Skip to content

Fix security dashboard showing wrong count for more than 100 projects

Daniel Tian requested to merge 350156-fix-security-dashboard-project-count into master

What does this MR do and why?

The security dashboard shows a list of vulnerability grades with the number of projects in each grade. The backend has a hard limit of 100 projects per grade, so if the number of projects per grade is more than 100, the frontend is incorrectly showing that there's only 100 projects instead of the actual count.

This MR fixes it by displaying 100+ projects if there are more than 100 projects for a grade. We show "100+" for now even though we know the actual count because there's currently no way to fetch the projects beyond the first 100, so rather than display 150 projects when the list only has 100, we show 100+ projects to hint that there are more than 100, but we're only showing you the first 100. We already have a backend issue to add the ability to fetch past the first 100 projects, so this change is only temporary until that's completed: Improve the `group#vulnerabilityGrades` GraphQL... (#350110 - closed)

Note that in these screenshots I limit the number of projects to 1 so that if there are 2 or more, the bug is shown:

Before (shows 1 project when there are actually 2) After (shows 1+ projects)
ksnip_20220114-022827 ksnip_20220114-022802

How to set up and validate locally

It's difficult to create 100+ projects to test locally, so I recommend doing the following:

  1. Clone two copies of a project that has vulnerabilities, like this one, into the same group: https://gitlab.com/gitlab-examples/security/security-reports

  2. Run a pipeline on both projects so that their vulnerabilities are populated.

  3. Open ee/app/assets/javascripts/security_dashboard/graphql/queries/group_vulnerability_grades.query.graphql and add (first: 1) to vulnerabilityGrades. This will return only 1 project instead of 100:

ksnip_20220114-023241
  1. Go to the security dashboard and verify that "1+ projects" is shown.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #350156 (closed)

Edited by Daniel Tian

Merge request reports

Loading