Description

Review: hide space in case changed files displays scoped search filter more clearly

Objective

Provide equivalent filter for scheduled reports as view-based reports

Analysis

Find in Files <CreateReportDropdown

• DeploymentPage: single deployment
• ImagePage: single image
• WorkloadCvesOverviewPage: multiple CVEs, images, deployments

Find in Files <CreateViewBasedReportModal ditto and observe:

• isViewBasedReportsEnabled requires read 'WorkflowAdministration' permission to create view-based report
  Therefore, conditional rendering of dropdown item to require write permission to create scheduled report
• query prop has the string for backend request
  Therefore, use the same value or call the same function
• vulnerabilityViewBasedReportsPath for link
  Therefore, use sibling vulnerabilityConfigurationReportsPath path

Solution

1. Edit CreateReportDropdown.tsx file.

   • Replace onSelect as onSelectExportReportAsCSV prop.
   • Add onSelectCreateScheduledReport prop.
   • Render Create scheduled report item if feature flag is enabled.

2. Edit ImageVulnerabilityReports.utils.ts file.

   • Adapt ?action=createFromFilter&… query string from ?action=generate&… prototype to create policy in ROX-33943: Replace createStructuredSelector in PolicyPage #19805

3. Edit 3 files that render CreateReportDropdown element.

   • Unlike view-based report that needs request query directly, scheduled report receives it indirectly (that is, from search filter to URL query, from URL query to search filter, and then from search fiter to request query) therefore factor out and search filter as local variable.

     • deploymentScopedSearchFilterForReport
     • imageScopedSearchFilterForReport
     • workloadCvesScopedSearchFilter

   • Add wrapInQuotes(deploymentId) for exact match to close existing loophole.

Residue

1. Refactor Vulnerability reporting to render view and wizard if feature flag is enabled.
2. Add conditional business logic for ?action=createFromFilter&… query string.

User-facing documentation

• CHANGELOG.md update is not needed
• documentation PR is not needed

Testing and quality

• the change is production ready: the functionality is gated by a feature flag
• CI results are inspected

Automated testing

• added unit tests
• added e2e tests
• added regression tests
• added compatibility tests
• modified existing tests

How I validated my change

1. npm run tsc in ui/apps/platform folder.
2. npm run lint:fast-dev in ui/apps/platform folder.
3. npm run start in ui/apps/platform folder with staging demo as central

Manual testing

Temporarily edit code to enable 'ROX_VULNERABILITY_REPORTS_ENHANCED_FILTERING' feature flag.

See step 3 for picture of Create scheduled report dropdown item.

1. Visit /main/vulnerabilities/platform select search filters, click Create report, and then click Create scheduled report

   Cluster name: staging-secured-cluster Namespace: stackrox CVE severity: Moderate

   See query string in request payload which is same as for view-based report
   query: "Platform Component:true+SEVERITY:CRITICAL_VULNERABILITY_SEVERITY,IMPORTANT_VULNERABILITY_SEVERITY,MODERATE_VULNERABILITY_SEVERITY+FIXABLE:true+Cluster:\"staging-secured-cluster\"+Namespace:\"stackrox\"+Vulnerability State:OBSERVED"

   See query string in address of Vulnerability Reporting page
   ?action=createFromFilter&s[Platform%20Component]=true&s[SEVERITY]=CRITICAL_VULNERABILITY_SEVERITY&s[SEVERITY]=IMPORTANT_VULNERABILITY_SEVERITY&s[SEVERITY]=MODERATE_VULNERABILITY_SEVERITY&s[FIXABLE]=true&s[Cluster]="staging-secured-cluster"&s[Namespace]="stackrox"&s[Vulnerability%20State]=OBSERVED

2. Visit /main/vulnerabilities/user-workloads click Deployments, click a deployment link, select search filters, click Create report, and then click Create scheduled report

   EPSS progability greater or equal than: 90% Image CVE discovered time after Jan 01, 2026

   See query string in request payload
   query: "Platform Component:false+EPSS Probability:>=0.9+CVE Created Time:>01/01/2026+Vulnerability State:OBSERVED"

   See query string in view-based report without wrapInQuotes function call
   "Platform Component:false+Deployment ID:r/89a416b4-1135-4f4c-ba22-5b3b30f23d74+EPSS Probability:>=0.9+CVE Created Time:>01/01/2026"

   See query string in view-based report with wrapInQuotes function call
   query: "Platform Component:false+Deployment ID:\"89a416b4-1135-4f4c-ba22-5b3b30f23d74\"+EPSS Probability:>=0.9+CVE Created Time:>01/01/2026"

   See query string in address of Vulnerability Reporting page without wrapInQuotes function call
   ?action=createFromFilter&s[Platform%20Component]=false&s[Deployment%20ID]=89a416b4-1135-4f4c-ba22-5b3b30f23d74&s[EPSS%20Probability]=>%3D0.9&s[CVE%20Created%20Time]=>01%2F01%2F2026

   See query string in address of Vulnerability Reporting page without wrapInQuotes function call
   ?action=createFromFilter&s[Platform%20Component]=false&s[Deployment%20ID]="89a416b4-1135-4f4c-ba22-5b3b30f23d74"&s[EPSS%20Probability]=>%3D0.9&s[CVE%20Created%20Time]=>01%2F01%2F2026

3. Visit /main/vulnerabilities/all-images click Images, click an image link, select search filters, click Create report, and then click Create scheduled report

   Image component layer type: Base image Image component source: OS

   See query string in request payload
   "Platform Component:false+EPSS Probability:>=0.9+CVE Created Time:>01/01/2026+Vulnerability State:OBSERVED"

   See query string in view-based report
   query: "Platform Component:true,false,-+Image SHA:sha256:54de823e633ff29d46924d0a121e0896def54587ce9c84918ae71e7fa7245002+Component Layer Type:BASE_IMAGE+Component Source:OS+Vulnerability State:OBSERVED"

   See query string in address of Vulnerability Reporting page
   ?action=createFromFilter&s[Platform%20Component]=true&s[Platform%20Component]=false&s[Platform%20Component]=-&s[Image%20SHA]=sha256%3A54de823e633ff29d46924d0a121e0896def54587ce9c84918ae71e7fa7245002&s[Component%20Layer%20Type]=BASE_IMAGE&s[Component%20Source]=OS&s[Vulnerability%20State]=OBSERVED