Skip to content

fix(findings): include all enabled frameworks in overview filter dropdown#3208

Merged
tofikwest merged 2 commits into
mainfrom
tofik/bug-unable-to-filter-on
Jun 19, 2026
Merged

fix(findings): include all enabled frameworks in overview filter dropdown#3208
tofikwest merged 2 commits into
mainfrom
tofik/bug-unable-to-filter-on

Conversation

@tofikwest

@tofikwest tofikwest commented Jun 19, 2026
edited by cubic-dev-ai Bot
Loading

Copy link
Copy Markdown
Contributor

Problem

Users can only filter by SOC2 and ISO27001 in the Overview > Findings view, even when their org has other frameworks enabled like ISO42001 or HIPAA. This blocks them from seeing findings specific to those frameworks.

Root cause

FindingsTab.tsx hardcodes the framework filter options to [all, soc2, iso27001] instead of deriving them from the org's actual enabled frameworks. The CreateFindingSheet on the same page does this correctly via the /v1/frameworks endpoint and extractOrgFrameworkTypes(), but the filter dropdown never got that fix.

Fix

Apply the same pattern from CreateFindingSheet to FindingsTab: fetch enabled frameworks at component load and use those to populate the filter dropdown. The client-side filter logic and FindingType enum already support all 7 framework types, so this is just surfacing what's already wired.

Explicitly NOT touched

Finding creation flow (already works correctly). The filter behavior when no frameworks are enabled (edge case, won't happen in practice).

Verification

✅ org_69d943ca3fbbf2c473e97b0a now shows ISO42001 in the framework filter after enabling it
✅ findings correctly filter when selecting non-SOC2/ISO27001 frameworks
✅ hardcoded filter list replaced with dynamic org config
✅ no regression on existing SOC2/ISO27001 filtering

Summary by cubic

Fixes the Overview > Findings framework filter so it shows all frameworks enabled for the org, not just SOC 2 and ISO 27001. Users can now filter findings for ISO 42001, HIPAA, GDPR, etc. (addresses CS-554).

  • Bug Fixes
    • Build filter options from /v1/frameworks?includeScores=false via useApiSWR and extractOrgFrameworkTypes; remove hardcoded list.
    • Use FINDING_TYPE_LABELS for labels with an "All frameworks" default.
    • Add targeted tests for mixed-framework orgs and ensure non-enabled frameworks are not shown.

Written for commit 20f4de9. Summary will update on new commits.

Review in cubic

@tofikwest
fix(findings): include all enabled frameworks in overview filter drop…
10c9c1b 
…down

## Problem
Users can only filter by SOC2 and ISO27001 in the Overview > Findings view, even when their org has other frameworks enabled like ISO42001 or HIPAA. This blocks them from seeing findings specific to those frameworks.

## Root cause
FindingsTab.tsx hardcodes the framework filter options to [all, soc2, iso27001] instead of deriving them from the org's actual enabled frameworks. The CreateFindingSheet on the same page does this correctly via the /v1/frameworks endpoint and extractOrgFrameworkTypes(), but the filter dropdown never got that fix.

## Fix
Apply the same pattern from CreateFindingSheet to FindingsTab: fetch enabled frameworks at component load and use those to populate the filter dropdown. The client-side filter logic and FindingType enum already support all 7 framework types, so this is just surfacing what's already wired.

## Explicitly NOT touched
Finding creation flow (already works correctly). The filter behavior when no frameworks are enabled (edge case, won't happen in practice).

## Verification
✅ org_69d943ca3fbbf2c473e97b0a now shows ISO42001 in the framework filter after enabling it
✅ findings correctly filter when selecting non-SOC2/ISO27001 frameworks
✅ hardcoded filter list replaced with dynamic org config
✅ no regression on existing SOC2/ISO27001 filtering
@vercel

vercel Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
app Ready Ready Preview, Comment Jun 19, 2026 8:30pm
comp-framework-editor Ready Ready Preview, Comment Jun 19, 2026 8:30pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
portal Skipped Skipped Jun 19, 2026 8:30pm

Request Review

@vercel vercel Bot temporarily deployed to Preview – portal June 19, 2026 20:03 Inactive
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Jun 19, 2026
View reviewed changes

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@vercel vercel Bot temporarily deployed to Preview – portal June 19, 2026 20:26 Inactive
@tofikwest tofikwest merged commit f28bcef into main Jun 19, 2026
9 of 10 checks passed
@tofikwest tofikwest deleted the tofik/bug-unable-to-filter-on branch June 19, 2026 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tofikwest