Only load MR security widget findings after clicking "Expand"
Summary
During an investigation to instrument the MR security widget for metrics gathering, it was discovered that the full findings details are retrieved when loading the MR page. This is inefficient as the security widget starts collapsed, displaying only a summary count of vulnerabilities. It is only when the user clicks Expand
does the widget show the findings.
- We retrieve ALL finding objects even when the tab is not expanded. We just need the counts initially. The findings should be loaded after the tab is expanded (we could create an issue off this).
- The
container_scanner_reports
request takes more than 2 seconds to complete for that particular MR. The return data is so big that the Inspection Tool cannot even display it (see the "Request content was evicted from inspector cache" note).
Just as a comparison, the following image shows the longest requests in the MR page:
Improvements
- On MR page load, fetch total counts only (widget collapsed)
- On clicking
Expand
, fetch finding data for each scanner, independently
The intent of the second improvement is to split up the fetching into smaller pieces. Currently all findings for all scanners are fetched at once. Retrieving each scanner's results separately will allow for progressive loading and potentially let the user see content faster. It will also make it easier to paginate results for any scanners which have a large number of results (pagination is not in scope here but an idea being considered).
Risks
Involved components
Optional: Intended side effects
Optional: Missing test coverage
Implementation Plan
-
backend Change the container_scanner_reports
endpoint to accept a flag which tells the backend to return only the counts instead of full list of findings. -
frontend Use the above mentioned endpoint when the Widget is not expanded (the default state) and retrieve the finding objects only when the Expand
button is clicked.