[Feature flag] Use GraphQL vulnerability list on pipeline security tab
What
Currently, there are two components that show a vulnerability list with filters: a Vuex version used on the pipeline security tab, and a GraphQL version used on the vulnerability report page:
Vuex version on pipeline security tab | GraphQL version on vulnerability report page |
---|---|
The Vuex version is no longer in development and all active work is being done on the GraphQL version. As such, we are replacing the Vuex version with the GraphQL version in #300753 (closed). This temporary feature flag is so that we can develop the feature in pieces and test it on live before enabling it for all users.
Owners
- Team: Threat Insights
- Most appropriate slack channel to reach out to:
#g_secure_threat_insights
- Best individual to reach out to: @dftian
Expectations
What are we expecting to happen?
The pipeline security tab will show the newer GraphQL vulnerability list instead of the older Vuex version.
What might happen if this goes wrong?
The pipeline security tab will not show any vulnerabilities.
What can we monitor to detect problems with this?
N/A
Beta groups/projects
If applicable, any groups/projects that are happy to have this feature turned on early. Some organizations may wish to test big changes they are interested in with a small subset of users ahead of time for example.
- TBD
Roll Out Steps
-
Enable on staging ( /chatops run feature set pipeline_security_dashboard_graphql true --staging
) -
Test on staging -
Ensure that documentation has been updated -
Enable on GitLab.com for individual groups/projects listed above and verify behaviour ( /chatops run feature set --project=gitlab-org/gitlab pipeline_security_dashboard_graphql true
) -
Coordinate a time to enable the flag with the SRE oncall and release managers - In
#production
mention@sre-oncall
and@release-managers
. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
- In
-
Announce on the issue an estimated time this will be enabled on GitLab.com -
Enable on GitLab.com by running chatops command in #production
(/chatops run feature set pipeline_security_dashboard_graphql true
) -
Cross post chatops Slack command to #support_gitlab-com
(more guidance when this is necessary in the dev docs) and in your team channel -
Announce on the issue that the flag has been enabled -
Remove feature flag and add changelog entry -
After the flag removal is deployed, clean up the feature flag by running chatops command in #production
channel
Rollback Steps
-
This feature can be disabled by running the following Chatops command:
/chatops run feature set --project=gitlab-org/gitlab pipeline_security_dashboard_graphql false
Implementation plan
-
frontend ee/app/assets/javascripts/security_dashboard/components/pipeline_security_dashboard.vue
is responsible for mounting the dashboard. We can follow the same pattern that we did in other security dashboards and create apipeline_security_dashboard_vulnerabilities.vue
file which will be responsible for loading the vulnerabilities and displaying them through thevulnerability_list.vue
component. An example is thefirst_class_group_security_dashboard
. Make sure to develop this behind the feature flag -
frontend Add specs -
frontend Update documentation