Merge branch '13496-use-security-dashboard-in-pipelines-view-ee' into 'master'

Use Security Dashboard in pipelines view See merge request gitlab-org/gitlab-ee!15682

Merge branch '13496-use-security-dashboard-in-pipelines-view-ee' into 'master'
Use Security Dashboard in pipelines view See merge request gitlab-org/gitlab-ee!15682
c6fda1cc · Kushal Pandya · 563d3d00 · e0ad65ab · c6fda1cc · c6fda1cc
Commit c6fda1cc authored Sep 03, 2019 by Kushal Pandya
19 changed files
--- a/ee/app/assets/javascripts/pages/projects/pipelines/show/security_report.js
+++ b/ee/app/assets/javascripts/pages/projects/pipelines/show/security_report.js
 import Vue from 'vue';
 import Translate from '~/vue_shared/translate';
+import createDashboardStore from 'ee/security_dashboard/store';
+import SecurityDashboardApp from 'ee/security_dashboard/components/app.vue';
 import SecurityReportApp from 'ee/vue_shared/security_reports/split_security_reports_app.vue';
 import createStore from 'ee/vue_shared/security_reports/store';
 import { updateBadgeCount } from './utils';
 Vue.use(Translate);
-export default () => {
+const initSecurityDashboardApp = el => {
-  const securityTab = document.getElementById('js-security-report-app');
+  const {
+    dashboardDocumentation,
+    emptyStateSvgPath,
+    pipelineId,
+    projectId,
+    vulnerabilitiesEndpoint,
+    vulnerabilityFeedbackHelpPath,
+  } = el.dataset;
-  // They are being rendered under the same condition
+  return new Vue({
-  if (securityTab) {
+    el,
-    const datasetOptions = securityTab.dataset;
+    store: createDashboardStore(),
-    const {
+    render(createElement) {
-      headBlobPath,
+      return createElement(SecurityDashboardApp, {
-      sourceBranch,
+        props: {
-      sastHeadPath,
+          dashboardDocumentation,
-      sastHelpPath,
+          emptyStateSvgPath,
-      dependencyScanningHeadPath,
+          lockToProject: {
-      dependencyScanningHelpPath,
+            id: parseInt(projectId, 10),
-      vulnerabilityFeedbackPath,
+          },
-      vulnerabilityFeedbackHelpPath,
+          pipelineId: parseInt(pipelineId, 10),
-      createVulnerabilityFeedbackIssuePath,
+          vulnerabilitiesEndpoint,
-      createVulnerabilityFeedbackMergeRequestPath,
+          vulnerabilityFeedbackHelpPath,
-      createVulnerabilityFeedbackDismissalPath,
+        },
-      dastHeadPath,
+        on: {
-      sastContainerHeadPath,
+          vulnerabilitiesCountChanged(count) {
-      dastHelpPath,
+            updateBadgeCount('.js-security-counter', count);
-      sastContainerHelpPath,
+          },
-    } = datasetOptions;
+        },
-    const pipelineId = parseInt(datasetOptions.pipelineId, 10);
+      });
+    },
+  });
+};
-    const store = createStore();
+const initSplitSecurityReportsApp = el => {
+  const datasetOptions = el.dataset;
+  const {
+    headBlobPath,
+    sourceBranch,
+    sastHeadPath,
+    sastHelpPath,
+    dependencyScanningHeadPath,
+    dependencyScanningHelpPath,
+    vulnerabilityFeedbackPath,
+    vulnerabilityFeedbackHelpPath,
+    createVulnerabilityFeedbackIssuePath,
+    createVulnerabilityFeedbackMergeRequestPath,
+    createVulnerabilityFeedbackDismissalPath,
+    dastHeadPath,
+    sastContainerHeadPath,
+    dastHelpPath,
+    sastContainerHelpPath,
+  } = datasetOptions;
+  const pipelineId = parseInt(datasetOptions.pipelineId, 10);
-    // Tab content
+  const store = createStore();
-    // eslint-disable-next-line no-new
-    new Vue({
+  return new Vue({
-      el: securityTab,
+    el,
-      store,
+    store,
-      components: {
+    components: {
-        SecurityReportApp,
+      SecurityReportApp,
-      },
+    },
-      render(createElement) {
+    render(createElement) {
-        return createElement('security-report-app', {
+      return createElement('security-report-app', {
-          props: {
+        props: {
-            headBlobPath,
+          headBlobPath,
-            sourceBranch,
+          sourceBranch,
-            sastHeadPath,
+          sastHeadPath,
-            sastHelpPath,
+          sastHelpPath,
-            dependencyScanningHeadPath,
+          dependencyScanningHeadPath,
-            dependencyScanningHelpPath,
+          dependencyScanningHelpPath,
-            vulnerabilityFeedbackPath,
+          vulnerabilityFeedbackPath,
-            vulnerabilityFeedbackHelpPath,
+          vulnerabilityFeedbackHelpPath,
-            createVulnerabilityFeedbackIssuePath,
+          createVulnerabilityFeedbackIssuePath,
-            createVulnerabilityFeedbackMergeRequestPath,
+          createVulnerabilityFeedbackMergeRequestPath,
-            createVulnerabilityFeedbackDismissalPath,
+          createVulnerabilityFeedbackDismissalPath,
-            pipelineId,
+          pipelineId,
-            dastHeadPath,
+          dastHeadPath,
-            sastContainerHeadPath,
+          sastContainerHeadPath,
-            dastHelpPath,
+          dastHelpPath,
-            sastContainerHelpPath,
+          sastContainerHelpPath,
-            canCreateIssue: Boolean(createVulnerabilityFeedbackIssuePath),
+          canCreateIssue: Boolean(createVulnerabilityFeedbackIssuePath),
-            canCreateMergeRequest: Boolean(createVulnerabilityFeedbackMergeRequestPath),
+          canCreateMergeRequest: Boolean(createVulnerabilityFeedbackMergeRequestPath),
-            canDismissVulnerability: Boolean(createVulnerabilityFeedbackDismissalPath),
+          canDismissVulnerability: Boolean(createVulnerabilityFeedbackDismissalPath),
-          },
+        },
-          on: {
+        on: {
-            updateBadgeCount: count => {
+          updateBadgeCount: count => {
-              updateBadgeCount('.js-sast-counter', count);
+            updateBadgeCount('.js-security-counter', count);
-            },
          },
-        });
+        },
-      },
+      });
-    });
+    },
+  });
+};
+export default () => {
+  const securityTab = document.getElementById('js-security-report-app');
+  if (securityTab) {
+    if (gon.features && gon.features.pipelineReportApi) {
+      initSecurityDashboardApp(securityTab);
+    } else {
+      initSplitSecurityReportsApp(securityTab);
+    }
  }
 };
--- a/ee/app/assets/javascripts/pages/projects/security/dashboard/show/index.js
+++ b/ee/app/assets/javascripts/pages/projects/security/dashboard/show/index.js
@@ -23,7 +23,6 @@ document.addEventListener('DOMContentLoaded', () => {
    dashboardDocumentation,
    emptyStateSvgPath,
    vulnerabilitiesEndpoint,
-    vulnerabilitiesHistoryEndpoint,
    vulnerabilitiesSummaryEndpoint,
    vulnerabilityFeedbackHelpPath,
    securityDashboardHelpPath,
@@ -40,7 +39,6 @@ document.addEventListener('DOMContentLoaded', () => {
    dashboardDocumentation,
    emptyStateSvgPath,
    vulnerabilitiesEndpoint,
-    vulnerabilitiesHistoryEndpoint,
    vulnerabilitiesSummaryEndpoint,
    vulnerabilityFeedbackHelpPath,
    securityDashboardHelpPath,
@@ -80,7 +78,6 @@ document.addEventListener('DOMContentLoaded', () => {
    components: {
      SecurityReportApp,
    },
-    methods: {},
    render(createElement) {
      return createElement('security-report-app', {
        props,

