Security dashboards do not update when all vulnerabilities are fixed
Based on this support issue: https://support.gitlab.com/hc/en-us/requests/137316
Started using the security scans to identify issues. The dashboard showed a set of 12 vulnerabilities.
Checked in fixes for the vulnerabilities, so that the scan did not report any more issues. However, the dashboard continues to show the old vulnerabilities.
Results from latest run:
[INFO] ▶ Image [phx.ocir.io/odx-sre/sauron/kubectl-helm-jq-dev:311397] contains NO unapproved vulnerabilities
Done in 0.21s.
Uploading artifacts...
gl-container-scanning-report.json: found 1 matching files
Uploading artifacts to coordinator... ok id=997084 responseStatus=201 Created token=C9CsB3wK
Job succeeded
rails output: gitlab-rails/api_json.log:
{
"time": "2019-11-04T04:06:50.203Z",
"severity": "INFO",
"duration": 95.97,
"db": 15.5,
"view": 80.47,
"status": 201,
"method": "POST",
"path": "/api/v4/jobs/997084/artifacts",
"params": [
{
"key": "artifact_format",
"value": "raw"
},
{
"key": "artifact_type",
"value": "container_scanning"
},
{
"key": "file.sha512",
"value": "809f283a80d9b5ec84543bcf188dd033897e8f7467488b00826de24dddc0ce960a8169a182240a8ad1ce6704093aec6f9c423fa038c35d84ba95e054f975fc4c"
},
{
"key": "file.md5",
"value": "fc97aa6ad0f4290ef0f4bb3e1019b771"
},
{
"key": "file.sha1",
"value": "76d28c84a86f99658421c5da6e22361616c709bb"
},
{
"key": "file.sha256",
"value": "f6875127a51c37cd4ebe6be756c2b269860b9c112bfc20eee5e9b72a746cb7f0"
},
{
"key": "file.name",
"value": "gl-container-scanning-report.json"
},
{
"key": "file.path",
"value": "/var/opt/gitlab/gitlab-rails/shared/artifacts/tmp/uploads/gl-container-scanning-report.json128064738"
},
{
"key": "file.size",
"value": "115"
}
],
"host": "gitlab-odx.oracledx.com",
"remote_ip": "148.87.23.5, 148.87.23.5, 148.87.23.5",
"ua": "gitlab-runner 12.3.0 (12-3-stable; go1.8.7; linux/amd64)",
"route": "/api/:version/jobs/:id/artifacts",
"queue_duration": 5.35,
"rugged_calls": 1,
"rugged_duration_ms": 1.45,
"correlation_id": "SlMqPLe3YU"
}
Contents of the last artifact that was uploaded, looks like it doesn't upload a new one if nothing changes.
{
"image": "phx.ocir.io/odx-sre/sauron/kubectl-helm-jq-dev:0903eba664082d65959fd1f80acd56e15cf93bf4",
"unapproved": [],
"vulnerabilities": []
}
Edited by Cameron Swords