Add affected projects feature to instance security dashboard
Problem to solve
As a Security professional, I want to log into GitLab and see the security status of my projects. From there, I want to be able to figure out what is more important (based on its impact value) and take actions.
Intended users
Proposal
In https://gitlab.com/gitlab-org/gitlab-ee/issues/6953, we are adding an instance level security dashboard. It will ultimately mirror the features of the group security dashboard, but initially we are leaving the affected projects feature out to limit the size of the issue.
This issue is for extracting whatever code can be reused from the affected projects feature on the group security dashboard and implementing the feature for the instance security dashboard.
Permissions and Security
Anyone who can access the instance security dashboard can access this feature.
Documentation
Note that this feature exists on https://docs.gitlab.com/ee/user/application_security/security_dashboard/. Since this feature will be completed after https://gitlab.com/gitlab-org/gitlab-ee/issues/6953, there should be a section on the instance security dashboard where we can add that note.
What does success look like, and how can we measure that?
Number of users that access the instance security dashboard.
What is the type of buyer?
Links / references
Currently blocked by #11190 (closed).
Implementation Plan
-
backend -
Extract reusable logic from the affected projects feature of the group security dashboard. See MRs linked to https://gitlab.com/gitlab-org/gitlab-ee/issues/11190 for details -
Add an endpoint for fetching affected projects for the instance security dashboard
-
-
frontend -
Add the affected projects widget to the instance security dashboard. Reuse the one from the group security dashboard if possible
-