Skip to content

Integrate frontend with GraphQL APIs for Vulnerability reports identifiers filtering

Why are we doing this work

frontend issue to integrate new GraphQL queries that are backed by Elasticsearch.

This issue specifically tracks Filter by Identifier

Relevant links

This is 1 of 2 parts of the MVC Scope to enable Elasticsearch for Vulnerability Records. The other is Group by OWASP 2021.

backend issue Vulnerabilities GraphQL API for identifier name... (#532695 - closed)

Functional requirements

This is a verification only issue. The backend will automatically switch between Postgres and Elasticsearch based on availability and feature flag state.

  1. Filter by Identifier should work functionally identical = when Elasticsearch is available.
  2. Filter by Identifier is currently restricted to 20K results. This limitation is removed when Elasticsearch is available.

Non-functional requirements

Outstanding Questions

  1. Does scope include the Security Center page?
  2. Is multi-version compatibility a risk? https://docs.gitlab.com/development/fe_guide/graphql/#working-on-graphql-based-features-when-frontend-and-backend-are-not-in-sync

Implementation plan

Verification steps

  1. For both Project and Group vulnerability reports.
  2. Follow steps at !188597 (merged) to get Elasticsearch set up locally.
  3. Toggle Feature.enable(:advanced_vulnerability_management) to test between Postgres and ES data source.
    1. Severity Counts - VulnerabilitySeveritiesCount GraphQL API for id... (#534633 - closed)
    2. Filter bar - Identifier search VulnerabilityIdentifierSearch GraphQL API for i... (#534634 - closed)
    3. Vulnerability List - Vulnerabilities GraphQL API for identifier name... (#532695 - closed)
Edited by Neil McCorrison