Remove the `Security::PipelineVulnerabilitiesFinder` class
Why are we doing this work
The Security::PipelineVulnerabilitiesFinder
class is downloading all the JSON artifacts for each request even if the client wants to load just a small subset of the findings reported by the analyzers for a pipeline. We've already introduced a different finder class called Security::FindingsFinder
to download just the required JSON artifacts to prepare the response which has better performance and uses much less memory than the former.
In the scope of this issue;
- We should extend the
Security::FindingsFinder
to support;- Filtering findings by
state
-
vulnerability signaturesThis is already supported byFindingsFinder
- Filtering findings by
- We should remove the
Security::PipelineVulnerabilitiesFinder
and use only theSecurity::FindingsFinder
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: Run E2E tests in the MR to make sure nothing is broken.
Implementation plan
There is already a draft MR to add filtering by state
and scanner
functionality to the FindingsFinder
(!74434 (closed)). The MR is blocked because of the UUID migration ongoing as of writing. After that effort has been finished, we can keep working on that MR or use a similar approach.
-
backend Add capability to filter findings by state
in FindingsFinder -
backend Add finding_links
to the returned finding data -
backend Replace occurrences of PipelineVulnerabilitiesFinder
withSecurity::FindingsFinder
-
backend Remove PipelineVulnerabilitiesFinder
class