Add more robust vulnerability report project filter
What does this MR do?
On the group and instance-level security reports:
Group-level | Instance-level |
---|---|
A project filter is shown that lets the users pick which projects to filter on (it's multi-select):
Previously, this filter would show the first 100 projects in the dropdown for a group/instance. If the group/instance has more than 100 projects (like the gitlab-org
group), then any projects beyond the first 100 aren't shown, aren't selectable, and aren't searchable.
This MR fixes this bug by changing the project filter to match how other multi-select searchable dropdowns behave in GitLab, such as the assignee dropdown and labels dropdown on the MR page. We fetch the projects through a GraphQL query, but the server enforces a hard limit of 100 items per query. The dropdown search box also only does a client-side search through the dropdown options. We only do one request for projects, so we were only fetching the first 100 projects and only searching on those 100 projects, making it impossible to select anything beyond those first 100.
Video Walkthrough
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because _____.
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #284471 (closed)