Resolve broken Group Security Dashboard on gitlab.com
Problem to solve
As part of
11.11.0-rc1 QA we've found a blocking bug and created a corresponding bug issue. Though we failed at raising that to all necessary stakeholders and the RC1 went on production. As a result, the bug is now present on gitlab.com.
Also, a related regression is affecting the Group dashboard for Container Scanning and DAST vulnerabilities. This is breaking the group dashboard unless you're filtering by report type to exclude these kinds of reports (to be confirmed).
This also put the light on the fact that the
parse_container_scanning_reports feature flag is still disabled on production. This feature flag prevents vulnerabilities from Container Scanning" reports being stored and shown in the Group Dashboard.
As a result, only the presence of DAST issues might break the Group Dashboard on gitlab.com
- Merge the fix for duplicated vulnerabilities: !12284 (merged)
- Merge the fix for vulnerabilities with empty location (DAST and Container Scanning): !12342 (merged) and !12418 (merged)
- After the fix are deployed on production: enable feature flag for Container Scanning:
/chatops run feature set parse_container_scanning_reports true
- Figure out what is the correct process to block RC deployment to production when such blocking bug is found during QA: see discussion in gitlab-org/release/framework#319