Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Protect Stage / 18 May 2020
GitLab / Protect Stage / 18 May 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Vulnerabilities Over Time

Description

Demo for the https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32301

A

Alright, so in this video I'm gonna talk about the vulnerabilities overtime component that I recently added to the security dashboards. So it's basically this one, it's a chart which displays the vulnerabilities over time just to give some context before this chart was already here in this security dashboard. But lately, when we migrated to graph two out, we left it out because it was not ready. It was not yet backed by the same depth, data that we were using now in the see, huge dashboards and, and then this situation, where we're basically be adding it.

A

So this chart is visible under the security dashboard which can be located under more security. So this is the instance level security dashboard. Otherwise you can also find this in the group level secure dashboard.

A

In order to view these bad dashboards, you will need to have an enterprise license. That being said so the chart it looks exactly the same. It was before. I haven't touched the design part, but the implementation is completely changed so, instead of using the REST API and fetching the data from from any from from from a rest standpoint and storing the data in the burette store, we are using graphical here, so we're making a call and we are displaying it this data from the directly from graphical.

A

There are a couple of changes: minor changes behind the scenes, so, first of all, in the present of implementation, I've noticed that we were by default. We were to stay in ninety days in this one: I change it to 30 days, mainly because the the back-end logicals have changed. So previously we were the back end was providing all the data with with a single call and in this new implementation we have to it. We have to make several calls in order to fetch all the data.

A

The reasoning behind this was because previously the security dashboards this chart, it was a bit slow to execute, and sometimes it even caused timeouts. So you know to improve the performance. The back end decided to split the the whole data into several calls into chunks, and for that reason we are making multiple calls. Now the days are limited to ten days roughly it's. Actually it should be ten, but it's nine.

A

So if I click here, for instance, I will show you that from the console, if I click here in ninety days, you will see that all these lines are new calls and the data coming from from the from the backend. Here you can see that.

A

The the number of vulnerabilities per day it's, unfortunately, the data I, have it's it's not very useful for this demo, but still I think it. It helps to understand yes, so one thing: the data that the back-end provides: it's not sorted, so we have to sort this in the front end. That's also handled in this, mr and yes, I. Think for the visual changes.

A

That's that's! It.

A

I'm gonna record one more video for the implementation, because I think it deserves some attention, but that's mainly for the for the MRV reviewer. It's just to make their life a bit easier and to walk through the code and understand, explain why I did so certain things. That being said, I think that's, that's it. Yes, thank you for watching.