Remove vulnerability_findings, vulnerabilities, and vulnerability_feedback records from Secure analyzer projects
As a whole, the Secure sub-department has not been effectively managing the vulnerabilities that have been found against the projects it maintains. This has resulted in thousands of vulnerabilities and findings, an unknown number of which are still current.
Further details
As part of a more diligent Dogfooding exercise, we intend to more actively use the security dashboards for projects in the security-products/analyzers group. We would like to execute a one-time script to delete vulnerabilities
, vulnerability_findings
, and vulnerability_feedback
records against projects in this group.
Execution plan
-
Prepare script to delete records of the identified tables from production. -
Work with infrastructure to execute the script. -
Trigger CI pipelines against the default branch for all analyzers to populate current vulnerabilities and their findings. -
Identify or create issues to remediate found risks, starting with Critical and High severity findings(moved to #241305 (closed))
Edited by Lucas Charles