
parameter. The implementation was done in !16692 (merged), which needs to be pulled on top of the present changes to fully test this.
The following video shows how the toggle reacts in a Project Security Dashboard:
Does this MR meet the acceptance criteria?
Conformity
Performance and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.