Remove the Security::PipelineVulnerabilitiesFinder class

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Why are we doing this work

The Security::PipelineVulnerabilitiesFinder class is downloading all the JSON artifacts for each request even if the client wants to load just a small subset of the findings reported by the analyzers for a pipeline. We've already introduced a different finder class called Security::FindingsFinder to download just the required JSON artifacts to prepare the response which has better performance and uses much less memory than the former.

In the scope of this issue;

1. We should extend the Security::FindingsFinder to support;
   • Filtering findings by state
   • vulnerability signatures This is already supported by FindingsFinder
2. We should remove the Security::PipelineVulnerabilitiesFinder and use only the Security::FindingsFinder

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing: Run E2E tests in the MR to make sure nothing is broken.

Implementation plan

There is already a draft MR to add filtering by state and scanner functionality to the FindingsFinder(!74434 (closed)). The MR is blocked because of the UUID migration ongoing as of writing. After that effort has been finished, we can keep working on that MR or use a similar approach.

• backend Add capability to filter findings by state in FindingsFinder
• backend Add finding_links to the returned finding data
• backend Replace occurrences of PipelineVulnerabilitiesFinder with Security::FindingsFinder
• backend Remove PipelineVulnerabilitiesFinder class