Host details page: software vulnerability severity filters

[noahtalerman]

Goal

User story
As an IT admin on the Host details page,
I want to filter a host's software by vulnerability data (vulnerable: yes/no, severity, and known exploit)
so that I can see which software installed has critical vulnerabilities.

Objective

Customer promises + renewal requests

Original request

• Add ability to view critical vulnerabilities that contribute to issues count for a host #21438

Context

• Product designer: @randy-fleet

Changes

Add severity vulnerability filters to Host details > Software experience. Reusing existing "Add filters" from All Software page to be consistent.

Product

• UI changes: Figma
• CLI (fleetctl) usage changes: No changes
• YAML changes: No changes
• REST API changes: PR
• Fleet's agent (fleetd) changes: NA
• Activity changes: NA
• Permissions changes: No changes
• Changes to paid features or tiers: No changes
• Other reference documentation changes: No changes
• Once shipped, requester has been notified

Engineering

• Feature guide changes: Check if there is an existing guide to update
• Database schema migrations: no need
• Load testing: no need
• Frontend - implement as in Figma
• Backend - implement the API change as in the above PR
• Test-plan - To be created by QA.

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: No
• Risk level: Low

Manual testing steps

Hosts detail >> software page:
Search text shows "Search by name or vulnerability (CVE) Removed, this will be added with #27003

• Vulnerabilities column is added
• Vulnerabilities column is visible at px and hidden at px
• When more than one vulnerability exists per software line, "n vulnerabilities" shown with tooltip of first 3 vulnerabilities +n more is shown when hovering.
• "Vulnerable software" is no longer shown in main filter dropdown
• Add filters option shows to the right of the search bar
• Add filters option is visible at px and hidden at px
• New Filters states shown "Add filters", "1 filter", "2 filters"

Premium:

• Filters modal has options for "Vulnerable software", severity, and Has known exploit
• If Vulnerable software is toggled off, Severity and Has known exploit can not be selected.

Free:

• Only "Vulnerable software" toggle is available in the modal

Premium/Free:

• Filters should save when clicking "Apply" and not save when "Cancel" is clicked
• Filters should return correct software items when each option is selected.
• Tooltip on Severity that indicates "The worst case impact across different environments (CVSS version 3.x base score).

Testing notes

Confirmation

1. Engineer (@____): Added comment to user story confirming successful completion of QA.
2. QA (@____): Added comment to user story confirming successful completion of QA.

[noahtalerman]

Hey @harrisonravazzolo, @zayhanlon, and @dherder we peeled this user story off of this customer request and brought the story into the design sprint.

@randy-fleet I assigned this one to you since you have some open capacity.

I think this one is real quick. Might not even need to go through design review. I think we can just add a screenshots of the existing "Add filters" experience on the Software page (if it works), fill out the TODOs in the product section (or ask for engineering to help) and we're good to go:

[randy-fleet]

@noahtalerman Because we're skipping design review on this, can you review async? I'm reusing the "Add filters" experience from the Software page, but I'm also suggesting two additional small changes:

• Removing the existing Vulnerable software filter
• Adding vulnerabilities column to software list to provide the necessary context

[sharon-fdm]

Estimations -
BE: 5
FE: 5

[noahtalerman]

Hey @zayhanlon heads up, this user story didn't make it into the upcoming engineering sprint due to capacity.

It's still prioritized. We left it on the drafting board so that it can be pulled into the next engineering sprint.

[lukeheath]

@mostlikelee @jmwatts Please make sure to add a test plan before bringing this into a sprint. Thanks!

[RachelElysia]

@eugkuo I noticed the figma designs https://www.figma.com/design/VGeqt03FumEtiR71NYEnl0/%2322445-Host-details%3A-Software-vulnerability-severity-filters?node-id=5301-10796&t=23YI4DfUd73ySMKG-0
include an updated timestamp, but that's not return from this API. I think it should be removed from the design unless it was intentionally put there, in which case, dev will need to add updated timestamp full stack.

[eugkuo]

@RachelElysia:

@eugkuo I noticed the figma designs https://www.figma.com/design/VGeqt03FumEtiR71NYEnl0/%2322445-Host-details%3A-Software-vulnerability-severity-filters?node-id=5301-10796&t=23YI4DfUd73ySMKG-0
include an updated timestamp, but that's not return from this API. I think it should be removed from the design unless it was intentionally put there, in which case, dev will need to add updated timestamp full stack.

I just looked on dogfood and I can't speak to whether this was intentionally added. If it's going to increase scope it seems like it should be a separate ticket. I've removed it for now and we'll see if someone else says anything about it. :-)

[eugkuo]

@RachelElysia I've added these into the figma file to show 768 and 1024 breakpoints.

