Security Dashboard - Backend - Add filtering logic to SecurityMetricsResolver
What does this MR do and why?
References
This MR is dependent on the merging of !222845 (merged)
- Relevant Issue: #588777 (closed)
- Parent: gitlab-org#18201 (closed)
- Main Epic: gitlab-org#20046
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
- Open your rails console, and enable the feature flag:
Feature.enable(:new_security_dashboard_security_attribute_filters) - Run:
group = Group.find_by_full_path('gitlab-org') # or any group that has vulnerabilities and a sec dashboard.
attribute = Security::Attribute.find(1)
project = Project.find(22) # or any project with vulns
Security::ProjectToSecurityAttribute.find_or_create_by!(project_id: project.id, security_attribute_id: attribute.id) do |r|
r.traversal_ids = project.namespace.traversal_ids
end
- Go to http://gdk.test:3000/-/graphql-explorer and run:
With filter:
query {
group(fullPath: "gitlab-org") {
securityMetrics(
securityAttributesFilters: [
{ operator: IS_ONE_OF, attributes: ["gid://gitlab/Security::Attribute/1"] }
]
) {
vulnerabilitiesPerSeverity {
critical { meanAge }
high { meanAge }
}
}
}
}Without filter:
query {
group(fullPath: "gitlab-org") {
securityMetrics {
vulnerabilitiesPerSeverity {
critical { meanAge }
high { meanAge }
}
}
}
}The numbers in the results should be different from each other.
- Now run:
query {
group(fullPath: "gitlab-org") {
securityMetrics(
securityAttributesFilters: [
{ operator: IS_NOT_ONE_OF, attributes: ["gid://gitlab/Security::Attribute/1"] }
]
) {
vulnerabilitiesPerSeverity {
critical { meanAge }
high { meanAge }
}
}
}
}The result should be different than the result we saw when using IS_ONE_OF
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Charlie Kroon