API endpoints for Group-level Security Dashboard
Create 2 API endpoints:
- list vulnerabilities (occurrences) at the group level
- get a summary of the vulnerabilities at the group level (AKA counts)
TODO
-
Split entities -
Add DB indexes -
Avoid N+1 queries when serializing vulnerability feedback as part of the vulnerability occurrence -
Validate response using JSON schema -
Implement proper feature check as discussed with @gonzoyumo -
Sort vulnerabilities in controller's index action -
Remove all debug code -
Factorize report types -
Make code Rubocop compliant -
Estimate expected amount of data (and growth over time). See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/7757#note_106574518.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
Tests added for this feature/bug -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
EE specific content should be in the top level /ee
folder -
For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan?
Edited by Kamil Trzciński (Back 2025-01-01)