Merge branch 'fix_vulns_scoping_on_dasbhoard' into 'master'

Fix scoping vulns on group dashboard

See merge request gitlab-org/gitlab-ee!8284

ee/app/models/ee/ci/pipeline.rb

@@ -25,6 +25,10 @@ module EE
           where('EXISTS (?)', ::Ci::Build.latest.with_security_reports.where('ci_pipelines.id=ci_builds.commit_id').select(1))
         end
 
+        scope :with_vulnerabilities, -> do
+          where('EXISTS (?)', ::Vulnerabilities::OccurrencePipeline.where('ci_pipelines.id=vulnerability_occurrence_pipelines.pipeline_id').select(1))
+        end
+
         # This structure describes feature levels
         # to access the file types for given reports
         REPORT_LICENSED_FEATURES = {

ee/app/models/ee/group.rb

@@ -84,7 +84,7 @@ module EE
 
     def latest_vulnerabilities
       Vulnerabilities::Occurrence
-        .for_pipelines(all_pipelines.latest_successful_ids_per_project)
+        .for_pipelines(all_pipelines.with_vulnerabilities.latest_successful_ids_per_project)
     end
 
     def human_ldap_access

ee/spec/models/ci/pipeline_spec.rb

@@ -40,6 +40,21 @@ describe Ci::Pipeline do
     end
   end
 
+  describe '#with_vulnerabilities scope' do
+    let!(:pipeline_1) { create(:ci_pipeline_without_jobs, project: project) }
+    let!(:pipeline_2) { create(:ci_pipeline_without_jobs, project: project) }
+    let!(:pipeline_3) { create(:ci_pipeline_without_jobs, project: project) }
+
+    before do
+      create(:vulnerabilities_occurrence, pipelines: [pipeline_1], project: pipeline.project)
+      create(:vulnerabilities_occurrence, pipelines: [pipeline_2], project: pipeline.project)
+    end
+
+    it "returns pipeline with vulnerabilities" do
+      expect(described_class.with_vulnerabilities).to contain_exactly(pipeline_1, pipeline_2)
+    end
+  end
+
   shared_examples 'unlicensed report type' do
     context 'when there is no licensed feature for artifact file type' do
       it 'returns the artifact' do