Implement limited count for vulnerability severity counts
What does this MR do and why?
-
Adds
limitedVulnerabilitySeverityCounts
field toproject
,groups
andinstanceSecurityDashboard
GraphQL API. -
We have performance concerns doing full count operation so limiting the counting operation on DB to 1001 records for each severity type. For context see discussion #432715 (comment 1742125731)
-
Aim is to use the new GraphQL API on the UI. UI work is tracked in #463387.
Related to #438303
Database
Default dashboard report filter
API | Before (vulnerabilitySeveritiesCount) | After (limitedVulnerabilitySeverityCounts) |
---|---|---|
Project | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89483 | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89485 |
Group | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89487 | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89491 |
Instance security dashboard | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89468 | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89481 |
Another filter
API | Before (vulnerabilitySeveritiesCount) | After (limitedVulnerabilitySeverityCounts) |
---|---|---|
Project | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89498 | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89500 |
Group | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89496 | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89494 |
Instance security dashboard | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89502 | https://console.postgres.ai/gitlab/gitlab-production-main/sessions/28708/commands/89504 |
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
vulnerabilitySeveritiesCount | limitedVulnerabilitySeverityCounts |
---|---|
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
How to set up and validate locally
- Import project from https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/438303-limit-vulnerabiility-severity-counts into local and run the pipeline on the main branch. This will populate the vulnerabilities, this project has 1100 vulnerabilities (
low: 1045
andcritical: 55
). - Run the GraphQL queries for
project.limitedVulnerabilitySeveritycounts
,group.limitedVulnerabilitySeveritycounts
andinstanceSecurityDashboard.limitedVulnerabilitySeveritycounts
and we should observe that maximum count returned does not exceed 1001 as shown in screenshots above.
query {
project(fullPath: "bala-test-group/438303-limit-vulnerabiility-severity-counts") {
limitedVulnerabilitySeverityCounts(state: [DETECTED]) {
critical
high
info
low
medium
unknown
}
}
}
query {
group(fullPath: "bala-test-group") {
limitedVulnerabilitySeverityCounts(state: [DETECTED]) {
critical
high
info
low
medium
unknown
}
}
}
query {
instanceSecurityDashboard {
limitedVulnerabilitySeverityCounts(state: [DETECTED]) {
critical
high
info
low
medium
unknown
}
}
}
Related to #438303
Edited by Bala Kumar