--- a/ee/app/assets/javascripts/security_dashboard/components/app.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/app.vue
@@ -36,11 +36,13 @@ export default {
    },
    vulnerabilitiesCountEndpoint: {
      type: String,
-      required: true,
+      required: false,
+      default: '',
    },
    vulnerabilitiesHistoryEndpoint: {
      type: String,
-      required: true,
+      required: false,
+      default: '',
    },
    vulnerabilityFeedbackHelpPath: {
      type: String,
@@ -50,7 +52,12 @@ export default {
      type: Object,
      required: false,
      default: null,
-      validator: project => !isUndefined(project.id) && !isUndefined(project.name),
+      validator: project => !isUndefined(project.id),
+    },
+    pipelineId: {
+      type: Number,
+      required: false,
+      default: null,
    },
  },
  computed: {
@@ -75,6 +82,15 @@ export default {
    isLockedToProject() {
      return this.lockToProject !== null;
    },
+    shouldShowChart() {
+      return Boolean(this.vulnerabilitiesHistoryEndpoint);
+    },
+    shouldShowCountList() {
+      return this.isLockedToProject && Boolean(this.vulnerabilitiesCountEndpoint);
+    },
+  },
+  watch: {
+    'pageInfo.total': 'emitVulnerabilitiesCountChanged',
  },
  created() {
    if (this.isLockedToProject) {
@@ -83,6 +99,7 @@ export default {
        optionId: this.lockToProject.id,
      });
    }
+    this.setPipelineId(this.pipelineId);
    this.setProjectsEndpoint(this.projectsEndpoint);
    this.setVulnerabilitiesEndpoint(this.vulnerabilitiesEndpoint);
    this.setVulnerabilitiesCountEndpoint(this.vulnerabilitiesCountEndpoint);
@@ -90,9 +107,7 @@ export default {
    this.fetchVulnerabilities({ ...this.activeFilters, page: this.pageInfo.page });
    this.fetchVulnerabilitiesCount(this.activeFilters);
    this.fetchVulnerabilitiesHistory(this.activeFilters);
-    if (!this.isLockedToProject) {
+    this.fetchProjects();
-      this.fetchProjects();
-    }
  },
  methods: {
    ...mapActions('vulnerabilities', [
@@ -106,6 +121,7 @@ export default {
      'fetchVulnerabilitiesCount',
      'fetchVulnerabilitiesHistory',
      'openDismissalCommentBox',
+      'setPipelineId',
      'setVulnerabilitiesCountEndpoint',
      'setVulnerabilitiesEndpoint',
      'setVulnerabilitiesHistoryEndpoint',
@@ -116,6 +132,9 @@ export default {
    ]),
    ...mapActions('projects', ['setProjectsEndpoint', 'fetchProjects']),
    ...mapActions('filters', ['lockFilter']),
+    emitVulnerabilitiesCountChanged(count) {
+      this.$emit('vulnerabilitiesCountChanged', count);
+    },
  },
 };
 </script>
@@ -126,7 +145,7 @@ export default {
      <filters />
    </header>
-    <vulnerability-count-list v-if="isLockedToProject" class="mb-0" />
+    <vulnerability-count-list v-if="shouldShowCountList" class="mb-0" />
    <div class="row mt-4">
      <main role="main" class="col" :class="{ 'col-xl-7': !isLockedToProject }">
@@ -136,7 +155,7 @@ export default {
        />
      </main>
-      <aside v-if="!isLockedToProject" class="col-xl-5">
+      <aside v-if="shouldShowChart" class="col-xl-5">
        <vulnerability-chart />
      </aside>
    </div>

--- a/ee/app/assets/javascripts/security_dashboard/store/modules/projects/actions.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/modules/projects/actions.js
@@ -27,6 +27,10 @@ export const setProjectsEndpoint = ({ commit }, endpoint) => {
 };
 export const fetchProjects = ({ state, dispatch }) => {
+  if (!state.projectsEndpoint) {
+    return;
+  }
  dispatch('requestProjects');
  getAllProjects(state.projectsEndpoint)

--- a/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/actions.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/actions.js
@@ -17,6 +17,8 @@ import createFlash from '~/flash';
 const hideModal = () => $('#modal-mrwidget-security-issue').modal('hide');
+export const setPipelineId = ({ commit }, id) => commit(types.SET_PIPELINE_ID, id);
 export const setVulnerabilitiesEndpoint = ({ commit }, endpoint) => {
  commit(types.SET_VULNERABILITIES_ENDPOINT, endpoint);
 };
@@ -145,7 +147,10 @@ export const receiveCreateIssueError = ({ commit }, { flashError }) => {
  }
 };
-export const dismissVulnerability = ({ dispatch }, { vulnerability, flashError, comment }) => {
+export const dismissVulnerability = (
+  { dispatch, state },
+  { vulnerability, flashError, comment },
+) => {
  dispatch('requestDismissVulnerability');
  axios
@@ -154,6 +159,7 @@ export const dismissVulnerability = ({ dispatch }, { vulnerability, flashError,
        category: vulnerability.report_type,
        comment,
        feedback_type: 'dismissal',
+        pipeline_id: state.pipelineId,
        project_fingerprint: vulnerability.project_fingerprint,
        vulnerability_data: {
          ...vulnerability,
@@ -162,9 +168,8 @@ export const dismissVulnerability = ({ dispatch }, { vulnerability, flashError,
      },
    })
    .then(({ data }) => {
-      const { id } = vulnerability;
      dispatch('closeDismissalCommentBox');
-      dispatch('receiveDismissVulnerabilitySuccess', { id, data });
+      dispatch('receiveDismissVulnerabilitySuccess', { vulnerability, data });
    })
    .catch(() => {
      dispatch('receiveDismissVulnerabilityError', { flashError });
@@ -204,9 +209,8 @@ export const addDismissalComment = ({ dispatch }, { vulnerability, comment }) =>
      comment,
    })
    .then(({ data }) => {
-      const { id } = vulnerability;
      dispatch('closeDismissalCommentBox');
-      dispatch('receiveAddDismissalCommentSuccess', { id, data });
+      dispatch('receiveAddDismissalCommentSuccess', { vulnerability, data });
    })
    .catch(() => {
      dispatch('receiveAddDismissalCommentError');
@@ -276,8 +280,7 @@ export const undoDismiss = ({ dispatch }, { vulnerability, flashError }) => {
  axios
    .delete(destroy_vulnerability_feedback_dismissal_path)
    .then(() => {
-      const { id } = vulnerability;
+      dispatch('receiveUndoDismissSuccess', { vulnerability });
-      dispatch('receiveUndoDismissSuccess', { id });
    })
    .catch(() => {
      dispatch('receiveUndoDismissError', { flashError });

--- a/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/mutation_types.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/mutation_types.js
+export const SET_PIPELINE_ID = 'SET_PIPELINE_ID';
 export const SET_VULNERABILITIES_ENDPOINT = 'SET_VULNERABILITIES_ENDPOINT';
 export const SET_VULNERABILITIES_PAGE = 'SET_VULNERABILITIES_PAGE';
 export const REQUEST_VULNERABILITIES = 'REQUEST_VULNERABILITIES';

