Design | Post-MVC | Inline findings in the MR
In #322689 (closed) we defined the MVC for inline findings. This issue is a placeholder for any ideas that will expand upon those MVC implementations.
Problem to solve
As a developer, I want to see detected security vulnerabilities in the context of my code so that I can triage them (in addition to code quality issues) in the same place and without disrupting my workflow.
As a security engineer, I want to encourage developers on my team to triage their own vulnerabilities so that we can shift left and empower them to prioritize application security without adding additional time or effort to their workflow.
Intended users
Design explorations
Severity icons - hover state
Clicking on severity icons expands them below
Clicking on a vulnerability expands inline again for more detail**
Note: if there is only one finding on the line of code, this should be auto-uncollapsed. Below is only the collapsed state in the case where there are more than one security findings on a line.
Filter
Repurposes the Jump to next functionality of the Unresolved Threads component to its right; adds filters. The badges aim to show that the total number of available vulnerabilities may not all be shown, depending on filters that have been set.
Filter- collapsed
Filter - expanded
TBD: If the project has Vulnerability-Check enabled, should the default view be set to the blocker toggle on or off?
| No filter applied | Blocker toggle clicked to "on" |
|---|---|
 |
 |