Merge branch '267103-update-mr-widget-vulnerability-message' into 'master'

Update MR widget vulnerability message See merge request gitlab-org/gitlab!46167

Merge branch '267103-update-mr-widget-vulnerability-message' into 'master'
Update MR widget vulnerability message See merge request gitlab-org/gitlab!46167
41611031 · Mark Florian · 0d0f9a2e · 3ca43788 · 41611031 · 41611031
Commit 41611031 authored Nov 11, 2020 by Mark Florian
13 changed files
--- a/ee/app/assets/javascripts/vue_shared/security_reports/components/security_summary.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/components/security_summary.vue
@@ -2,27 +2,58 @@
 import { GlSprintf } from '@gitlab/ui';
 import { SEVERITY_CLASS_NAME_MAP } from './constants';
-const makeSeveritySlot = (createElement, severity) => ({ content }) =>
-  createElement('strong', { class: SEVERITY_CLASS_NAME_MAP[severity] }, content);
 export default {
-  functional: true,
+  components: {
+    GlSprintf,
+  },
  props: {
    message: {
-      type: String,
+      type: Object,
      required: true,
    },
  },
-  render(createElement, context) {
+  computed: {
-    const { message } = context.props;
+    shouldShowCountMessage() {
+      return !this.message.status && Boolean(this.message.countMessage);
-    return createElement(GlSprintf, {
+    },
-      props: { message },
+  },
-      scopedSlots: {
+  methods: {
-        critical: makeSeveritySlot(createElement, 'critical'),
+    getSeverityClass(severity) {
-        high: makeSeveritySlot(createElement, 'high'),
+      return SEVERITY_CLASS_NAME_MAP[severity];
-      },
+    },
-    });
+  },
+  slotNames: ['critical', 'high', 'other'],
+  spacingClasses: {
+    critical: 'gl-pl-4',
+    high: 'gl-px-2',
+    other: 'gl-px-2',
  },
 };
 </script>
+<template>
+  <span>
+    <gl-sprintf :message="message.message">
+      <template #total="{content}">
+        <strong>{{ content }}</strong>
+      </template>
+    </gl-sprintf>
+    <span v-if="shouldShowCountMessage" class="gl-font-sm">
+      <gl-sprintf :message="message.countMessage">
+        <template v-for="slotName in $options.slotNames" #[slotName]="{content}">
+          <span :key="slotName">
+            <strong
+              v-if="message[slotName] > 0"
+              :class="[getSeverityClass(slotName), $options.spacingClasses[slotName]]"
+            >
+              {{ content }}
+            </strong>
+            <span v-else :class="$options.spacingClasses[slotName]">
+              {{ content }}
+            </span>
+          </span>
+        </template>
+      </gl-sprintf>
+    </span>
+  </span>
+</template>
--- a/ee/app/assets/javascripts/vue_shared/security_reports/grouped_security_reports_app.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/grouped_security_reports_app.vue
@@ -555,7 +555,6 @@ export default {
        <template v-if="hasCoverageFuzzingReports">
          <summary-row
-            :summary="groupedCoverageFuzzingText"
            :status-icon="coverageFuzzingStatusIcon"
            :popover-options="coverageFuzzingPopover"
            class="js-coverage-fuzzing-widget"

--- a/ee/app/assets/javascripts/vue_shared/security_reports/store/getters.js
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/store/getters.js
@@ -64,20 +64,20 @@ export const groupedSummaryText = (state, getters) => {
  // All reports are loading
  if (getters.areAllReportsLoading) {
-    return sprintf(messages.TRANSLATION_IS_LOADING, { reportType });
+    return { message: sprintf(messages.TRANSLATION_IS_LOADING, { reportType }) };
  }
  // All reports returned error
  if (getters.allReportsHaveError) {
-    return s__('ciReport|Security scanning failed loading any results');
+    return { message: s__('ciReport|Security scanning failed loading any results') };
  }
  if (getters.areReportsLoading && getters.anyReportHasError) {
-    status = s__('ciReport|(is loading, errors when loading results)');
+    status = s__('ciReport|is loading, errors when loading results');
  } else if (getters.areReportsLoading && !getters.anyReportHasError) {
-    status = s__('ciReport|(is loading)');
+    status = s__('ciReport|is loading');
  } else if (!getters.areReportsLoading && getters.anyReportHasError) {
-    status = s__('ciReport|(errors when loading results)');
+    status = s__('ciReport|: Loading resulted in an error');
  }
  const { critical, high, other } = getters.summaryCounts;

--- a/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/store/utils.js
@@ -9,15 +9,38 @@ import { __, n__, sprintf } from '~/locale';
 export const findIssueIndex = (issues, issue) =>
  issues.findIndex(el => el.project_fingerprint === issue.project_fingerprint);
+const createCountMessage = ({ critical, high, other, total }) => {
+  const otherMessage = n__('%d Other', '%d Others', other);
+  const countMessage = __(
+    '%{criticalStart}%{critical} Critical%{criticalEnd} %{highStart}%{high} High%{highEnd} and %{otherStart}%{otherMessage}%{otherEnd}',
+  );
+  return total ? sprintf(countMessage, { critical, high, otherMessage }) : '';
+};
+const createStatusMessage = ({ reportType, status, total }) => {
+  const vulnMessage = n__('vulnerability', 'vulnerabilities', total);
+  let message;
+  if (status) {
+    message = __('%{reportType} %{status}');
+  } else if (!total) {
+    message = __('%{reportType} detected %{totalStart}no%{totalEnd} vulnerabilities.');
+  } else {
+    message = __(
+      '%{reportType} detected %{totalStart}%{total}%{totalEnd} potential %{vulnMessage}',
+    );
+  }
+  return sprintf(message, { reportType, status, total, vulnMessage });
+};
 /**
- * Takes an object of options and returns an externalized string representing
+ * Takes an object of options and returns the object with an externalized string representing
 * the critical, high, and other severity vulnerabilities for a given report.