--- a/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/mutations.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/mutations.js
@@ -3,8 +3,12 @@ import { s__, __ } from '~/locale';
 import { visitUrl } from '~/lib/utils/url_utility';
 import * as types from './mutation_types';
 import { DAYS } from './constants';
+import { isSameVulnerability } from './utils';
 export default {
+  [types.SET_PIPELINE_ID](state, payload) {
+    state.pipelineId = payload;
+  },
  [types.SET_VULNERABILITIES_ENDPOINT](state, payload) {
    state.vulnerabilitiesEndpoint = payload;
  },
@@ -106,7 +110,7 @@ export default {
      }
      Vue.set(state.modal.data.className, 'value', className);
-      Vue.set(state.modal.data.file, 'value', `${file}${lineSuffix}`);
+      Vue.set(state.modal.data.file, 'value', file ? `${file}${lineSuffix}` : null);
      Vue.set(state.modal.data.image, 'value', image);
      Vue.set(state.modal.data.namespace, 'value', namespace);
    }
@@ -164,7 +168,9 @@ export default {
    Vue.set(state.modal, 'error', null);
  },
  [types.RECEIVE_DISMISS_VULNERABILITY_SUCCESS](state, payload) {
-    const vulnerability = state.vulnerabilities.find(vuln => vuln.id === payload.id);
+    const vulnerability = state.vulnerabilities.find(vuln =>
+      isSameVulnerability(vuln, payload.vulnerability),
+    );
    vulnerability.dismissal_feedback = payload.data;
    state.isDismissingVulnerability = false;
    Vue.set(state.modal, 'isDismissingVulnerability', false);
@@ -185,7 +191,9 @@ export default {
    Vue.set(state.modal, 'error', null);
  },
  [types.RECEIVE_ADD_DISMISSAL_COMMENT_SUCCESS](state, payload) {
-    const vulnerability = state.vulnerabilities.find(vuln => vuln.id === payload.id);
+    const vulnerability = state.vulnerabilities.find(vuln =>
+      isSameVulnerability(vuln, payload.vulnerability),
+    );
    if (vulnerability) {
      vulnerability.dismissal_feedback = payload.data;
      state.isDismissingVulnerability = false;
@@ -223,7 +231,9 @@ export default {
    Vue.set(state.modal, 'error', null);
  },
  [types.RECEIVE_REVERT_DISMISSAL_SUCCESS](state, payload) {
-    const vulnerability = state.vulnerabilities.find(vuln => vuln.id === payload.id);
+    const vulnerability = state.vulnerabilities.find(vuln =>
+      isSameVulnerability(vuln, payload.vulnerability),
+    );
    vulnerability.dismissal_feedback = null;
    state.isDismissingVulnerability = false;
    Vue.set(state.modal, 'isDismissingVulnerability', false);

--- a/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/state.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/state.js
@@ -13,6 +13,7 @@ export default () => ({
  vulnerabilitiesHistoryDayRange: 90,
  vulnerabilitiesHistoryMaxDayInterval: 7,
  pageInfo: {},
+  pipelineId: null,
  vulnerabilitiesCountEndpoint: null,
  vulnerabilitiesHistoryEndpoint: null,
  vulnerabilitiesEndpoint: null,

--- a/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/utils.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/utils.js
+/* eslint-disable import/prefer-default-export */
+import { isEqual } from 'underscore';
+const isVulnerabilityLike = object =>
+  Boolean(object && object.location && object.identifiers && object.identifiers[0]);
+/**
+ * Determines whether the provided objects represent the same vulnerability.
+ * @param {Object} vulnerability A vulnerability occurrence
+ * @param {Object} other Another vulnerability occurrence
+ * @returns {boolean}
+ */
+export const isSameVulnerability = (vulnerability, other) => {
+  if (!isVulnerabilityLike(vulnerability) || !isVulnerabilityLike(other)) {
+    return false;
+  }
+  // The `[location_fingerprint, identifiers[0]]` tuple is currently the most
+  // correct/robust set of data to compare to see if two objects represent the
+  // same vulnerability[1]. Unfortunately, `location_fingerprint` isn't exposed
+  // by the API yet, so we fall back to a slower deep equality comparison on
+  // `location` (which is a superset of `location_fingerprint`) if the former
+  // isn't present.
+  //
+  // [1]: https://gitlab.com/gitlab-org/gitlab-ee/issues/7586
+  let isLocationEqual = false;
+  if (vulnerability.location_fingerprint && other.location_fingerprint) {
+    isLocationEqual = vulnerability.location_fingerprint === other.location_fingerprint;
+  } else {
+    isLocationEqual = isEqual(vulnerability.location, other.location);
+  }
+  return isLocationEqual && isEqual(vulnerability.identifiers[0], other.identifiers[0]);
+};
--- a/ee/app/assets/javascripts/vue_shared/security_reports/card_security_reports_app.vue
+++ b/ee/app/assets/javascripts/vue_shared/security_reports/card_security_reports_app.vue
@@ -81,11 +81,6 @@ export default {
      required: false,
      default: null,
    },
-    vulnerabilitiesHistoryEndpoint: {
-      type: String,
-      required: false,
-      default: null,
-    },
  },
  computed: {
    headline() {
@@ -141,7 +136,6 @@ export default {
        :empty-state-svg-path="emptyStateSvgPath"
        :vulnerabilities-endpoint="vulnerabilitiesEndpoint"
        :vulnerabilities-count-endpoint="vulnerabilitiesSummaryEndpoint"
-        :vulnerabilities-history-endpoint="vulnerabilitiesHistoryEndpoint"
        :vulnerability-feedback-help-path="vulnerabilityFeedbackHelpPath"
      />
    </template>

--- a/ee/app/views/projects/pipelines/_tabs_content.html.haml
+++ b/ee/app/views/projects/pipelines/_tabs_content.html.haml
@@ -11,22 +11,30 @@
 - if pipeline.expose_security_dashboard?
  #js-tab-security.build-security.tab-pane
-    #js-security-report-app{ data: { head_blob_path: blob_path,
+    - if Feature.enabled?(:pipeline_report_api)
-    sast_head_path: sast_endpoint,
+      #js-security-report-app{ data: { dashboard_documentation: help_page_path('user/application_security/security_dashboard/index'),
-    dependency_scanning_head_path: dependency_scanning_endpoint,
+      empty_state_svg_path: image_path('illustrations/security-dashboard-empty-state.svg'),
-    dast_head_path: dast_endpoint,
+      pipeline_id: pipeline.id,
-    sast_container_head_path: sast_container_endpoint,
+      project_id: project.id,
-    pipeline_id: pipeline.id,
+      vulnerabilities_endpoint: expose_path(api_v4_projects_vulnerabilities_path(id: project.id, params: { pipeline_id: pipeline.id, scope: 'all' })),
-    source_branch: pipeline.ref,
+      vulnerability_feedback_help_path: help_page_path('user/application_security/index') } }
-    vulnerability_feedback_path: project_vulnerability_feedback_index_path(project),
+    - else
-    vulnerability_feedback_help_path: help_page_path('user/application_security/index'),
+      #js-security-report-app{ data: { head_blob_path: blob_path,
-    sast_help_path: help_page_path('user/application_security/sast/index'),
+      sast_head_path: sast_endpoint,
-    dependency_scanning_help_path: help_page_path('user/application_security/dependency_scanning/index'),
+      dependency_scanning_head_path: dependency_scanning_endpoint,
-    dast_help_path: help_page_path('user/application_security/dast/index'),
+      dast_head_path: dast_endpoint,
-    sast_container_help_path: help_page_path('user/application_security/container_scanning/index'),
+      sast_container_head_path: sast_container_endpoint,
-    create_vulnerability_feedback_issue_path: create_vulnerability_feedback_issue_path(project),
+      pipeline_id: pipeline.id,
-    create_vulnerability_feedback_merge_request_path: create_vulnerability_feedback_merge_request_path(project),
+      source_branch: pipeline.ref,
-    create_vulnerability_feedback_dismissal_path: create_vulnerability_feedback_dismissal_path(project) } }
+      vulnerability_feedback_path: project_vulnerability_feedback_index_path(project),
+      vulnerability_feedback_help_path: help_page_path('user/application_security/index'),
+      sast_help_path: help_page_path('user/application_security/sast/index'),
+      dependency_scanning_help_path: help_page_path('user/application_security/dependency_scanning/index'),
+      dast_help_path: help_page_path('user/application_security/dast/index'),
+      sast_container_help_path: help_page_path('user/application_security/container_scanning/index'),
+      create_vulnerability_feedback_issue_path: create_vulnerability_feedback_issue_path(project),
+      create_vulnerability_feedback_merge_request_path: create_vulnerability_feedback_merge_request_path(project),
+      create_vulnerability_feedback_dismissal_path: create_vulnerability_feedback_dismissal_path(project) } }
 - if pipeline.expose_license_management_data?
  #js-tab-licenses.tab-pane

