Feature flag rollout: malicious_vulnerability_filter_group and malicious_vulnerability_filter_project
Summary
Rollout issue for the malicious_vulnerability_filter_group and malicious_vulnerability_filter_project feature flags introduced in !228713 (merged).
These flags gate the malware filter argument on the vulnerabilities and vulnerabilitySeveritiesCount GraphQL queries. The filter uses Elasticsearch to query vulnerabilities by GLAM-* identifier prefix.
Feature flags
| Flag | Type | Scope | Default |
|---|---|---|---|
malicious_vulnerability_filter_group |
development | group | disabled |
malicious_vulnerability_filter_project |
development | project | disabled |
Both flags must be used in conjunction with the sscs_malware_detection WIP feature flag (which gates the SSCS add-on availability).
Rollout steps
Enable on staging
- Enable
malicious_vulnerability_filter_groupon staging - Enable
malicious_vulnerability_filter_projecton staging - Verify malware filter works on project and group vulnerability queries
- Verify severity counts with malware filter
Enable on production (percentage rollout)
- Enable for a specific group first
- Monitor for errors
- Gradually increase rollout percentage
- Enable globally
Cleanup
- Remove feature flags and make the filter always available (behind add-on check only)
- Remove
validate_malware!feature flag checks
Related
- Implementation MR: !228713 (merged)
- Parent issue: #587647
- Parent epic: gitlab-org#18456