Hide CVS enable/disable functionality behind feature flag
What does this MR do and why?
Hide CVS enable/disable functionality behind feature flag
- Added new global_dependency_scanning_on_advisory_ingestion flag
Changelog: changed
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
 |
 |
Truth table
| dependency_scanning_on_advisory_ingestion | global_dependency_scanning_on_advisory_ingestion | show toggle |
|---|---|---|
| t | t | no |
| f | f | no |
| t | f | yes |
| f | t | no |
How to set up and validate locally
-
Clone or import this repo https://gitlab.com/gitlab-org/govern/threat-insights-demos/frontend/security-reports -
After project creation locally, manually run a pipeline on master -
From the left nav, navigate from "Secure -> Security Congifuration" -
Scroll down to the Dependency Scanningsection -
Go through the feature flag changes -
In rail console toggle through the :dependency_scanning_on_advisory_ingestionand:global_dependency_scanning_on_advisory_ingestionflags from the truth table. -
Observe UI changes
Why 2 feature flags
The problem is that the first flag is to toggle the experimental feature on/off, while the second flag is to toggle a new feature on/off. We are gradually transitioning from experimental to GA (General availability) so the nuances were not able to be captured with a single flag.
This was necessary to follow the steps of graduating a feature from experiment -> generally available. For experiment, we added a feature flag that enabled a toggle for CVS in the project settings. For GA this became enabled by default, so we needed a separate flag for the global rollout.
We will remove both flags soon.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #428773 (closed)