Merge branch 'otovar/remove-continuous-container-scanning-ff' into 'master'

Remove container_scanning_continuous_vulnerability_scans flag See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150593 Merged-by: Avielle Wolfe <awolfe@gitlab.com> Approved-by: Missy Davies <mdavies@gitlab.com> Approved-by: Avielle Wolfe <awolfe@gitlab.com> Reviewed-by: Missy Davies <mdavies@gitlab.com> Co-authored-by: Oscar Tovar <otovar@gitlab.com>

Merge branch 'otovar/remove-continuous-container-scanning-ff' into 'master'
Remove container_scanning_continuous_vulnerability_scans flag See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150593 Merged-by: Avielle Wolfe <awolfe@gitlab.com> Approved-by: Missy Davies <mdavies@gitlab.com> Approved-by: Avielle Wolfe <awolfe@gitlab.com> Reviewed-by: Missy Davies <mdavies@gitlab.com> Co-authored-by: Oscar Tovar <otovar@gitlab.com>
e83cca1b · Avielle Wolfe · GitLab · 1f92f2d7 · 8cdedd92 · 1f92f2d7
--- a/config/feature_flags/beta/container_scanning_continuous_vulnerability_scans.yml
+++ b/config/feature_flags/beta/container_scanning_continuous_vulnerability_scans.yml
---
-name: container_scanning_continuous_vulnerability_scans
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/435435
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/141023
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/437162
-milestone: '16.8'
-group: group::composition analysis
-type: beta
-default_enabled: true
--- a/doc/user/application_security/continuous_vulnerability_scanning/index.md
+++ b/doc/user/application_security/continuous_vulnerability_scanning/index.md
@@ -10,10 +10,11 @@ DETAILS:
 **Tier:** Ultimate
 **Offering:** GitLab.com, Self-managed, GitLab Dedicated

-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/371063) in GitLab 16.4 as an [Experiment](../../../policy/experiment-beta-support.md#experiment) with multiple [feature flags](../../../administration/feature_flags.md) enabled by default.
-> - [Feature flags removed](https://gitlab.com/gitlab-org/gitlab/-/issues/425753) in GitLab 16.10.
-> - Continuous Container Scanning [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/435435) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `container_scanning_continuous_vulnerability_scans`. Disabled by default.
-> - Continuous Container Scanning [enabled on GitLab.com, self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/issues/437162) in GitLab 16.10.
+> - Continuous dependency scanning [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/371063) with [feature flags](../../../administration/feature_flags.md) `dependency_scanning_on_advisory_ingestion` and `package_metadata_advisory_scans` enabled by default.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/425753) in GitLab 16.10. Feature flags `dependency_scanning_on_advisory_ingestion` and `package_metadata_advisory_scans` removed.
+> - Continuous container scanning [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/435435) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `container_scanning_continuous_vulnerability_scans`. Disabled by default.
+> - Continuous container scanning [enabled on self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/issues/437162) in GitLab 16.10.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/443712) in GitLab 17.0. Feature flag `container_scanning_continuous_vulnerability_scans` removed.

 When advisories are added to either the [GitLab Advisory Database](https://advisories.gitlab.com/) or the
 [Trivy Database](https://github.com/aquasecurity/trivy-db), Continuous Vulnerability Scanning

--- a/ee/app/services/package_metadata/ingestion/advisory/ingestion_service.rb
+++ b/ee/app/services/package_metadata/ingestion/advisory/ingestion_service.rb
@@ -38,12 +38,6 @@ def publish!
            source_xid = data_object.source_xid
            advisory_xid = data_object.advisory_xid

-            if source_xid == 'trivy-db' && Feature.disabled?(:container_scanning_continuous_vulnerability_scans,
-              Feature.current_request, type: :beta)
-              log_skipped_advisory_scan(source_xid, advisory_xid)
-              next
-            end
-
            log_queued_advisory_scan(source_xid, advisory_xid)

            Gitlab::EventStore.publish(
@@ -68,11 +62,6 @@ def log_queued_advisory_scan(source_xid, advisory_xid)
          Gitlab::AppJsonLogger.info(message: 'Queued scan for advisory',
            source_xid: source_xid, advisory_xid: advisory_xid)
        end
-
-        def log_skipped_advisory_scan(source_xid, advisory_xid)
-          Gitlab::AppJsonLogger.warn(message: 'Skipped scan for advisory',
-            source_xid: source_xid, advisory_xid: advisory_xid)
-        end
      end
    end
  end