 *
 * The resulting string _may_ still contain sprintf-style placeholders. These
 * are left in place so they can be replaced with markup, via the
 * SecuritySummary component.
 * @param {{reportType: string, status: string, critical: number, high: number, other: number}} options
- * @returns {string}
+ * @returns {Object} the parameters with an externalized string
 */
 export const groupedTextBuilder = ({
  reportType = '',
@@ -26,92 +49,17 @@ export const groupedTextBuilder = ({
  high = 0,
  other = 0,
 } = {}) => {
-  // This approach uses bitwise (ish) flags to determine which vulnerabilities
+  const total = critical + high + other;
-  // we have, without the need for too many nested levels of if/else statements.
-  //
-  // Here's a video explaining how it works
-  // https://youtu.be/qZzKNC7TPbA
-  //
-  // Here's a link to a similar approach on MDN:
-  // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Bitwise_Operators#Examples
-  let options = 0;
-  const HAS_CRITICAL = 1;
-  const HAS_HIGH = 2;
-  const HAS_OTHER = 4;
-  let message;
-  if (critical) {
-    options += HAS_CRITICAL;
-  }
-  if (high) {
-    options += HAS_HIGH;
-  }
-  if (other) {
-    options += HAS_OTHER;
-  }
-  switch (options) {
-    case HAS_CRITICAL:
-      message = n__(
-        '%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} severity vulnerability.',
-        '%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} severity vulnerabilities.',
-        critical,
-      );
-      break;
-    case HAS_HIGH:
+  return {
-      message = n__(
+    countMessage: createCountMessage({ critical, high, other, total }),
-        '%{reportType} %{status} detected %{highStart}%{high} high%{highEnd} severity vulnerability.',
+    message: createStatusMessage({ reportType, status, total }),
-        '%{reportType} %{status} detected %{highStart}%{high} high%{highEnd} severity vulnerabilities.',
-        high,
-      );
-      break;
-    case HAS_OTHER:
-      message = n__(
-        '%{reportType} %{status} detected %{other} vulnerability.',
-        '%{reportType} %{status} detected %{other} vulnerabilities.',
-        other,
-      );
-      break;
-    case HAS_CRITICAL + HAS_HIGH:
-      message = __(
-        '%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} and %{highStart}%{high} high%{highEnd} severity vulnerabilities.',
-      );
-      break;
-    case HAS_CRITICAL + HAS_OTHER:
-      message = __(
-        '%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} severity vulnerabilities out of %{total}.',
-      );
-      break;
-    case HAS_HIGH + HAS_OTHER:
-      message = __(
-        '%{reportType} %{status} detected %{highStart}%{high} high%{highEnd} severity vulnerabilities out of %{total}.',
-      );
-      break;
-    case HAS_CRITICAL + HAS_HIGH + HAS_OTHER:
-      message = __(
-        '%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} and %{highStart}%{high} high%{highEnd} severity vulnerabilities out of %{total}.',
-      );
-      break;
-    default:
-      message = __('%{reportType} %{status} detected no vulnerabilities.');
-  }
-  return sprintf(message, {
-    reportType,
-    status,
    critical,
    high,
    other,
-    total: critical + high + other,
+    status,
-  }).replace(/\s\s+/g, ' ');
+    total,
+  };
 };
 export const statusIcon = (loading = false, failed = false, newIssues = 0, neutralIssues = 0) => {
@@ -156,11 +104,11 @@ export const countVulnerabilities = (vulnerabilities = []) => {
 */
 export const groupedReportText = (report, reportType, errorMessage, loadingMessage) => {
  if (report.hasError) {
-    return errorMessage;
+    return { message: errorMessage };
  }
  if (report.isLoading) {
-    return loadingMessage;
+    return { message: loadingMessage };
  }
  return groupedTextBuilder({

--- a/ee/changelogs/unreleased/267103-update-mr-widget-vulnerability-message.yml
+++ b/ee/changelogs/unreleased/267103-update-mr-widget-vulnerability-message.yml
+---
+title: Update MR widget vulnerability message
+merge_request: 46167
+author:
+type: changed
--- a/ee/spec/frontend/vue_mr_widget/ee_mr_widget_options_spec.js
+++ b/ee/spec/frontend/vue_mr_widget/ee_mr_widget_options_spec.js
@@ -140,7 +140,7 @@ describe('ee merge request widget options', () => {
                `${SAST_SELECTOR} .report-block-list-issue-description`,
              ).textContent,
            ),
-          ).toEqual('SAST detected 1 critical severity vulnerability.');
+          ).toEqual('SAST detected 1 potential vulnerability 1 Critical 0 High and 0 Others');
          done();
        });
      });
@@ -235,7 +235,9 @@ describe('ee merge request widget options', () => {
                `${DEPENDENCY_SCANNING_SELECTOR} .report-block-list-issue-description`,
              ).textContent,
            ),
-          ).toEqual('Dependency scanning detected 1 critical and 1 high severity vulnerabilities.');
+          ).toEqual(
+            'Dependency scanning detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
+          );
          done();
        });
      });
@@ -660,7 +662,9 @@ describe('ee merge request widget options', () => {
                `${CONTAINER_SCANNING_SELECTOR} .report-block-list-issue-description`,
