Group security dashboard vulnerability history endpoint timing out
Summary
On the gitlab-org
group security dashboard, the vulnerability history endpoint times out. It is likely that this occurs in any large group.
Sentry issue: https://sentry.gitlab.net/gitlab/gitlabcom/issues/1171657
Steps to reproduce
- Go to https://gitlab.com/groups/gitlab-org/-/security/dashboard
- See that the history chart never fills with data
- If you reload the page with your browser's dev tools open to the Network tab, you'll see that the history endpoint responds with a 500
Proposed fix
Replace the vulnerability findings history endpoint with new vulnerabilities history GraphQL data.
Old but possibly still relevant note: We've previously tried to address this issue by caching the endpoint: #11693 (closed). It's possible the caching functionality has broken or has become insufficient as the number of projects reporting vulnerabilities has grown.
GraphQL schema
query {
group(fullPath: "my-group") {
vulnerabilities {
history(daysAgo: 30) {
nodes {
date
summary {
critical
high
medium
low
info
undefined
unknown
}
}
}
}
}
}
Development plan
-
backend Add a method for getting history to Vulnerability
!27052 (merged) -
backend Add a GraphQL type to represent vulnerability history and add it to VulnerabilityType
collections
Links
1st class vulnerabilities: #13561 (closed)
Other issues that will be resolved by the proposed fix:
#9069 (closed)
#9237 (closed)
Edited by Avielle Wolfe