--- a/ee/app/views/projects/pipelines/_tabs_holder.html.haml
+++ b/ee/app/views/projects/pipelines/_tabs_holder.html.haml
@@ -5,7 +5,7 @@
  %li.js-security-tab-link
    = link_to security_project_pipeline_path(project, pipeline), data: { target: '#js-tab-security', action: 'security', toggle: 'tab' }, class: 'security-tab qa-security-tab' do
      = _("Security")
-      %span.badge.badge-pill.js-sast-counter.hidden
+      %span.badge.badge-pill.js-security-counter.hidden
 - if pipeline.expose_license_management_data?
  %li.js-licenses-tab-link

--- a/ee/spec/features/projects/pipelines/pipeline_spec.rb
+++ b/ee/spec/features/projects/pipelines/pipeline_spec.rb
@@ -99,17 +99,37 @@ describe 'Pipeline', :js do
    context 'with a sast artifact' do
      before do
        create(:ee_ci_build, :sast, pipeline: pipeline)
-        visit security_project_pipeline_path(project, pipeline)
      end
-      it 'shows jobs tab pane as active' do
+      context 'when feature flag is enabled' do
-        expect(page).to have_content('Security')
+        before do
-        expect(page).to have_css('#js-tab-security')
+          visit security_project_pipeline_path(project, pipeline)
+        end
+        it 'shows jobs tab pane as active' do
+          expect(page).to have_content('Security')
+          expect(page).to have_css('#js-tab-security')
+        end
+        it 'shows security dashboard' do
+          expect(page).to have_css('.js-security-dashboard-table')
+        end
      end
-      it 'shows security report section' do
+      context 'when feature flag is disabled' do
-        expect(page).to have_content('SAST is loading')
+        before do
+          stub_feature_flags(pipeline_report_api: false)
+          visit security_project_pipeline_path(project, pipeline)
+        end
+        it 'shows jobs tab pane as active' do
+          expect(page).to have_content('Security')
+          expect(page).to have_css('#js-tab-security')
+        end
+        it 'shows security report section' do
+          expect(page).to have_content('SAST is loading')
+        end
      end
    end

--- a/ee/spec/frontend/security_dashboard/components/app_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/app_spec.js
@@ -13,31 +13,37 @@ import createStore from 'ee/security_dashboard/store';
 const localVue = createLocalVue();
+const pipelineId = 123;
 const projectsEndpoint = `${TEST_HOST}/projects`;
 const vulnerabilitiesEndpoint = `${TEST_HOST}/vulnerabilities`;
 const vulnerabilitiesCountEndpoint = `${TEST_HOST}/vulnerabilities_summary`;
 const vulnerabilitiesHistoryEndpoint = `${TEST_HOST}/vulnerabilities_history`;
-describe('Card security reports app', () => {
+describe('Security Dashboard app', () => {
  let wrapper;
  let mock;
  let fetchProjectsSpy;
  let lockFilterSpy;
+  let setPipelineIdSpy;
+  let store;
  const setup = () => {
    mock = new MockAdapter(axios);
    fetchProjectsSpy = jest.fn();
    lockFilterSpy = jest.fn();
+    setPipelineIdSpy = jest.fn();
  };
  const createComponent = props => {
+    store = createStore();
    wrapper = shallowMount(SecurityDashboardApp, {
      localVue,
-      store: createStore(),
+      store,
      sync: false,
      methods: {
        lockFilter: lockFilterSpy,
        fetchProjects: fetchProjectsSpy,
+        setPipelineId: setPipelineIdSpy,
      },
      propsData: {
        dashboardDocumentation: '',
@@ -46,6 +52,7 @@ describe('Card security reports app', () => {
        vulnerabilitiesEndpoint,
        vulnerabilitiesCountEndpoint,
        vulnerabilitiesHistoryEndpoint,
+        pipelineId,
        vulnerabilityFeedbackHelpPath: `${TEST_HOST}/vulnerabilities_feedback_help`,
        ...props,
      },
@@ -90,12 +97,27 @@ describe('Card security reports app', () => {
    it('does not lock project filters', () => {
      expect(lockFilterSpy).not.toHaveBeenCalled();
    });
+    it('sets the pipeline id', () => {
+      expect(setPipelineIdSpy).toHaveBeenCalledWith(pipelineId);
+    });
+    describe('when the total number of vulnerabilities change', () => {
+      const newCount = 3;
+      beforeEach(() => {
+        localVue.set(store.state.vulnerabilities.pageInfo, 'total', newCount);
+      });
+      it('emits a vulnerabilitiesCountChanged event', () => {
+        expect(wrapper.emitted('vulnerabilitiesCountChanged')).toEqual([[newCount]]);
+      });
+    });
  });
  describe('with project lock', () => {
    const project = {
      id: 123,
-      name: 'my-project',
    };
    beforeEach(() => {
      setup();
@@ -112,8 +134,8 @@ describe('Card security reports app', () => {
      expect(wrapper.vm.isLockedToProject).toBe(true);
    });
-    it('does not fetch projects', () => {
+    it('fetches projects', () => {
-      expect(fetchProjectsSpy).not.toHaveBeenCalled();
+      expect(fetchProjectsSpy).toHaveBeenCalled();
    });
    it('locks the filters to a given project', () => {
@@ -123,4 +145,21 @@ describe('Card security reports app', () => {
      });
    });
  });
+  describe.each`
+    endpointProp                        | Component
+    ${'vulnerabilitiesCountEndpoint'}   | ${VulnerabilityCountList}
+    ${'vulnerabilitiesHistoryEndpoint'} | ${VulnerabilityChart}
+  `('with an empty $endpointProp', ({ endpointProp, Component }) => {
+    beforeEach(() => {
+      setup();
+      createComponent({
+        [endpointProp]: '',
+      });
+    });
+    it(`does not show the ${Component.name}`, () => {
+      expect(wrapper.find(Component).exists()).toBe(false);
+    });
+  });
 });
--- a/ee/spec/frontend/security_dashboard/store/vulnerabilities/utils_spec.js
+++ b/ee/spec/frontend/security_dashboard/store/vulnerabilities/utils_spec.js
+import { isSameVulnerability } from 'ee/security_dashboard/store/modules/vulnerabilities/utils';
+import mockData from '../../../../javascripts/security_dashboard/store/vulnerabilities/data/mock_data_vulnerabilities.json';
+describe('Vulnerabilities utils', () => {
+  const clone = serializable => JSON.parse(JSON.stringify(serializable));
+  const vuln = clone(mockData[0]);
+  const vulnWithNewLocation = { ...clone(vuln), location: { foo: 1 } };
+  const vulnWithNewIdentifier = { ...clone(vuln), identifiers: [{ foo: 1 }] };
+  describe('isSameVulnerability', () => {
+    describe.each`
+      description                        | vulnerability | other                    | result
+      ${'identical vulnerabilities'}     | ${vuln}       | ${vuln}                  | ${true}
+      ${'cloned vulnerabilities'}        | ${vuln}       | ${clone(vuln)}           | ${true}
+      ${'different locations'}           | ${vuln}       | ${vulnWithNewLocation}   | ${false}
+      ${'different primary identifiers'} | ${vuln}       | ${vulnWithNewIdentifier} | ${false}
+      ${'cloned non-vulnerabilities'}    | ${{ foo: 1 }} | ${{ foo: 1 }}            | ${false}
+      ${'null values'}                   | ${null}       | ${null}                  | ${false}
+      ${'undefined values'}              | ${undefined}  | ${undefined}             | ${false}
+    `('given $description', ({ vulnerability, other, result }) => {
+      it(`returns ${result}`, () => {
+        expect(isSameVulnerability(vulnerability, other)).toBe(result);
+      });
+    });
+  });
+});
--- a/ee/spec/frontend/vue_shared/security_reports/card_security_reports_app_spec.js
+++ b/ee/spec/frontend/vue_shared/security_reports/card_security_reports_app_spec.js
@@ -12,7 +12,6 @@ const localVue = createLocalVue();
 const vulnerabilitiesEndpoint = `${TEST_HOST}/vulnerabilities`;
 const vulnerabilitiesSummaryEndpoint = `${TEST_HOST}/vulnerabilities_summary`;
-const vulnerabilitiesHistoryEndpoint = `${TEST_HOST}/vulnerabilities_history`;
 describe('Card security reports app', () => {
  let wrapper;
@@ -58,7 +57,6 @@ describe('Card security reports app', () => {
        vulnerabilityFeedbackHelpPath: `${TEST_HOST}/vulnerability_feedback_help`,
        vulnerabilitiesEndpoint,
        vulnerabilitiesSummaryEndpoint,
-        vulnerabilitiesHistoryEndpoint,
        ...props,
      },
    });