              ).textContent,
            ),
-          ).toEqual('Container scanning detected 1 critical and 1 high severity vulnerabilities.');
+          ).toEqual(
+            'Container scanning detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
+          );
          done();
        });
      });
@@ -730,10 +734,12 @@ describe('ee merge request widget options', () => {
      it('should render provided data', done => {
        setImmediate(() => {
          expect(
-            findExtendedSecurityWidget()
+            trimText(
-              .querySelector(`${DAST_SELECTOR} .report-block-list-issue-description`)
+              findExtendedSecurityWidget().querySelector(
-              .textContent.trim(),
+                `${DAST_SELECTOR} .report-block-list-issue-description`,
-          ).toEqual('DAST detected 1 critical severity vulnerability.');
+              ).textContent,
+            ),
+          ).toEqual('DAST detected 1 potential vulnerability 1 Critical 0 High and 0 Others');
          done();
        });
      });
@@ -806,10 +812,14 @@ describe('ee merge request widget options', () => {
      it('should render provided data', done => {
        setImmediate(() => {
          expect(
-            findExtendedSecurityWidget()
+            trimText(
-              .querySelector(`${COVERAGE_FUZZING_SELECTOR} .report-block-list-issue-description`)
+              findExtendedSecurityWidget().querySelector(
-              .textContent.trim(),
+                `${COVERAGE_FUZZING_SELECTOR} .report-block-list-issue-description`,
-          ).toEqual('Coverage fuzzing detected 1 critical and 1 high severity vulnerabilities.');
+              ).textContent,
+            ),
+          ).toEqual(
+            'Coverage fuzzing detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
+          );
          done();
        });
      });
@@ -884,7 +894,9 @@ describe('ee merge request widget options', () => {
                `${SECRET_SCANNING_SELECTOR} .report-block-list-issue-description`,
              ).textContent,
            ),
-          ).toEqual('Secret scanning detected 1 critical and 1 high severity vulnerabilities.');
+          ).toEqual(
+            'Secret scanning detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
+          );
          done();
        });
      });

--- a/ee/spec/frontend/vue_shared/components/security_reports/__snapshots__/security_summary_spec.js.snap
+++ b/ee/spec/frontend/vue_shared/components/security_reports/__snapshots__/security_summary_spec.js.snap
 // Jest Snapshot v1, https://goo.gl/fbAQLP
-exports[`Severity Summary given the message "" interpolates correctly 1`] = `<div />`;
+exports[`Severity Summary given the message {"countMessage": "%{criticalStart}0 Critical%{criticalEnd} %{highStart}1 High%{highEnd} and %{otherStart}0 Others%{otherEnd}", "critical": 0, "high": 1, "message": "Security scanning detected %{totalStart}1%{totalEnd} potential vulnerability", "other": 0, "status": "", "total": 1} interpolates correctly 1`] = `
+<span>
-exports[`Severity Summary given the message "%{criticalStart}1 critical%{criticalEnd} and %{highStart}2 high%{highEnd}" interpolates correctly 1`] = `
+  Security scanning detected 
-<div>
+  <strong>
-  <strong
+    1
-    class="text-danger-800"
-  >
-    1 critical
  </strong>
-   and 
+   potential vulnerability 
-  <strong
+  <span
-    class="text-danger-600"
+    class="gl-font-sm"
  >
-    2 high
+    <span>
-  </strong>
+      <span
-</div>
+        class="gl-pl-4"
+      >
+            0 Critical
+      </span>
+    </span>
+    <span>
+      <strong
+        class="text-danger-600 gl-px-2"
+      >
+            1 High
+      </strong>
+    </span>
+     and 
+    <span>
+      <span
+        class="gl-px-2"
+      >
+            0 Others
+      </span>
+    </span>
+  </span>
+</span>
 `;
-exports[`Severity Summary given the message "%{criticalStart}1 critical%{criticalEnd}" interpolates correctly 1`] = `
+exports[`Severity Summary given the message {"countMessage": "%{criticalStart}1 Critical%{criticalEnd} %{highStart}0 High%{highEnd} and %{otherStart}0 Others%{otherEnd}", "critical": 1, "high": 0, "message": "Security scanning detected %{totalStart}1%{totalEnd} potential vulnerability", "other": 0, "status": "", "total": 1} interpolates correctly 1`] = `
-<div>
+<span>
-  <strong
+  Security scanning detected 
-    class="text-danger-800"
+  <strong>
-  >
+    1
-    1 critical
  </strong>
-</div>
+   potential vulnerability 
+  <span
+    class="gl-font-sm"
+  >
+    <span>
+      <strong
+        class="text-danger-800 gl-pl-4"
+      >
+            1 Critical
+      </strong>
+    </span>
+    <span>
+      <span
+        class="gl-px-2"
+      >
+            0 High
+      </span>
+    </span>
+     and 
+    <span>
+      <span
+        class="gl-px-2"
+      >
+            0 Others
+      </span>
+    </span>
+  </span>
+</span>
 `;
-exports[`Severity Summary given the message "%{highStart}1 high%{highEnd}" interpolates correctly 1`] = `