--- a/ee/spec/services/package_metadata/ingestion/advisory/ingestion_service_spec.rb
+++ b/ee/spec/services/package_metadata/ingestion/advisory/ingestion_service_spec.rb
@@ -12,76 +12,51 @@
    let(:old_advisories) { build_list(:pm_advisory_data_object, 5, published_date: Time.zone.now - 14.days - 1.second) }
    let(:import_data) { recent_advisories + old_advisories }

-    where(:cs_ff_enabled) do
-      [
-        true,
-        false
-      ]
+    let(:ds_advisories) do
+      build_list(:pm_advisory_data_object, 5, source_xid: 'glad',
+        published_date: Time.zone.now - 13.days)
    end

-    with_them do
-      let(:ds_advisories) do
-        build_list(:pm_advisory_data_object, 5, source_xid: 'glad',
-          published_date: Time.zone.now - 13.days)
-      end
+    let(:cs_advisories) do
+      build_list(:pm_advisory_data_object, 5, source_xid: 'trivy-db',
+        published_date: Time.zone.now - 13.days)
+    end

-      let(:cs_advisories) do
-        build_list(:pm_advisory_data_object, 5, source_xid: 'trivy-db',
-          published_date: Time.zone.now - 13.days)
-      end
+    before do
+      allow(Gitlab::AppJsonLogger).to receive(:info).and_call_original
+    end

-      before do
-        value = cs_ff_enabled ? 100 : 0
-        Feature.enable_percentage_of_actors(:container_scanning_continuous_vulnerability_scans, value)
-        allow(Gitlab::AppJsonLogger).to receive(:warn).and_call_original
-        allow(Gitlab::AppJsonLogger).to receive(:info).and_call_original
+    it 'publishes only recently ingested advisories to the event store' do
+      received_events = []
+      allow(Gitlab::EventStore).to receive(:publish) do |event|
+        received_events << event
      end

-      it 'publishes only recently ingested advisories to the event store' do
-        received_events = []
-        allow(Gitlab::EventStore).to receive(:publish) do |event|
-          received_events << event
-        end
-
-        execute
-
-        received_advisory_ids = received_events.map { |event| event.data[:advisory_id] }
-        received_advisories = PackageMetadata::Advisory.where(id: received_advisory_ids)
-                                                       .pluck(:source_xid, :advisory_xid)
-
-        expected = recent_advisories.filter_map do |obj|
-          if (obj.source_xid == 'glad') || (obj.source_xid == 'trivy-db' && cs_ff_enabled)
-            [obj.source_xid, obj.advisory_xid]
-          end
-        end
+      execute

-        expect(received_advisories).to match_array(expected)
+      received_advisory_ids = received_events.map { |event| event.data[:advisory_id] }
+      received_advisories = PackageMetadata::Advisory.where(id: received_advisory_ids)
+                                                     .pluck(:source_xid, :advisory_xid)
+      expected = recent_advisories.map { |obj| [obj.source_xid, obj.advisory_xid] }

-        if cs_ff_enabled
-          expect(Gitlab::AppJsonLogger).to have_received(:info)
-            .with(message: 'Queued scan for advisory', source_xid: be_present, advisory_xid: be_present)
-            .at_least(:once)
-        end
+      expect(received_advisories).to match_array(expected)

-        unless cs_ff_enabled
-          expect(Gitlab::AppJsonLogger).to have_received(:warn)
-            .with(message: 'Skipped scan for advisory', source_xid: be_present, advisory_xid: be_present)
-            .at_least(:once)
-        end
-      end
+      expect(Gitlab::AppJsonLogger).to have_received(:info)
+        .with(message: 'Queued scan for advisory', source_xid: be_present, advisory_xid: be_present)
+        .at_least(:once)
+    end

-      it 'uses package metadata application record transactions' do
-        expect(PackageMetadata::ApplicationRecord).to receive(:transaction)
-        execute
-      end
+    it 'uses package metadata application record transactions' do
+      expect(PackageMetadata::ApplicationRecord).to receive(:transaction)
+      execute
+    end

-      it 'adds new advisories and affected packages' do
-        expect { execute }
-          .to change { PackageMetadata::Advisory.count }.by(import_data.size)
-                                                        .and change {
-                                                          PackageMetadata::AffectedPackage.count
-                                                        }.by(import_data.size)
-      end
+    it 'adds new advisories and affected packages' do
+      expect { execute }
+        .to change { PackageMetadata::Advisory.count }.by(import_data.size)
+                                                      .and change {
+                                                        PackageMetadata::AffectedPackage.count
+                                                      }.by(import_data.size)
    end

    context 'when error occurs' do