Move reports logic for security reports to backend
This has been moved to &1425 (closed)
Problem to solve
The security reports support both the old job syntax (based on artifacts) and the new one (based on reports).
They are used in the MR widget, pipeline view, and project security dashboard.
The comparisons to extract diffs between base and head are still performed in the frontend code, and this is impacting performances. We should move this logic into the backend, and provide final results to the frontend, like junit reports do.
This will improve performances of page load, and will allow more flexibility.
NB: Backend parsing is already being done as part of storing vulnerabilities in the database which should be completed in %11.8. When every reports will be parsed on backend, we can start working on this. .
Further details
We should evaluate which are the prerequisites to start this refactoring. Since we already deprecated the old job syntax, and we want to remove it in the near future, it makes sense to wait until then so we can avoid double effort.
This step is a technical requirement before being able to do some changes like extending the json reports
Proposal
Create a new API to deliver reports content to frontend, using a ready to use and common json entity. Such entities already exist as part of the Group Security Dashboard and should be reused to provide the same structure everywhere and allow frontend to reuse standard components.
Though, as it has not yet been decided if every branches will leverage the DB storage, we may need to adapt this to non persisted records.
Reports will not be fetched by the frontend code anymore. Comparison between base and head will be done in the backend.
This should apply to:
- security reports in the MR widget
- security reports in the pipeline view
- project security dashboard