[Backend] Phase 1 validation

Purpose

The purpose of this issue is to plan and track the testing and validation of features and behaviors related to the Security inventory.

Namespace Statistics

• Running a default branch pipeline with security findings affects project's ancestors correctly.
  • For a project and a group without vulnerabilities.
  • For a project without and a group with vulnerabilities.
  • For a project and a group with vulnerabilities.
• Adding vulnerability manually affects project's ancestors counters.
• Dismissing a vulnerability affects project's ancestors counters.
• Manually resolving a vulnerability affects project's ancestors counters.
• Auto resolving a vulnerability affects project's ancestors counters.
• Changing state back to detected affects project's ancestors counters.
• Overriding vulnerability severity affects project's ancestors' counters.
• Moving a project:
  • Affects old project's ancestors' counters.
  • Affects new project's ancestors' counters.
• Archiving a project:
  • Affects the project's ancestors' counters.
• Unarchiving a project:
  • Affects the project's ancestors' counters.
• Deleting a project:
  • Affects the project's ancestors' counters.
• Moving a group:
  • Up (shorter length traversal_ids):
    • Affects group's records traversal_ids.
    • Affects old ancestors' counters.
    • Affects new ancestors' counters.
  • Down (longer length traversal_ids):
    • Affects group's records traversal_ids.
    • Affects old ancestors' counters.
    • Affects new ancestors' counters.
  • Sideways (same length traversal_ids):
    • Affects group's records traversal_ids.
    • Affects old ancestors' counters.
    • Affects new ancestors' counters.
• Deleting a group:
  • Affects old ancestors counters.
  • Affects new ancestors counters.

Project Level Analyzer Statuses

• Running a default branch pipeline with analyzers updates the analyzer statuses correctly:
  • For a project and a group without configured analyzers.
  • For a project without and a group with configured analyzers.
  • For a project and a group with configured analyzers.
• Having SAST and GLAS creates different records.
• Removing an analyzer changes its status to not_configured.
• Running a new pipeline with the same analyzers updates the last_scan and build_id.
• Re-running a job updates the last_scan and build_id.
• Moving a project:
  • Updates the project's statuses traversal_ids.
• Archiving a project:
  • Sets the statuses to archived.
• Unarchiving a project:
  • Restores the statuses from archived.

Group Level Analyzer Statuses

• Running a default branch pipeline with analyzers affects project's ancestors correctly:
  • For project and group without configured analyzers.
  • For project without and group with configured analyzers.
  • For project and group with configured analyzers.
• Having SAST and GLAS creates different records for project's ancestors.
• Removing an analyzer changes its ancestors correctly.
• Moving a project:
  • Affects the project's ancestors' statuses.
• Archiving a project:
  • Affects the project's ancestors' statuses.
• Unarchiving a project:
  • Affects the project's ancestors' statuses.
• Deleting a project:
  • Affects old project's ancestors' statuses.
• Moving a group:
  • Up (shorter length traversal_ids):
    • Affects group's records traversal_ids.
    • Affects old ancestors' counters.
    • Affects new ancestors' counters.
  • Down (longer length traversal_ids):
    • Affects group's records traversal_ids.
    • Affects old ancestors' counters.
    • Affects new ancestors' counters.
  • Sideways (same length traversal_ids):
    • Affects group's records traversal_ids.
    • Affects old ancestors' counters.
    • Affects new ancestors' counters.
• Deleting a group:
  • Affects old ancestors' statuses.
  • Affects new ancestors' statuses.