--- a/ee/spec/javascripts/security_dashboard/store/projects/actions_spec.js
+++ b/ee/spec/javascripts/security_dashboard/store/projects/actions_spec.js
@@ -92,6 +92,16 @@ describe('projects actions', () => {
        );
      });
    });
+    describe('with an empty endpoint', () => {
+      beforeEach(() => {
+        state.projectsEndpoint = '';
+      });
+      it('should not do anything', done => {
+        testAction(actions.fetchProjects, {}, state, [], [], done);
+      });
+    });
  });
  describe('receiveProjectsSuccess', () => {

--- a/ee/spec/javascripts/security_dashboard/store/vulnerabilities/actions_spec.js
+++ b/ee/spec/javascripts/security_dashboard/store/vulnerabilities/actions_spec.js
@@ -16,10 +16,34 @@ describe('vulnerabilities count actions', () => {
  const data = mockDataVulnerabilitiesCount;
  const params = { filters: { type: ['sast'] } };
  const filteredData = mockDataVulnerabilitiesCount.sast;
+  let state;
+  beforeEach(() => {
+    state = initialState();
+  });
+  describe('setPipelineId', () => {
+    const pipelineId = 123;
+    it('should commit the correct mutation', done => {
+      testAction(
+        actions.setPipelineId,
+        pipelineId,
+        state,
+        [
+          {
+            type: types.SET_PIPELINE_ID,
+            payload: pipelineId,
+          },
+        ],
+        [],
+        done,
+      );
+    });
+  });
  describe('setVulnerabilitiesCountEndpoint', () => {
    it('should commit the correct mutuation', done => {
-      const state = initialState;
      const endpoint = 'fakepath.json';
      testAction(
@@ -40,7 +64,6 @@ describe('vulnerabilities count actions', () => {
  describe('fetchVulnerabilitiesCount', () => {
    let mock;
-    const state = initialState;
    beforeEach(() => {
      state.vulnerabilitiesCountEndpoint = `${TEST_HOST}/vulnerabilities_count.json`;
@@ -111,12 +134,20 @@ describe('vulnerabilities count actions', () => {
        );
      });
    });
+    describe('with an empty endpoint', () => {
+      beforeEach(() => {
+        state.vulnerabilitiesCountEndpoint = '';
+      });
+      it('should not do anything', done => {
+        testAction(actions.fetchVulnerabilitiesCount, {}, state, [], [], done);
+      });
+    });
  });
  describe('requestVulnerabilitiesCount', () => {
    it('should commit the request mutation', done => {
-      const state = initialState;
      testAction(
        actions.requestVulnerabilitiesCount,
        {},
@@ -130,8 +161,6 @@ describe('vulnerabilities count actions', () => {
  describe('receiveVulnerabilitiesCountSuccess', () => {
    it('should commit the success mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveVulnerabilitiesCountSuccess,
        { data },
@@ -145,8 +174,6 @@ describe('vulnerabilities count actions', () => {
  describe('receiveVulnerabilitiesCountError', () => {
    it('should commit the error mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveVulnerabilitiesCountError,
        {},
@@ -179,10 +206,14 @@ describe('vulnerabilities actions', () => {
    'X-Total': pageInfo.total,
    'X-Total-Pages': pageInfo.totalPages,
  };
+  let state;
+  beforeEach(() => {
+    state = initialState();
+  });
  describe('fetchVulnerabilities', () => {
    let mock;
-    const state = initialState;
    beforeEach(() => {
      state.vulnerabilitiesEndpoint = `${TEST_HOST}/vulnerabilities.json`;
@@ -253,12 +284,20 @@ describe('vulnerabilities actions', () => {
        );
      });
    });
+    describe('with an empty endpoint', () => {
+      beforeEach(() => {
+        state.vulnerabilitiesEndpoint = '';
+      });
+      it('should not do anything', done => {
+        testAction(actions.fetchVulnerabilities, {}, state, [], [], done);
+      });
+    });
  });
  describe('receiveVulnerabilitiesSuccess', () => {
    it('should commit the success mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveVulnerabilitiesSuccess,
        { headers, data },
@@ -277,8 +316,6 @@ describe('vulnerabilities actions', () => {
  describe('receiveVulnerabilitiesError', () => {
    it('should commit the error mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveVulnerabilitiesError,
        {},
@@ -292,8 +329,6 @@ describe('vulnerabilities actions', () => {
  describe('requestVulnerabilities', () => {
    it('should commit the request mutation', done => {
-      const state = initialState;
      testAction(
        actions.requestVulnerabilities,
        {},
@@ -307,7 +342,6 @@ describe('vulnerabilities actions', () => {
  describe('setVulnerabilitiesEndpoint', () => {
    it('should commit the correct mutuation', done => {
-      const state = initialState;
      const endpoint = 'fakepath.json';
      testAction(
@@ -328,7 +362,6 @@ describe('vulnerabilities actions', () => {
  describe('setVulnerabilitiesPage', () => {
    it('should commit the correct mutuation', done => {
-      const state = initialState;
      const page = 3;
      testAction(
@@ -349,8 +382,13 @@ describe('vulnerabilities actions', () => {
 });
 describe('openModal', () => {
+  let state;
+  beforeEach(() => {
+    state = initialState();
+  });
  it('should commit the SET_MODAL_DATA mutation', done => {
-    const state = initialState;
    const vulnerability = mockDataVulnerabilities[0];
    testAction(
@@ -396,6 +434,12 @@ describe('downloadPatch', () => {
 });
 describe('issue creation', () => {
+  let state;
+  beforeEach(() => {
+    state = initialState();
+  });
  describe('createIssue', () => {
    const vulnerability = mockDataVulnerabilities[0];
    const data = { issue_url: 'fakepath.html' };
@@ -459,7 +503,6 @@ describe('issue creation', () => {
  describe('receiveCreateIssueSuccess', () => {
    it('should commit the success mutation', done => {
-      const state = initialState;
      const data = mockDataVulnerabilities[0];
      testAction(
@@ -480,8 +523,6 @@ describe('issue creation', () => {
  describe('receiveCreateIssueError', () => {
    it('should commit the error mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveCreateIssueError,
        {},
@@ -495,8 +536,6 @@ describe('issue creation', () => {
  describe('requestCreateIssue', () => {
    it('should commit the request mutation', done => {
-      const state = initialState;
      testAction(
        actions.requestCreateIssue,
        {},
@@ -510,6 +549,12 @@ describe('issue creation', () => {
 });
 describe('merge request creation', () => {
+  let state;
+  beforeEach(() => {
+    state = initialState();
+  });
  describe('createMergeRequest', () => {
    const vulnerability = mockDataVulnerabilities[0];
    const data = { merge_request_path: 'fakepath.html' };
@@ -573,7 +618,6 @@ describe('merge request creation', () => {
  describe('receiveCreateMergeRequestSuccess', () => {
    it('should commit the success mutation', done => {
-      const state = initialState;
      const data = mockDataVulnerabilities[0];
      testAction(
@@ -594,8 +638,6 @@ describe('merge request creation', () => {
  describe('receiveCreateMergeRequestError', () => {
    it('should commit the error mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveCreateMergeRequestError,
        {},
@@ -609,8 +651,6 @@ describe('merge request creation', () => {
  describe('requestCreateMergeRequest', () => {
    it('should commit the request mutation', done => {
-      const state = initialState;
      testAction(
        actions.requestCreateMergeRequest,
        {},
@@ -624,6 +664,12 @@ describe('merge request creation', () => {
 });
 describe('vulnerability dismissal', () => {
+  let state;
+  beforeEach(() => {
+    state = initialState();
+  });
  describe('dismissVulnerability', () => {
    const vulnerability = mockDataVulnerabilities[0];
    const data = { vulnerability };
@@ -657,7 +703,7 @@ describe('vulnerability dismissal', () => {
            { type: 'closeDismissalCommentBox' },
            {
              type: 'receiveDismissVulnerabilitySuccess',
