Host details page: software vulnerability severity filters

[noahtalerman]

Goal

User story
As an IT admin on the Host details page,
I want to filter a host's software by vulnerability data (vulnerable: yes/no, severity, and known exploit)
so that I can see which software installed has critical vulnerabilities.

Objective

Customer promises + renewal requests

Original request

• 21438

Context

• Product designer: @randy-fleet

Changes

Add severity vulnerability filters to Host details > Software experience. Reusing existing "Add filters" from All Software page to be consistent.

Product

• [x] UI changes: Figma
• [x] CLI (fleetctl) usage changes: No changes
• [x] YAML changes: No changes
• [x] REST API changes: PR
• [x] Fleet's agent (fleetd) changes: NA
• [x] Activity changes: NA
• [x] Permissions changes: No changes
• [x] Changes to paid features or tiers: No changes
• [x] Other reference documentation changes: No changes
• [ ] Once shipped, requester has been notified

Engineering

• [ ] Feature guide changes: Check if there is an existing guide to update
• [x] Database schema migrations: no need
• [x] Load testing: no need
• [ ] Frontend - implement as in Figma
• [ ] Backend - implement the API change as in the above PR
• [ ] Test-plan - To be created by the DRI engineer and approved by QA person

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: TODO
• Risk level: Low / High TODO
• Risk description: TODO

Manual testing steps

1. Step 1
2. Step 2
3. Step 3

Testing notes

Confirmation

1. [ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
2. [ ] QA (@____): Added comment to user story confirming successful completion of QA.

[noahtalerman]

Hey @harrisonravazzolo, @zayhanlon, and @dherder we peeled this user story off of this customer request and brought the story into the design sprint.

@randy-fleet I assigned this one to you since you have some open capacity.

I think this one is real quick. Might not even need to go through design review. I think we can just add a screenshots of the existing "Add filters" experience on the Software page (if it works), fill out the TODOs in the product section (or ask for engineering to help) and we're good to go:

[randy-fleet]

@noahtalerman Because we're skipping design review on this, can you review async? I'm reusing the "Add filters" experience from the Software page, but I'm also suggesting two additional small changes:

• Removing the existing Vulnerable software filter
• Adding vulnerabilities column to software list to provide the necessary context

[sharon-fdm]

Estimations - BE: 5 FE: 5

[noahtalerman]

Hey @zayhanlon heads up, this user story didn't make it into the upcoming engineering sprint due to capacity.

It's still prioritized. We left it on the drafting board so that it can be pulled into the next engineering sprint.