+exports[`Severity Summary given the message {"countMessage": "%{criticalStart}1 Critical%{criticalEnd} %{highStart}2 High%{highEnd} and %{otherStart}0 Others%{otherEnd}", "critical": 1, "high": 2, "message": "Security scanning detected %{totalStart}3%{totalEnd} potential vulnerabilities", "other": 0, "status": "", "total": 3} interpolates correctly 1`] = `
-<div>
+<span>
-  <strong
+  Security scanning detected 
-    class="text-danger-600"
+  <strong>
-  >
+    3
-    1 high
  </strong>
-</div>
+   potential vulnerabilities 
+  <span
+    class="gl-font-sm"
+  >
+    <span>
+      <strong
+        class="text-danger-800 gl-pl-4"
+      >
+            1 Critical
+      </strong>
+    </span>
+    <span>
+      <strong
+        class="text-danger-600 gl-px-2"
+      >
+            2 High
+      </strong>
+    </span>
+     and 
+    <span>
+      <span
+        class="gl-px-2"
+      >
+            0 Others
+      </span>
+    </span>
+  </span>
+</span>
+`;
+exports[`Severity Summary given the message {"message": ""} interpolates correctly 1`] = `
+<span>
+  <!---->
+</span>
 `;
-exports[`Severity Summary given the message "foo" interpolates correctly 1`] = `
+exports[`Severity Summary given the message {"message": "foo"} interpolates correctly 1`] = `
-<div>
+<span>
-  foo
+  foo 
-</div>
+  <!---->
+</span>
 `;
--- a/ee/spec/frontend/vue_shared/components/security_reports/security_summary_spec.js
+++ b/ee/spec/frontend/vue_shared/components/security_reports/security_summary_spec.js
-import { mount } from '@vue/test-utils';
+import { shallowMount } from '@vue/test-utils';
+import { GlSprintf } from '@gitlab/ui';
+import { groupedTextBuilder } from 'ee/vue_shared/security_reports/store/utils';
 import SecuritySummary from 'ee/vue_shared/security_reports/components/security_summary.vue';
 describe('Severity Summary', () => {
  let wrapper;
  const createWrapper = message => {
-    wrapper = mount({
+    wrapper = shallowMount(SecuritySummary, {
-      components: {
+      propsData: { message },
-        SecuritySummary,
+      stubs: {
+        GlSprintf,
      },
-      data() {
-        return {
-          message,
-        };
-      },
-      template: `<div><security-summary :message="message" /></div>`,
    });
  };
@@ -24,11 +21,11 @@ describe('Severity Summary', () => {
  });
  describe.each([
-    '',
+    { message: '' },
-    'foo',
+    { message: 'foo' },
-    '%{criticalStart}1 critical%{criticalEnd}',
+    groupedTextBuilder({ reportType: 'Security scanning', critical: 1, high: 0, total: 1 }),
-    '%{highStart}1 high%{highEnd}',
+    groupedTextBuilder({ reportType: 'Security scanning', critical: 0, high: 1, total: 1 }),
-    '%{criticalStart}1 critical%{criticalEnd} and %{highStart}2 high%{highEnd}',
+    groupedTextBuilder({ reportType: 'Security scanning', critical: 1, high: 2, total: 3 }),
  ])('given the message %p', message => {
    beforeEach(() => {
      createWrapper(message);

--- a/ee/spec/frontend/vue_shared/security_reports/grouped_security_reports_app_spec.js
+++ b/ee/spec/frontend/vue_shared/security_reports/grouped_security_reports_app_spec.js
@@ -93,7 +93,8 @@ describe('Grouped security reports app', () => {
  });
  afterEach(() => {
-    wrapper.vm.$destroy();
+    wrapper.destroy();
+    wrapper = null;
    mock.restore();
  });
@@ -143,9 +144,11 @@ describe('Grouped security reports app', () => {
      it('renders error state', () => {
        expect(wrapper.vm.$el.querySelector('.gl-spinner')).toBeNull();
-        expect(wrapper.vm.$el.querySelector('.js-code-text').textContent.trim()).toEqual(
+        expect(
-          'Security scanning failed loading any results',
+          wrapper.vm.$el
-        );
+            .querySelector('[data-testid="report-section-code-text"]')
+            .textContent.trim(),
+        ).toEqual('Security scanning failed loading any results');
        expect(wrapper.vm.$el.querySelector('.js-collapse-btn').textContent.trim()).toEqual(
          'Expand',
@@ -184,9 +187,11 @@ describe('Grouped security reports app', () => {
      it('renders loading summary text + spinner', () => {
        expect(wrapper.vm.$el.querySelector('.gl-spinner')).not.toBeNull();
-        expect(wrapper.vm.$el.querySelector('.js-code-text').textContent.trim()).toEqual(
+        expect(
-          'Security scanning is loading',
+          wrapper.vm.$el
-        );
+            .querySelector('[data-testid="report-section-code-text"]')
+            .textContent.trim(),
+        ).toEqual('Security scanning is loading');
        expect(wrapper.vm.$el.querySelector('.js-collapse-btn').textContent.trim()).toEqual(
          'Expand',
@@ -227,9 +232,11 @@ describe('Grouped security reports app', () => {
        expect(wrapper.vm.$el.querySelector('.gl-spinner')).toBeNull();
        // Renders the summary text
-        expect(wrapper.vm.$el.querySelector('.js-code-text').textContent.trim()).toEqual(
+        expect(
-          'Security scanning detected no vulnerabilities.',
+          wrapper.vm.$el
-        );
+            .querySelector('[data-testid="report-section-code-text"]')
+            .textContent.trim(),
+        ).toEqual('Security scanning detected no vulnerabilities.');
        // Renders Sast result
        expect(trimText(wrapper.vm.$el.textContent)).toContain('SAST detected no vulnerabilities.');
