Deprecate project.pipeline.securityReportFindings in favor of project.pipeline.vulnerabilities

Why are we doing this work

This issue is to deprecate the project.pipeline.securityReportFindings query in favor of project.pipeline.vulnerabilities. This will follow the Deprecation and Removal process.

Relevant links

• Replacement query issue

Non-functional requirements

• Documentation: Update documentation
• Testing: Remove tests

Implementation plan

This will follow the Deprecation and Removal process.

• backend Mark project.pipeline.securityReportFindings query as deprecated in the schema
• backend Announce removal in Deprecations section
• backend Remove project.pipeline.securityReportFindings query Removal issue

added to epic &6932 (closed)

changed milestone to %Backlog

added Category:Vulnerability Management GitLab Core GitLab Premium GitLab Ultimate backend devopssecure frontend groupthreat insights maintenancerefactor sectionsec typefeature workflowsolution validation labels

mentioned in issue #343469 (closed)

changed the description

removed frontend label

added blocked typemaintenance workflowblocked labels and removed workflowsolution validation label

set weight to 1

marked this issue as related to #343469 (closed)

marked this issue as related to #343482 (closed)

removed typefeature label

@jschafer is this related or similar to Deprecate PipelineSecurityReportFinding name Gr... (#346335 - closed) or Remove `projectFingerprint` from `PipelineSecur... (#349013)? If so, I was thinking about rolling all 3 issues into a single deprecation notice as I'm not sure 3 individual notices are needed here.

@matt_wilson I would say related but not necessarily similar. That said, I think it would make sense to put them all be in the same notice.

@jschafer MR for deprecation notice. Also, I believe a removal issue will (eventually) be needed if the intent is to actually remove this functionality. I made that assumption in the deprecation notice for this but please correct me if that's not right.

@matt_wilson you assumed correctly. I'll create a removal issue.

Removal issue

mentioned in merge request !89285 (merged)

marked this issue as related to #364567 (closed)

mentioned in issue #364567 (closed)

changed the description

removed the relation with #364567 (closed)

marked this issue as related to #364567 (closed)

added devopsgovern label and removed devopssecure label

@matt_wilson We are working to coordinate the 16.0 major release rollout on GitLab.com. In order to keep customer impact minimal, it would be ideal to deploy the breaking changes behind feature flags.

This will allow us to decouple feature deployment from feature activation on GitLab.com and thus announce a more accurate time period when breaking changes go live.

We currently don't have the information if this feature can be deployed behind a feature flag. Please add that information (if there is a feature flag and how is it called) here.

For more information refer to this issue

@swiskow for visibility

This is an automated message.