Design Issue: Migrate Pipeline Security Tab to GraphQL
Summary
- Use GraphQL for fetching data and interactions on the pipeline security report
- Another goal is to share as many components as possible with the Vulnerability Report (Details Section, etc.)
- Some work has already been done and is currently deployed behind a feature flag:
::pipeline_security_dashboard_graphql
- These areas are in scope for this epic:
- Pipeline/Security Findings Listing
- Finding Modal content
- Finding Modal actions
Previous epic: &4969 (closed)
Listing
Screenshots
description | current | behind feature flag | notes |
---|---|---|---|
Overview | ![]() |
![]() |
|
Related issue | ![]() |
Not yet implemented | The vulnerability report has a column for this ("Activity") - I guess we should use the same approach here, but need to make sure with UX / Product |
Create related issue | ![]() |
Not yet implemented | where to put this action? |
Create related Jira issue | ![]() |
Not yet implemented |
|
Undo dismissal | ![]() |
Not yet implemented |
|
Filtered result empty state | ![]() |
![]() |
The current behavior is the same as the one behind the feature flag, however on the vulnerability report we see a more specific message |
Sorting | N/A | ![]() |
Sortable columns:
|
Tasks breakdown
description | frontend | backend | blocking for MVC |
---|---|---|---|
Sorting via the table headers is currently not working | #361152 (closed) | #360480 (closed) |
|
Status changes via batch-updates are throwing an error | #361161 (closed) | #360478 (closed) | yes |
Filtered result empty state | #362576 (closed) | N/A | ? |
Related issues | #362575 (closed) | TODO - investigate GraphQL data | Yes |
Filters GraphQL types | #362579 | #362578 (closed) | No |
Modal - static content
Screenshots
description | current | behind feature flag | notes |
---|---|---|---|
details section | ![]() |
![]() |
|
solution card | ![]() |
Not yet implemented | not yet implemented on FE and data missing (see #348282 (closed)) |
issue note | ![]() |
Not yet implemented | not yet implemented on FE and data missing (see #348282 (closed)) |
Tasks breakdown
description | frontend issue | backend issue | blocking for MVC |
---|---|---|---|
Find all missing fields | N/A | Yes | |
Define GraphQL schema to add missing fields | TODO | TODO | Yes |
Investigate on how to structure discussions / feedback comments (see point #4 (closed) of comment) | TODO - create issue | TODO - create issue | Yes |
Modal - actions
Screenshots
Tasks breakdown
description | frontend issue | backend | blocking for MVC |
---|---|---|---|
Dismiss finding | TODO - create issue: Add dismiss button to modal footer | #360478 (closed) | Yes |
Dismiss finding with comment | TODO - create issue: Add dismiss with comment button and view logic / inputs to capture comment | #360478 (closed) | Yes |
Investigate how many states we want to support for a pipeline finding (see point #5 (closed) of comment) | N/A | TODO - create issue to capture this | ? |
API Needs
Types
type | field(s) | added or changed | description | issue |
---|---|---|---|---|
PipelineSecurityReportFinding |
discussions |
added | This should be the same as on the Vulnerability type (extending the NoteableInterface ) |
Add `discussions` field to `PipelineSecurityRep... (#360621 - closed) |
Queries
query | field(s) | added or changed | description | issue |
---|
Mutations
mutation | field(s) | added or changed | description | issue |
---|
UX and Product Management
Questions for- "Hide dismissed" toggle will be replaced by status filter?
- Action buttons for each list item will be gone - how to create issue / jira issue
- Related issues for findings - where to show them ... see screenshots in comment