@@ -275,8 +282,12 @@ describe('Grouped security reports app', () => {
        expect(wrapper.vm.$el.querySelector('.gl-spinner')).toBeNull();
        // Renders the summary text
-        expect(wrapper.vm.$el.querySelector('.js-code-text').textContent.trim()).toEqual(
+        expect(
-          'Security scanning detected 6 critical and 4 high severity vulnerabilities.',
+          trimText(
+            wrapper.vm.$el.querySelector('[data-testid="report-section-code-text"]').textContent,
+          ),
+        ).toEqual(
+          'Security scanning detected 10 potential vulnerabilities 6 Critical 4 High and 0 Others',
        );
        // Renders the expand button
@@ -286,27 +297,27 @@ describe('Grouped security reports app', () => {
        // Renders Sast result
        expect(trimText(wrapper.vm.$el.textContent)).toContain(
-          'SAST detected 1 critical severity vulnerability',
+          'SAST detected 1 potential vulnerability 1 Critical 0 High and 0 Others',
        );
        // Renders DSS result
        expect(trimText(wrapper.vm.$el.textContent)).toContain(
-          'Dependency scanning detected 1 critical and 1 high severity vulnerabilities.',
+          'Dependency scanning detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
        );
        // Renders container scanning result
-        expect(wrapper.vm.$el.textContent).toContain(
+        expect(trimText(wrapper.vm.$el.textContent)).toContain(
-          'Container scanning detected 1 critical and 1 high severity vulnerabilities.',
+          'Container scanning detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
        );
        // Renders DAST result
-        expect(wrapper.vm.$el.textContent).toContain(
+        expect(trimText(wrapper.vm.$el.textContent)).toContain(
-          'DAST detected 1 critical severity vulnerability.',
+          'DAST detected 1 potential vulnerability 1 Critical 0 High and 0 Others',
        );
        // Renders container scanning result
-        expect(wrapper.vm.$el.textContent).toContain(
+        expect(trimText(wrapper.vm.$el.textContent)).toContain(
-          'Coverage fuzzing detected 1 critical and 1 high severity vulnerabilities.',
+          'Coverage fuzzing detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
        );
      });
@@ -427,8 +438,8 @@ describe('Grouped security reports app', () => {
    });
    it('should display the correct numbers of vulnerabilities', () => {
-      expect(wrapper.text()).toContain(
+      expect(trimText(wrapper.text())).toContain(
-        'Container scanning detected 1 critical and 1 high severity vulnerabilities.',
+        'Container scanning detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
      );
    });
  });
@@ -457,8 +468,8 @@ describe('Grouped security reports app', () => {
    });
    it('should display the correct numbers of vulnerabilities', () => {
-      expect(wrapper.vm.$el.textContent).toContain(
+      expect(trimText(wrapper.vm.$el.textContent)).toContain(
-        'Dependency scanning detected 1 critical and 1 high severity vulnerabilities.',
+        'Dependency scanning detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
      );
    });
  });
@@ -488,8 +499,8 @@ describe('Grouped security reports app', () => {
    });
    it('should display the correct numbers of vulnerabilities', () => {
-      expect(wrapper.vm.$el.textContent).toContain(
+      expect(trimText(wrapper.vm.$el.textContent)).toContain(
-        'DAST detected 1 critical severity vulnerability',
+        'DAST detected 1 potential vulnerability 1 Critical 0 High and 0 Others',
      );
    });
@@ -570,8 +581,8 @@ describe('Grouped security reports app', () => {
      });
      it('should display the correct numbers of vulnerabilities', () => {
-        expect(wrapper.text()).toContain(
+        expect(trimText(wrapper.text())).toContain(
-          'Secret scanning detected 1 critical and 1 high severity vulnerabilities.',
+          'Secret scanning detected 2 potential vulnerabilities 1 Critical 1 High and 0 Others',
        );
      });
    });
@@ -609,8 +620,8 @@ describe('Grouped security reports app', () => {
    });
    it('should display the correct numbers of vulnerabilities', () => {
-      expect(wrapper.vm.$el.textContent).toContain(
+      expect(trimText(wrapper.vm.$el.textContent)).toContain(
-        'SAST detected 1 critical severity vulnerability.',
+        'SAST detected 1 potential vulnerability 1 Critical 0 High and 0 Others',
      );
    });
  });

--- a/ee/spec/frontend/vue_shared/security_reports/store/getters_spec.js
+++ b/ee/spec/frontend/vue_shared/security_reports/store/getters_spec.js
 import createState from 'ee/vue_shared/security_reports/store/state';
 import createSastState from 'ee/vue_shared/security_reports/store/modules/sast/state';
+import { groupedTextBuilder } from 'ee/vue_shared/security_reports/store/utils';
 import {
  groupedContainerScanningText,
  groupedDastText,
@@ -47,20 +48,14 @@ describe('Security reports getters', () => {
    ${'DAST'}                | ${'dast'}               | ${groupedDastText}
    ${'Coverage fuzzing'}    | ${'coverageFuzzing'}    | ${groupedCoverageFuzzingText}