-              payload: { data, id: vulnerability.id },
+              payload: { data, vulnerability },
            },
          ],
          done,
@@ -690,7 +736,6 @@ describe('vulnerability dismissal', () => {
  describe('receiveDismissVulnerabilitySuccess', () => {
    it('should commit the success mutation', done => {
-      const state = initialState;
      const data = mockDataVulnerabilities[0];
      testAction(
@@ -711,8 +756,6 @@ describe('vulnerability dismissal', () => {
  describe('receiveDismissVulnerabilityError', () => {
    it('should commit the error mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveDismissVulnerabilityError,
        {},
@@ -726,8 +769,6 @@ describe('vulnerability dismissal', () => {
  describe('requestDismissVulnerability', () => {
    it('should commit the request mutation', done => {
-      const state = initialState;
      testAction(
        actions.requestDismissVulnerability,
        {},
@@ -741,6 +782,12 @@ describe('vulnerability dismissal', () => {
 });
 describe('add vulnerability dismissal comment', () => {
+  let state;
+  beforeEach(() => {
+    state = initialState();
+  });
  describe('addDismissalComment', () => {
    const vulnerability = mockDataVulnerabilities[2];
    const data = { vulnerability };
@@ -778,7 +825,7 @@ describe('add vulnerability dismissal comment', () => {
          [
            { type: 'requestAddDismissalComment' },
            { type: 'closeDismissalCommentBox' },
-            { type: 'receiveAddDismissalCommentSuccess', payload: { data, id: vulnerability.id } },
+            { type: 'receiveAddDismissalCommentSuccess', payload: { data, vulnerability } },
          ],
          checkPassedData,
        );
@@ -804,8 +851,6 @@ describe('add vulnerability dismissal comment', () => {
    describe('receiveAddDismissalCommentSuccess', () => {
      it('should commit the success mutation', done => {
-        const state = initialState;
        testAction(
          actions.receiveAddDismissalCommentSuccess,
          { data },
@@ -819,8 +864,6 @@ describe('add vulnerability dismissal comment', () => {
    describe('receiveAddDismissalCommentError', () => {
      it('should commit the error mutation', done => {
-        const state = initialState;
        testAction(
          actions.receiveAddDismissalCommentError,
          {},
@@ -834,8 +877,6 @@ describe('add vulnerability dismissal comment', () => {
    describe('requestAddDismissalComment', () => {
      it('should commit the request mutation', done => {
-        const state = initialState;
        testAction(
          actions.requestAddDismissalComment,
          {},
@@ -917,8 +958,6 @@ describe('add vulnerability dismissal comment', () => {
    describe('receiveDeleteDismissalCommentSuccess', () => {
      it('should commit the success mutation', done => {
-        const state = initialState;
        testAction(
          actions.receiveDeleteDismissalCommentSuccess,
          { data },
@@ -932,8 +971,6 @@ describe('add vulnerability dismissal comment', () => {
    describe('receiveDeleteDismissalCommentError', () => {
      it('should commit the error mutation', done => {
-        const state = initialState;
        testAction(
          actions.receiveDeleteDismissalCommentError,
          {},
@@ -947,8 +984,6 @@ describe('add vulnerability dismissal comment', () => {
    describe('requestDeleteDismissalComment', () => {
      it('should commit the request mutation', done => {
-        const state = initialState;
        testAction(
          actions.requestDeleteDismissalComment,
          {},
@@ -963,9 +998,13 @@ describe('add vulnerability dismissal comment', () => {
 });
 describe('showDismissalDeleteButtons', () => {
-  it('commits show dismissal delete buttons', done => {
+  let state;
-    const state = initialState;
+  beforeEach(() => {
+    state = initialState();
+  });
+  it('commits show dismissal delete buttons', done => {
    testAction(
      actions.showDismissalDeleteButtons,
      null,
@@ -982,9 +1021,13 @@ describe('showDismissalDeleteButtons', () => {
 });
 describe('hideDismissalDeleteButtons', () => {
-  it('commits hide dismissal delete buttons', done => {
+  let state;
-    const state = initialState;
+  beforeEach(() => {
+    state = initialState();
+  });
+  it('commits hide dismissal delete buttons', done => {
    testAction(
      actions.hideDismissalDeleteButtons,
      null,
@@ -1027,7 +1070,7 @@ describe('revert vulnerability dismissal', () => {
          [],
          [
            { type: 'requestUndoDismiss' },
-            { type: 'receiveUndoDismissSuccess', payload: { id: vulnerability.id } },
+            { type: 'receiveUndoDismissSuccess', payload: { vulnerability } },
          ],
          done,
        );
@@ -1113,10 +1156,14 @@ describe('vulnerabilities history actions', () => {
  const data = mockDataVulnerabilitiesHistory;
  const params = { filters: { severity: ['critical'] } };
  const filteredData = mockDataVulnerabilitiesHistory.critical;
+  let state;
+  beforeEach(() => {
+    state = initialState();
+  });
  describe('setVulnerabilitiesHistoryEndpoint', () => {
    it('should commit the correct mutuation', done => {
-      const state = initialState;
      const endpoint = 'fakepath.json';
      testAction(
@@ -1137,7 +1184,6 @@ describe('vulnerabilities history actions', () => {
  describe('setVulnerabilitiesHistoryDayRange', () => {
    it('should commit the number of past days to show', done => {
-      const state = initialState;
      const days = DAYS.THIRTY;
      testAction(
        actions.setVulnerabilitiesHistoryDayRange,
@@ -1155,9 +1201,8 @@ describe('vulnerabilities history actions', () => {
    });
  });
-  describe('fetchVulnerabilitiesTimeline', () => {
+  describe('fetchVulnerabilitiesHistory', () => {
    let mock;
-    const state = initialState;
    beforeEach(() => {
      state.vulnerabilitiesHistoryEndpoint = `${TEST_HOST}/vulnerabilitIES_HISTORY.json`;
@@ -1231,12 +1276,20 @@ describe('vulnerabilities history actions', () => {
        );
      });
    });
+    describe('with an empty endpoint', () => {
+      beforeEach(() => {
+        state.vulnerabilitiesHistoryEndpoint = '';
+      });
+      it('should not do anything', done => {
+        testAction(actions.fetchVulnerabilitiesHistory, {}, state, [], [], done);
+      });
+    });
  });
-  describe('requestVulnerabilitiesTimeline', () => {
+  describe('requestVulnerabilitiesHistory', () => {
    it('should commit the request mutation', done => {
-      const state = initialState;
      testAction(
        actions.requestVulnerabilitiesHistory,
        {},
@@ -1248,10 +1301,8 @@ describe('vulnerabilities history actions', () => {
    });
  });
-  describe('receiveVulnerabilitiesTimelineSuccess', () => {
+  describe('receiveVulnerabilitiesHistorySuccess', () => {
    it('should commit the success mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveVulnerabilitiesHistorySuccess,
        { data },
@@ -1263,10 +1314,8 @@ describe('vulnerabilities history actions', () => {
    });
  });
-  describe('receiveVulnerabilitiesTimelineError', () => {
+  describe('receiveVulnerabilitiesHistoryError', () => {
    it('should commit the error mutation', done => {
-      const state = initialState;
      testAction(
        actions.receiveVulnerabilitiesHistoryError,
        {},
@@ -1280,8 +1329,6 @@ describe('vulnerabilities history actions', () => {
  describe('openDismissalCommentBox', () => {
    it('should commit the open comment mutation with a default payload', done => {
-      const state = initialState();
      testAction(
        actions.openDismissalCommentBox,
        undefined,
@@ -1295,8 +1342,6 @@ describe('vulnerabilities history actions', () => {
  describe('closeDismissalCommentBox', () => {
    it('should commit the close comment mutation', done => {
-      const state = initialState();
      testAction(
        actions.closeDismissalCommentBox,
        {},

