Use Elasticsearch for all Vulnerability Report filtering and grouping when ES is available

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Why are we doing this work

Phase 1 of Vulnerability Management utilizing ElasticSearch (&13510 - closed) included using Elasticsearch for filtering and grouping only when Identifier and OWASP 2021 are used. The API auto-selects the datasource (PG or ES) based on the inclusion of these specific query fields.

This issue tracks changing the data resolver to use Elasticsearch aways, when it's available to the instance and the accessAdvancedVulnerabilityManagement ability feature flag is enabled.

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

For both Project and Group Vulnerability Reports

1. backend Update GraphQL resolver for project.vulnerabilitySeverityCount and group.vulnerabilitySeverityCount to use Elasticsearch as the datasource when ES is available and accessAdvancedVulnerabilityManagement is enabled.
2. backend For both APIs, dd a new response field useFullSeverityCounts:bool when the condition above exists.
3. frontend When useFullSeverityCounts is true, the frontend will display the full, not-fuzzy counts.

Verification steps