  `('grouped text for $name', ({ name, scanner, getter }) => {
-    describe('with no issues', () => {
-      it('returns no issues text', () => {
-        expect(getter(state)).toEqual(`${name} detected no vulnerabilities.`);
-      });
-    });
    it.each`
      vulnerabilities                                     | message
-      ${[]}                                               | ${`${name} detected no vulnerabilities.`}
+      ${[]}                                               | ${groupedTextBuilder({ reportType: name, critical: 0, high: 0, other: 0 })}
-      ${[generateVuln(CRITICAL), generateVuln(CRITICAL)]} | ${`${name} detected %{criticalStart}2 critical%{criticalEnd} severity vulnerabilities.`}
+      ${[generateVuln(CRITICAL), generateVuln(CRITICAL)]} | ${groupedTextBuilder({ reportType: name, critical: 2, high: 0, other: 0 })}
-      ${[generateVuln(HIGH), generateVuln(HIGH)]}         | ${`${name} detected %{highStart}2 high%{highEnd} severity vulnerabilities.`}
+      ${[generateVuln(HIGH), generateVuln(HIGH)]}         | ${groupedTextBuilder({ reportType: name, critical: 0, high: 2, other: 0 })}
-      ${[generateVuln(LOW), generateVuln(MEDIUM)]}        | ${`${name} detected 2 vulnerabilities.`}
+      ${[generateVuln(LOW), generateVuln(MEDIUM)]}        | ${groupedTextBuilder({ reportType: name, critical: 0, high: 0, other: 2 })}
-      ${[generateVuln(CRITICAL), generateVuln(HIGH)]}     | ${`${name} detected %{criticalStart}1 critical%{criticalEnd} and %{highStart}1 high%{highEnd} severity vulnerabilities.`}
+      ${[generateVuln(CRITICAL), generateVuln(HIGH)]}     | ${groupedTextBuilder({ reportType: name, critical: 1, high: 1, other: 0 })}
-      ${[generateVuln(CRITICAL), generateVuln(LOW)]}      | ${`${name} detected %{criticalStart}1 critical%{criticalEnd} severity vulnerabilities out of 2.`}
+      ${[generateVuln(CRITICAL), generateVuln(LOW)]}      | ${groupedTextBuilder({ reportType: name, critical: 1, high: 0, other: 1 })}
    `('should build the message as "$message"', ({ vulnerabilities, message }) => {
      state[scanner].newIssues = vulnerabilities;
      expect(getter(state)).toEqual(message);
@@ -113,7 +108,7 @@ describe('Security reports getters', () => {
          areReportsLoading: false,
          summaryCounts: {},
        }),
-      ).toEqual('Security scanning failed loading any results');
+      ).toEqual({ message: 'Security scanning failed loading any results' });
    });
    it('returns is loading text', () => {
@@ -123,21 +118,14 @@ describe('Security reports getters', () => {
          areReportsLoading: true,
          summaryCounts: {},
        }),
-      ).toContain('(is loading)');
-    });
-    it('returns vulnerabilities while loading text', () => {
-      expect(
-        groupedSummaryText(state, {
-          allReportsHaveError: false,
-          areReportsLoading: true,
-          summaryCounts: {
-            critical: 2,
-            high: 4,
-          },
-        }),
      ).toEqual(
-        'Security scanning (is loading) detected %{criticalStart}2 critical%{criticalEnd} and %{highStart}4 high%{highEnd} severity vulnerabilities.',
+        groupedTextBuilder({
+          reportType: 'Security scanning',
+          critical: 0,
+          high: 0,
+          other: 0,
+          status: 'is loading',
+        }),
      );
    });
@@ -148,7 +136,15 @@ describe('Security reports getters', () => {
          areReportsLoading: false,
          summaryCounts: {},
        }),
-      ).toEqual('Security scanning detected no vulnerabilities.');
+      ).toEqual(
+        groupedTextBuilder({
+          reportType: 'Security scanning',
+          critical: 0,
+          high: 0,
+          other: 0,
+          status: '',
+        }),
+      );
    });
  });

--- a/ee/spec/frontend/vue_shared/security_reports/store/modules/sast/getters_spec.js
+++ b/ee/spec/frontend/vue_shared/security_reports/store/modules/sast/getters_spec.js
@@ -15,21 +15,29 @@ describe('groupedSastText', () => {
    const sast = createReport({ hasError: true });
    const result = getters.groupedSastText(sast);
-    expect(result).toBe(SAST_HAS_ERROR);
+    expect(result).toStrictEqual({ message: SAST_HAS_ERROR });
  });
  it("should return the loading message if it's still loading", () => {
    const sast = createReport({ isLoading: true });
    const result = getters.groupedSastText(sast);
-    expect(result).toBe(SAST_IS_LOADING);
+    expect(result).toStrictEqual({ message: SAST_IS_LOADING });
  });
  it('should call groupedTextBuilder if everything is fine', () => {
    const sast = createReport();
    const result = getters.groupedSastText(sast);
-    expect(result).toBe('SAST detected no vulnerabilities.');
+    expect(result).toStrictEqual({
+      countMessage: '',
+      critical: 0,
+      high: 0,
+      message: 'SAST detected %{totalStart}no%{totalEnd} vulnerabilities.',
+      other: 0,
+      status: '',
+      total: 0,
+    });
  });
 });

--- a/ee/spec/frontend/vue_shared/security_reports/store/utils_spec.js
+++ b/ee/spec/frontend/vue_shared/security_reports/store/utils_spec.js
@@ -116,39 +116,52 @@ describe('security reports utils', () => {
    const other = 7;
    it.each`