--- a/ee/spec/javascripts/security_dashboard/store/vulnerabilities/mutations_spec.js
+++ b/ee/spec/javascripts/security_dashboard/store/vulnerabilities/mutations_spec.js
@@ -5,9 +5,24 @@ import { DAYS } from 'ee/security_dashboard/store/modules/vulnerabilities/consta
 import mockData from './data/mock_data_vulnerabilities.json';
 describe('vulnerabilities module mutations', () => {
+  let state;
+  beforeEach(() => {
+    state = createState();
+  });
+  describe('SET_PIPELINE_ID', () => {
+    const pipelineId = 123;
+    it(`should set the pipelineId to ${pipelineId}`, () => {
+      mutations[types.SET_PIPELINE_ID](state, pipelineId);
+      expect(state.pipelineId).toBe(pipelineId);
+    });
+  });
  describe('SET_VULNERABILITIES_ENDPOINT', () => {
    it('should set `vulnerabilitiesEndpoint` to `fakepath.json`', () => {
-      const state = createState();
      const endpoint = 'fakepath.json';
      mutations[types.SET_VULNERABILITIES_ENDPOINT](state, endpoint);
@@ -19,8 +34,6 @@ describe('vulnerabilities module mutations', () => {
  describe('SET_VULNERABILITIES_PAGE', () => {
    const page = 3;
    it(`should set pageInfo.page to ${page}`, () => {
-      const state = createState();
      mutations[types.SET_VULNERABILITIES_PAGE](state, page);
      expect(state.pageInfo.page).toEqual(page);
@@ -28,13 +41,8 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('REQUEST_VULNERABILITIES', () => {
-    let state;
    beforeEach(() => {
-      state = {
+      state.errorLoadingVulnerabilities = true;
-        ...createState(),
-        errorLoadingVulnerabilities: true,
-      };
      mutations[types.REQUEST_VULNERABILITIES](state);
    });
@@ -49,14 +57,12 @@ describe('vulnerabilities module mutations', () => {
  describe('RECEIVE_VULNERABILITIES_SUCCESS', () => {
    let payload;
-    let state;
    beforeEach(() => {
      payload = {
        vulnerabilities: mockData,
        pageInfo: { a: 1, b: 2, c: 3 },
      };
-      state = createState();
      mutations[types.RECEIVE_VULNERABILITIES_SUCCESS](state, payload);
    });
@@ -75,8 +81,6 @@ describe('vulnerabilities module mutations', () => {
  describe('RECEIVE_VULNERABILITIES_ERROR', () => {
    it('should set `isLoadingVulnerabilities` to `false`', () => {
-      const state = createState();
      mutations[types.RECEIVE_VULNERABILITIES_ERROR](state);
      expect(state.isLoadingVulnerabilities).toBeFalsy();
@@ -85,7 +89,6 @@ describe('vulnerabilities module mutations', () => {
  describe('SET_VULNERABILITIES_COUNT_ENDPOINT', () => {
    it('should set `vulnerabilitiesCountEndpoint` to `fakepath.json`', () => {
-      const state = createState();
      const endpoint = 'fakepath.json';
      mutations[types.SET_VULNERABILITIES_COUNT_ENDPOINT](state, endpoint);
@@ -95,13 +98,8 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('REQUEST_VULNERABILITIES_COUNT', () => {
-    let state;
    beforeEach(() => {
-      state = {
+      state.errorLoadingVulnerabilitiesCount = true;
-        ...createState(),
-        errorLoadingVulnerabilitiesCount: true,
-      };
      mutations[types.REQUEST_VULNERABILITIES_COUNT](state);
    });
@@ -116,11 +114,9 @@ describe('vulnerabilities module mutations', () => {
  describe('RECEIVE_VULNERABILITIES_COUNT_SUCCESS', () => {
    let payload;
-    let state;
    beforeEach(() => {
      payload = mockData;
-      state = createState();
      mutations[types.RECEIVE_VULNERABILITIES_COUNT_SUCCESS](state, payload);
    });
@@ -135,8 +131,6 @@ describe('vulnerabilities module mutations', () => {
  describe('RECEIVE_VULNERABILITIES_COUNT_ERROR', () => {
    it('should set `isLoadingVulnerabilitiesCount` to `false`', () => {
-      const state = createState();
      mutations[types.RECEIVE_VULNERABILITIES_COUNT_ERROR](state);
      expect(state.isLoadingVulnerabilitiesCount).toBeFalsy();
@@ -145,7 +139,6 @@ describe('vulnerabilities module mutations', () => {
  describe('SET_VULNERABILITIES_HISTORY_ENDPOINT', () => {
    it('should set `vulnerabilitiesHistoryEndpoint` to `fakepath.json`', () => {
-      const state = createState();
      const endpoint = 'fakepath.json';
      mutations[types.SET_VULNERABILITIES_HISTORY_ENDPOINT](state, endpoint);
@@ -155,13 +148,8 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('REQUEST_VULNERABILITIES_HISTORY', () => {
-    let state;
    beforeEach(() => {
-      state = {
+      state.errorLoadingVulnerabilitiesHistory = true;
-        ...createState(),
-        errorLoadingVulnerabilitiesHistory: true,
-      };
      mutations[types.REQUEST_VULNERABILITIES_HISTORY](state);
    });
@@ -176,11 +164,9 @@ describe('vulnerabilities module mutations', () => {
  describe('RECEIVE_VULNERABILITIES_HISTORY_SUCCESS', () => {
    let payload;
-    let state;
    beforeEach(() => {
      payload = mockData;
-      state = createState();
      mutations[types.RECEIVE_VULNERABILITIES_HISTORY_SUCCESS](state, payload);
    });
@@ -195,8 +181,6 @@ describe('vulnerabilities module mutations', () => {
  describe('RECEIVE_VULNERABILITIES_HISTORY_ERROR', () => {
    it('should set `isLoadingVulnerabilitiesHistory` to `false`', () => {
-      const state = createState();
      mutations[types.RECEIVE_VULNERABILITIES_HISTORY_ERROR](state);
      expect(state.isLoadingVulnerabilitiesHistory).toBeFalsy();
@@ -204,12 +188,6 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('SET_VULNERABILITIES_HISTORY_DAY_RANGE', () => {
-    let state;
-    beforeEach(() => {
-      state = createState();
-    });
    it('should set the vulnerabilitiesHistoryDayRange to number of days', () => {
      mutations[types.SET_VULNERABILITIES_HISTORY_DAY_RANGE](state, DAYS.THIRTY);
@@ -233,10 +211,8 @@ describe('vulnerabilities module mutations', () => {
    describe('with all the data', () => {
      const vulnerability = mockData[0];
      let payload;
-      let state;
      beforeEach(() => {
-        state = createState();
        payload = { vulnerability };
        mutations[types.SET_MODAL_DATA](state, payload);
      });
@@ -303,12 +279,6 @@ describe('vulnerabilities module mutations', () => {
    describe('with irregular data', () => {
      const vulnerability = mockData[0];
-      let state;
-      beforeEach(() => {
-        state = createState();
-      });
      it('should set isDismissed when the vulnerabilitiy is dismissed', () => {
        const payload = {
