ROX-34629: Interpret CVE Created Time on create report from filters

[pedrottimark]

Description

Objective

Provide equivalent filter for schduled reports as view-based reports

Problem

Inconsistent time filter:

• Results search filter 'CVE Created Time' also known as First discovered table heading means in entire system and has relations

  • Before <
  • On =
  • After >

• Report configuration option sinceStartDate means in image and has relation after.

Although search filter seems unlikely to help directly, if it has After relation, then is seems helpful to initialize sinceStartDate property on.

Analysis

1. ImageVulnerabilityReportWizardPage.tsx file already filters the search filter (pardon pun).

   • resourceScope.entityScope.rules

     getEntityScopeRulesFromSearchFilterForClusterNamespaceDeployment function

   • query

     getSearchFilterWithoutEntityScope function

2. Unlike 2 existing functions are in entityScopeRules.ts file, this is specific to vulnerabioities.

3. Date format:

   • 'CVE Created Time' has mm/dd/yyyy
   • sinceStartDate has yyyy=mm-dd

This edge case was last blocker for Create scheduled report action.

Solution

1. Edit ImageVulnerabilityReportWizardPage.ts file.

   Because both negative and positive side to the coin, include inline.

   Even though, it seens not specific to image vulnerability report configurations.

   • Negative: delete from searchFilterWithoutEntityScope before getRequestQueryStringForSearchFilter call.
   • Positive: if > then assign vulnReportFilters.sinceStartDate property.

2. Edit CreateReportDropdown.tsx file.

   • Remove featureFlagDependency property.

3. Edit featureFlag.ts file.

   • Delete last occurrence of 'ROX_VULNERABILITY_REPORTS_ENHANCED_FILTERING' in ui code.

     What we need to do, although my misunderstanding that central code does use feature flag.

Residue

1. Fix bug found (again, now that I think of it) in testing step 2.

User-facing documentation

• CHANGELOG.md* update is not needed
• documentation PR is not needed

Testing and quality

• the change is production ready: the change is GA
• CI results are inspected

Automated testing

• added unit tests
• added e2e tests
• added regression tests
• added compatibility tests
• modified existing tests

How I validated my change

1. npm run tsc in ui/apps/platform folder.
2. npm run lint:fast-dev in ui/apps/platform folder.
3. npm run start in ui/apps/platform folder with staging demo as central.

Manual testing

1. Visit /main/vulnerabilities/platform select search filters, click Create report click Create scheduled report
   

   And then advance to Filters step of wizard

   Without changes, see All time and presence of label for inconsistency search criterion
   Note: 1/1/2026 but other pictures have 1/2/2026 because I needed make sure about dd and mm for code.
   

   With changes, see Custom start date and absence of label
   

2. Repeat with On as relationship.

   Apparent bug (probably my bad from CISA KEV effort) that compound search filter ignores it.

3. Repeat with Before as relationship.

   With changes, see All time and absence of label

[github-actions]

🚀 Build Images Ready

Images are ready for commit 4f78a5a. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.11.x-913-g4f78a5a7d6