-      vulnerabilities              | message
+      vulnerabilities              | message                                                             | countMessage
-      ${undefined}                 | ${' detected no vulnerabilities.'}
+      ${undefined}                 | ${' detected %{totalStart}no%{totalEnd} vulnerabilities.'}          | ${''}
-      ${{ critical }}              | ${' detected %{criticalStart}2 critical%{criticalEnd} severity vulnerabilities.'}
+      ${{ critical }}              | ${` detected %{totalStart}2%{totalEnd} potential vulnerabilities`}  | ${`%{criticalStart}2 Critical%{criticalEnd} %{highStart}0 High%{highEnd} and %{otherStart}0 Others%{otherEnd}`}
-      ${{ high }}                  | ${' detected %{highStart}4 high%{highEnd} severity vulnerabilities.'}
+      ${{ high }}                  | ${` detected %{totalStart}4%{totalEnd} potential vulnerabilities`}  | ${`%{criticalStart}0 Critical%{criticalEnd} %{highStart}4 High%{highEnd} and %{otherStart}0 Others%{otherEnd}`}
-      ${{ other }}                 | ${' detected 7 vulnerabilities.'}
+      ${{ other }}                 | ${` detected %{totalStart}7%{totalEnd} potential vulnerabilities`}  | ${`%{criticalStart}0 Critical%{criticalEnd} %{highStart}0 High%{highEnd} and %{otherStart}7 Others%{otherEnd}`}
-      ${{ critical, high }}        | ${' detected %{criticalStart}2 critical%{criticalEnd} and %{highStart}4 high%{highEnd} severity vulnerabilities.'}
+      ${{ critical, high }}        | ${` detected %{totalStart}6%{totalEnd} potential vulnerabilities`}  | ${`%{criticalStart}2 Critical%{criticalEnd} %{highStart}4 High%{highEnd} and %{otherStart}0 Others%{otherEnd}`}
-      ${{ critical, other }}       | ${' detected %{criticalStart}2 critical%{criticalEnd} severity vulnerabilities out of 9.'}
+      ${{ critical, other }}       | ${` detected %{totalStart}9%{totalEnd} potential vulnerabilities`}  | ${`%{criticalStart}2 Critical%{criticalEnd} %{highStart}0 High%{highEnd} and %{otherStart}7 Others%{otherEnd}`}
-      ${{ high, other }}           | ${' detected %{highStart}4 high%{highEnd} severity vulnerabilities out of 11.'}
+      ${{ high, other }}           | ${` detected %{totalStart}11%{totalEnd} potential vulnerabilities`} | ${`%{criticalStart}0 Critical%{criticalEnd} %{highStart}4 High%{highEnd} and %{otherStart}7 Others%{otherEnd}`}
-      ${{ critical, high, other }} | ${' detected %{criticalStart}2 critical%{criticalEnd} and %{highStart}4 high%{highEnd} severity vulnerabilities out of 13.'}
+      ${{ critical, high, other }} | ${` detected %{totalStart}13%{totalEnd} potential vulnerabilities`} | ${`%{criticalStart}2 Critical%{criticalEnd} %{highStart}4 High%{highEnd} and %{otherStart}7 Others%{otherEnd}`}
-    `('should build the message as "$message"', ({ vulnerabilities, message }) => {
+    `('should build the message as "$message"', ({ vulnerabilities, message, countMessage }) => {
-      expect(groupedTextBuilder(vulnerabilities)).toEqual(message);
+      expect(groupedTextBuilder(vulnerabilities).message).toEqual(message);
+      expect(groupedTextBuilder(vulnerabilities).countMessage).toEqual(countMessage);
    });
    it.each`
-      vulnerabilities    | message
+      vulnerabilities    | message                                                          | countMessage
-      ${{ critical: 1 }} | ${' detected %{criticalStart}1 critical%{criticalEnd} severity vulnerability.'}
+      ${{ critical: 1 }} | ${` detected %{totalStart}1%{totalEnd} potential vulnerability`} | ${`%{criticalStart}1 Critical%{criticalEnd} %{highStart}0 High%{highEnd} and %{otherStart}0 Others%{otherEnd}`}
-      ${{ high: 1 }}     | ${' detected %{highStart}1 high%{highEnd} severity vulnerability.'}
+      ${{ high: 1 }}     | ${` detected %{totalStart}1%{totalEnd} potential vulnerability`} | ${`%{criticalStart}0 Critical%{criticalEnd} %{highStart}1 High%{highEnd} and %{otherStart}0 Others%{otherEnd}`}
-      ${{ other: 1 }}    | ${' detected 1 vulnerability.'}
+      ${{ other: 1 }}    | ${` detected %{totalStart}1%{totalEnd} potential vulnerability`} | ${`%{criticalStart}0 Critical%{criticalEnd} %{highStart}0 High%{highEnd} and %{otherStart}1 Other%{otherEnd}`}
-    `('should handle single vulnerabilities for "$message"', ({ vulnerabilities, message }) => {
+    `(
-      expect(groupedTextBuilder(vulnerabilities)).toEqual(message);
+      'should handle single vulnerabilities for "$message"',
-    });
+      ({ vulnerabilities, message, countMessage }) => {
+        expect(groupedTextBuilder(vulnerabilities).message).toEqual(message);
+        expect(groupedTextBuilder(vulnerabilities).countMessage).toEqual(countMessage);
+      },
+    );
    it('should pass through the report type', () => {
      const reportType = 'HAL';
-      expect(groupedTextBuilder({ reportType })).toEqual('HAL detected no vulnerabilities.');
+      expect(groupedTextBuilder({ reportType }).message).toEqual(
+        'HAL detected %{totalStart}no%{totalEnd} vulnerabilities.',
+      );
    });
    it('should pass through the status', () => {
      const reportType = 'HAL';
-      const status = '(is loading)';
+      const status = 'is loading';
