Samantha Ming (3129e501) at 18 Mar 20:38

@aysegula thank you for reporting this -- yes it should be fixed in the %18.9 version. Could the customer have ran the pipeline in the previous version, could they try running it again?

Let me also loop in our backend engineer who helped with the fix...

@schmil.monderer do you mind looking into this? This self managed customer is still experiencing ready: false problem. You will need ZD access to see the ticket issue -- you can get it through Lumos if you don't have it already > https://handbook.gitlab.com/handbook/support/internal-support/#requesting-a-zendesk-light-agent-account.

@dpisek may I please pass this to you for maintainer review 😄

Thanks @lorenzvanherwaarden 😊

• Verify the info icon popover displays: "Open vulnerabilities by their top 10 most common CWE identifiers, stacked by severity."

• Test the severity filter

• Test URL param persistence

• Disable the feature flag and verify the panel is no longer shown.

What does this MR do and why?

Add a new VulnerabilitiesByIdentifierPanel component that displays vulnerability counts for the top 10 most common CWE identifiers, stacked by severity. The panel includes:

• GraphQL query with frontend mock resolver for development
• Severity filter with URL param sync
• Feature flag: new_security_dashboard_vulnerabilities_by_identifier
• Chart placeholder (chart implementation is a separate issue)

References

Related #593104

Screenshots or screen recordings

Before	After

How to set up and validate locally

1. Enable the feature flag: new_security_dashboard_vulnerabilities_by_identifier
2. Navigate to a group's security dashboard
3. Verify the "Vulnerabilities by identifier" panel appears in the bottom-right of the dashboard (next to "Vulnerabilities by age").
4. Verify the panel shows mock data (pure text) for 10 CWE identifiers (CWE-79, CWE-89, CWE-22, etc.) with bars stacked by severity.
5. Verify the info icon popover displays: "Open vulnerabilities by their top 10 most common CWE identifiers, stacked by severity."
6. Test the severity filter:
   • Select one or more severities (e.g., Critical, High)
   • Verify the data updates to show only selected severities
   • Verify the URL updates with vulnerabilitiesByIdentifier.severity=CRITICAL,HIGH
7. Test URL param persistence:
   • Reload the page with severity params in the URL
   • Verify the severity filter initializes with the correct values
8. Disable the feature flag and verify the panel is no longer shown.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Verified! Thanks for the clear steps @lorenzvanherwaarden 💯

@lorenzvanherwaarden nice work on this, I opened a thread from Duo that I think it might be valid. Other than that, LGTM, so pre-approving 👍

@lorenzvanherwaarden I think this is a valid point? 🤔

If the user selects a different severity filter, a re-fetch would happen right? And if it has the error, the error state will persist?

update(data) {
+ this.hasFetchError = false;
  return data?.group?.securityMetrics?.vulnerabilitiesByIdentifier || [];
},

@lorenzvanherwaarden thanks for the review! Addressed your feedback, hopefully we can skip the change as it will be addressed in a follow-up MR, scout's honor 👮

Opps, this change should have been in the next MR: Update code quality widget to use utils (!227748) 🙈

Actually if you don't mind, can we leave it, it will be fixed in the next MR -- saves me from a rebase for the follow-up MR 😅

Samantha Ming (89cc491c) at 18 Mar 16:21

... and 1 more commit

@svedova may I please pass this to you for maintainer review 😄

@dpisek lol, this is a shorter series 🙈 Thanks for the review and great suggestions! Fixed them all ✨

Yes, this is a really great point, thank you for raising this and providing the link! Will make the adjustment 💪

YES! Applying 💯

Samantha Ming (070e72d3) at 18 Mar 15:42

Samantha Ming (c42873b7) at 18 Mar 15:37