          vulnerability: { ...vulnerability, dismissal_feedback: 'I am dismissed' },
@@ -359,14 +329,18 @@ describe('vulnerabilities module mutations', () => {
        expect(state.modal.data.instances.value).toEqual(null);
      });
+      it('should nullify the file value', () => {
+        const payload = { vulnerability: { ...vulnerability, location: {} } };
+        mutations[types.SET_MODAL_DATA](state, payload);
+        expect(state.modal.data.file.value).toEqual(null);
+      });
    });
  });
  describe('REQUEST_CREATE_ISSUE', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.REQUEST_CREATE_ISSUE](state);
    });
@@ -385,7 +359,6 @@ describe('vulnerabilities module mutations', () => {
  describe('RECEIVE_CREATE_ISSUE_SUCCESS', () => {
    it('should fire the visitUrl function on the issue URL', () => {
-      const state = createState();
      const payload = { issue_url: 'fakepath.html' };
      const visitUrl = spyOnDependency(mutations, 'visitUrl');
      mutations[types.RECEIVE_CREATE_ISSUE_SUCCESS](state, payload);
@@ -395,10 +368,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_CREATE_ISSUE_ERROR', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.RECEIVE_CREATE_ISSUE_ERROR](state);
    });
@@ -416,10 +386,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('REQUEST_CREATE_MERGE_REQUEST', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.REQUEST_CREATE_MERGE_REQUEST](state);
    });
@@ -438,7 +405,6 @@ describe('vulnerabilities module mutations', () => {
  describe('RECEIVE_CREATE_MERGE_REQUEST_SUCCESS', () => {
    it('should fire the visitUrl function on the merge request URL', () => {
-      const state = createState();
      const payload = { merge_request_path: 'fakepath.html' };
      const visitUrl = spyOnDependency(mutations, 'visitUrl');
      mutations[types.RECEIVE_CREATE_MERGE_REQUEST_SUCCESS](state, payload);
@@ -448,10 +414,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_CREATE_MERGE_REQUEST_ERROR', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.RECEIVE_CREATE_MERGE_REQUEST_ERROR](state);
    });
@@ -469,10 +432,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('REQUEST_DISMISS_VULNERABILITY', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.REQUEST_DISMISS_VULNERABILITY](state);
    });
@@ -490,17 +450,15 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_DISMISS_VULNERABILITY_SUCCESS', () => {
-    let state;
    let payload;
    let vulnerability;
    let data;
    beforeEach(() => {
-      state = createState();
      state.vulnerabilities = mockData;
      [vulnerability] = mockData;
      data = { name: 'dismissal feedback' };
-      payload = { id: vulnerability.id, data };
+      payload = { vulnerability, data };
      mutations[types.RECEIVE_DISMISS_VULNERABILITY_SUCCESS](state, payload);
    });
@@ -522,10 +480,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_DISMISS_VULNERABILITY_ERROR', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.RECEIVE_DISMISS_VULNERABILITY_ERROR](state);
    });
@@ -543,10 +498,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('REQUEST_DELETE_DISMISSAL_COMMENT', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.REQUEST_DELETE_DISMISSAL_COMMENT](state);
    });
@@ -564,13 +516,11 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_DELETE_DISMISSAL_COMMENT_SUCCESS', () => {
-    let state;
    let payload;
    let vulnerability;
    let data;
    beforeEach(() => {
-      state = createState();
      state.vulnerabilities = mockData;
      [vulnerability] = mockData;
      data = { name: '' };
@@ -596,10 +546,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_DELETE_DISMISSAL_COMMENT_ERROR', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.RECEIVE_DELETE_DISMISSAL_COMMENT_ERROR](state);
    });
@@ -617,10 +564,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe(types.SHOW_DISMISSAL_DELETE_BUTTONS, () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.SHOW_DISMISSAL_DELETE_BUTTONS](state);
    });
@@ -630,10 +574,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe(types.HIDE_DISMISSAL_DELETE_BUTTONS, () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.HIDE_DISMISSAL_DELETE_BUTTONS](state);
    });
@@ -643,10 +584,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('REQUEST_ADD_DISMISSAL_COMMENT', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.REQUEST_ADD_DISMISSAL_COMMENT](state);
    });
@@ -664,17 +602,15 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_ADD_DISMISSAL_COMMENT_SUCCESS', () => {
-    let state;
    let payload;
    let vulnerability;
    let data;
    beforeEach(() => {
-      state = createState();
      state.vulnerabilities = mockData;
      [vulnerability] = mockData;
      data = { name: 'dismissal feedback' };
-      payload = { id: vulnerability.id, data };
+      payload = { vulnerability, data };
      mutations[types.RECEIVE_ADD_DISMISSAL_COMMENT_SUCCESS](state, payload);
    });
@@ -696,10 +632,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_ADD_DISMISSAL_COMMENT_ERROR', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.RECEIVE_ADD_DISMISSAL_COMMENT_ERROR](state);
    });
@@ -717,10 +650,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('REQUEST_REVERT_DISMISSAL', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.REQUEST_REVERT_DISMISSAL](state);
    });
@@ -738,15 +668,13 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_REVERT_DISMISSAL_SUCCESS', () => {
-    let state;
    let payload;
    let vulnerability;
    beforeEach(() => {
-      state = createState();
      state.vulnerabilities = mockData;
      [vulnerability] = mockData;
-      payload = { id: vulnerability.id };
+      payload = { vulnerability };
      mutations[types.RECEIVE_REVERT_DISMISSAL_SUCCESS](state, payload);
    });
@@ -768,10 +696,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('RECEIVE_REVERT_DISMISSAL_ERROR', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.RECEIVE_REVERT_DISMISSAL_ERROR](state);
    });
@@ -789,10 +714,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('OPEN_DISMISSAL_COMMENT_BOX', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.OPEN_DISMISSAL_COMMENT_BOX](state);
    });
@@ -802,10 +724,7 @@ describe('vulnerabilities module mutations', () => {
  });
  describe('CLOSE_DISMISSAL_COMMENT_BOX', () => {
-    let state;
    beforeEach(() => {
-      state = createState();
      mutations[types.CLOSE_DISMISSAL_COMMENT_BOX](state);
    });