-      expect(groupedTextBuilder({ reportType, status })).toEqual(
+      expect(groupedTextBuilder({ reportType, status })).toEqual({
-        'HAL (is loading) detected no vulnerabilities.',
+        countMessage: '',
-      );
+        critical: 0,
+        high: 0,
+        message: 'HAL is loading',
+        other: 0,
+        status: 'is loading',
+        total: 0,
+      });
    });
  });
@@ -187,7 +200,7 @@ describe('security reports utils', () => {
      ${[{ severity: LOW }, { severity: MEDIUM }]}        | ${{ critical: 0, high: 0, other: 2 }}
      ${[{ severity: CRITICAL }, { severity: HIGH }]}     | ${{ critical: 1, high: 1, other: 0 }}
      ${[{ severity: CRITICAL }, { severity: LOW }]}      | ${{ critical: 1, high: 0, other: 1 }}
-    `('should count the vulnerabilities correctly', ({ vulnerabilities, response }) => {
+    `('should total the vulnerabilities correctly', ({ vulnerabilities, response }) => {
      expect(countVulnerabilities(vulnerabilities)).toEqual(response);
    });
  });
@@ -202,21 +215,29 @@ describe('security reports utils', () => {
      const report = { ...baseReport, hasError: true };
      const result = groupedReportText(report, reportType, errorMessage, loadingMessage);
-      expect(result).toBe(errorMessage);
+      expect(result).toStrictEqual({ message: errorMessage });
    });
    it("should return the loading message when it's loading", () => {
      const report = { ...baseReport, isLoading: true };
      const result = groupedReportText(report, reportType, errorMessage, loadingMessage);
-      expect(result).toBe(loadingMessage);
+      expect(result).toStrictEqual({ message: loadingMessage });
    });
    it("should call groupedTextBuilder if it isn't loading and doesn't have an error", () => {
      const report = { ...baseReport };
      const result = groupedReportText(report, reportType, errorMessage, loadingMessage);
-      expect(result).toBe(`${reportType} detected no vulnerabilities.`);
+      expect(result).toStrictEqual({
+        countMessage: '',
+        critical: 0,
+        high: 0,
+        message: 'dummyReport detected %{totalStart}no%{totalEnd} vulnerabilities.',
+        other: 0,
+        status: '',
+        total: 0,
+      });
    });
  });
 });
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -82,6 +82,11 @@ msgid_plural "%d Approvals"
 msgstr[0] ""
 msgstr[1] ""
+msgid "%d Other"
+msgid_plural "%d Others"
+msgstr[0] ""
+msgstr[1] ""
 msgid "%d Package"
 msgid_plural "%d Packages"
 msgstr[0] ""
@@ -445,6 +450,9 @@ msgstr ""
 msgid "%{count} total weight"
 msgstr ""
+msgid "%{criticalStart}%{critical} Critical%{criticalEnd} %{highStart}%{high} High%{highEnd} and %{otherStart}%{otherMessage}%{otherEnd}"
+msgstr ""
 msgid "%{dashboard_path} could not be found."
 msgstr ""
@@ -710,34 +718,13 @@ msgstr[1] ""
 msgid "%{remaining_approvals} left"
 msgstr ""
-msgid "%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} and %{highStart}%{high} high%{highEnd} severity vulnerabilities out of %{total}."
+msgid "%{reportType} %{status}"
 msgstr ""
-msgid "%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} and %{highStart}%{high} high%{highEnd} severity vulnerabilities."
+msgid "%{reportType} detected %{totalStart}%{total}%{totalEnd} potential %{vulnMessage}"
 msgstr ""
-msgid "%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} severity vulnerabilities out of %{total}."
+msgid "%{reportType} detected %{totalStart}no%{totalEnd} vulnerabilities."
-msgstr ""
-msgid "%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} severity vulnerability."
-msgid_plural "%{reportType} %{status} detected %{criticalStart}%{critical} critical%{criticalEnd} severity vulnerabilities."
-msgstr[0] ""
-msgstr[1] ""
-msgid "%{reportType} %{status} detected %{highStart}%{high} high%{highEnd} severity vulnerabilities out of %{total}."
-msgstr ""
-msgid "%{reportType} %{status} detected %{highStart}%{high} high%{highEnd} severity vulnerability."
-msgid_plural "%{reportType} %{status} detected %{highStart}%{high} high%{highEnd} severity vulnerabilities."
-msgstr[0] ""
-msgstr[1] ""
-msgid "%{reportType} %{status} detected %{other} vulnerability."
-msgid_plural "%{reportType} %{status} detected %{other} vulnerabilities."
-msgstr[0] ""
-msgstr[1] ""
-msgid "%{reportType} %{status} detected no vulnerabilities."
 msgstr ""
 msgid "%{retryButtonStart}Try again%{retryButtonEnd} or %{newFileButtonStart}attach a new file%{newFileButtonEnd}."
@@ -31551,13 +31538,7 @@ msgstr ""
 msgid "ciReport|%{sameNum} same"
 msgstr ""
-msgid "ciReport|(errors when loading results)"
+msgid "ciReport|: Loading resulted in an error"
-msgstr ""
-msgid "ciReport|(is loading)"
-msgstr ""
-msgid "ciReport|(is loading, errors when loading results)"
 msgstr ""
 msgid "ciReport|All projects"
@@ -31724,6 +31705,12 @@ msgstr[1] ""
 msgid "ciReport|View full report"
 msgstr ""
+msgid "ciReport|is loading"
+msgstr ""
+msgid "ciReport|is loading, errors when loading results"
+msgstr ""
 msgid "closed issue"
 msgstr ""
@@ -32826,6 +32813,11 @@ msgstr ""
 msgid "view the source"
 msgstr ""
+msgid "vulnerability"
+msgid_plural "vulnerabilities"
+msgstr[0] ""
+msgstr[1] ""
 msgid "vulnerability|Add a comment"
 msgstr ""