[Feature flag] Use GraphQL vulnerability list on pipeline security tab

What

Currently, there are two components that show a vulnerability list with filters: a Vuex version used on the pipeline security tab, and a GraphQL version used on the vulnerability report page:

Vuex version on pipeline security tab GraphQL version on vulnerability report page
ksnip_20210201-234752 ksnip_20210201-234631

The Vuex version is no longer in development and all active work is being done on the GraphQL version. As such, we are replacing the Vuex version with the GraphQL version in #300753 (closed). This temporary feature flag is so that we can develop the feature in pieces and test it on live before enabling it for all users.

Owners

  • Team: Threat Insights
  • Most appropriate slack channel to reach out to: #g_secure_threat_insights
  • Best individual to reach out to: @dftian

Expectations

What are we expecting to happen?

The pipeline security tab will show the newer GraphQL vulnerability list instead of the older Vuex version.

What might happen if this goes wrong?

The pipeline security tab will not show any vulnerabilities.

What can we monitor to detect problems with this?

N/A

Beta groups/projects

If applicable, any groups/projects that are happy to have this feature turned on early. Some organizations may wish to test big changes they are interested in with a small subset of users ahead of time for example.

  • TBD

Roll Out Steps

  • Enable on staging (/chatops run feature set pipeline_security_dashboard_graphql true --staging)
  • Test on staging
  • Ensure that documentation has been updated
  • Enable on GitLab.com for individual groups/projects listed above and verify behaviour (/chatops run feature set --project=gitlab-org/gitlab pipeline_security_dashboard_graphql true)
  • Coordinate a time to enable the flag with the SRE oncall and release managers
    • In #production mention @sre-oncall and @release-managers. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
  • Announce on the issue an estimated time this will be enabled on GitLab.com
  • Enable on GitLab.com by running chatops command in #production (/chatops run feature set pipeline_security_dashboard_graphql true)
  • Cross post chatops Slack command to #support_gitlab-com (more guidance when this is necessary in the dev docs) and in your team channel
  • Announce on the issue that the flag has been enabled
  • Remove feature flag and add changelog entry
  • After the flag removal is deployed, clean up the feature flag by running chatops command in #production channel

Rollback Steps

  • This feature can be disabled by running the following Chatops command:
/chatops run feature set --project=gitlab-org/gitlab pipeline_security_dashboard_graphql false

Implementation plan

  • frontend ee/app/assets/javascripts/security_dashboard/components/pipeline_security_dashboard.vue is responsible for mounting the dashboard. We can follow the same pattern that we did in other security dashboards and create a pipeline_security_dashboard_vulnerabilities.vue file which will be responsible for loading the vulnerabilities and displaying them through the vulnerability_list.vue component. An example is the first_class_group_security_dashboard. Make sure to develop this behind the feature flag
  • frontend Add specs
  • frontend Update documentation
Edited by Daniel Tian