[eugkuo]

Comment from @RachelElysia:

I also noticed a line of code that inferred there's no vulnerable software detected for ipados, ios.

Since we know the platform of the host when looking at the Host details > Software > Software table,

Do we want to disable or hide the vuln filtering button and vuln column for those hosts??

I think yes? I think @mostlikelee was also looking at this?

[RachelElysia]

@eugkuo - here are our breakpoints in breakpoints.scss, I'm going to use 990px for the 1024px breakpoint you made

$break-xxl: 1600px;
$break-xl: 1500px;
$break-lg: 1400px;
$break-md: 990px;
$break-sm: 880px;
$break-xs: 768px;
$break-mobile-lg: 650px;
$break-mobile-md: 576px;
$break-mobile-sm: 480px;
$break-mobile-xs: 320px;
$tooltip-break-md: 1000px; // Prevents horizontal scrolling off viewport
$table-controls-break: 1150px;

[noahtalerman]

Hey @rachaelshaw did we make the "Issues" count clickable? If not, adding this could be a quick win: #26805

[eugkuo]

@RachelElysia Oh thanks for those breakpoints. I could have sworn someone showed me something where md was 1024. Was that updated recently? Actually it doesn't matter since these are the breakpoints now. :-)

[jmwatts]

@RachelElysia I may be missing something but I don't see the updated text in the search box. Figma says it should be Search by name or vulnerability (CVE) but in my instance it still says Search by name
All of the other updates are there.

I'm also seeing some elements overflowing at low widths:

And I don't see the Vulnerabilities column disappearing at all... the test plan says "Vulnerabilities column is visible at px and hidden at px" but it looks like it's missing the actual values I should be checking. Same thing for "Add filters option is visible at px and hidden at px"

[RachelElysia]

@RachelElysia I may be missing something but I don't see the updated text in the search box. Figma says it should be Search by name or vulnerability (CVE) but in my instance it still says Search by name

@jmwatts - oh yeah, we moved that into a separate ticket #27003 that will be QAed with that ticket, TLDR was this feature work and Konstantin's bug ticket work was so intertwined and it was easiest to merge what I got, have him rebase, merge his bug fix rework, and have him update the search on the bug fix.

I'll double check the vuln column issue, probably just a classname mismatch! Thank you for catching!!!

[jmwatts]

QA Notes

Removed "Search text shows "Search by name or vulnerability (CVE)" per comment above, that will be added in #27003

Removed "Vulnerabilities column is visible at px and hidden at px" and "Add filters option is visible at px and hidden at px" because the figma doesn't show any specific details around hiding these items. These items are not hidden at 768px or above.

Filed #27353 for overflow issue observed and mentioned in above comment.

The rest of the QA Plan was executed and passed:

• Vulnerabilities column is added
• When more than one vulnerability exists per software line, "n vulnerabilities" shown with tooltip of first 3 vulnerabilities +n more is shown when hovering.
• "Vulnerable software" is no longer shown in main filter dropdown
• Add filters option shows to the right of the search bar
• New Filters states shown "Add filters", "1 filter", "2 filters", "3 filters"

Premium:

• Filters modal has options for "Vulnerable software", severity, and Has known exploit
• If Vulnerable software is toggled off, Severity and Has known exploit can not be selected.
• Tooltip on Severity that indicates "The worst case impact across different environments (CVSS version 3.x base score).

Free:

• Only "Vulnerable software" toggle is available in the modal

Premium/Free:

• Filters should save when clicking "Apply" and not save when "Cancel" is clicked
• Filters should return correct software items when each option is selected.
• When "Has known exploit" is checked, only software with vulnerabilities that have a known exploit are shown (NOTE: Pre-existing bug Non-vulnerable apps showing when filtering by "Vulnerable software" on host details page #26824 shows non-vulnerable software)
• When "Low severity" is selected, any software that has at least one low severity vulnerability is shown (NOTE: Pre-existing bug Non-vulnerable apps showing when filtering by "Vulnerable software" on host details page #26824 shows non-vulnerable software)
• When "Medium severity" is selected, any software that has at least one medium severity vulnerability is shown (NOTE: Pre-existing bug Non-vulnerable apps showing when filtering by "Vulnerable software" on host details page #26824 shows non-vulnerable software)
• When "High severity" is selected, any software that has at least one high severity vulnerability is shown (NOTE: Pre-existing bug Non-vulnerable apps showing when filtering by "Vulnerable software" on host details page #26824 shows non-vulnerable software)
• When "Critical severity" is selected, any software that has at least one critical severity vulnerability is shown (NOTE: Pre-existing bug Non-vulnerable apps showing when filtering by "Vulnerable software" on host details page #26824 shows non-vulnerable software)
• When both "Has known exploit" and one of the severities is selected, only software with at least one vulnerability that has a known exploit AND the severity selected is shown.