Improve performance of vulnerabilityResolve

Why are we doing this work

As identified in a spike (internal link), the vulnerabilityResolve is the feature_category: vulnerability_management GraphQL operation with the highest apdex violation count.

image

We want this endpoint to respond in < 1000ms.

At the moment, it regularly exceeds 8s:

image

Relevant links

Non-functional requirements

  • Documentation:
  • Feature flag:
  • Performance:
  • Testing:

Implementation plan

With deprecate_vulnerabilities_feedback on

  1. Make Vulnerabilities::ResolveService accept multiple ids and create Vulnerabilities::StateTransition entries using bulk_insert
  2. Make Mutations::Vulnerabilities::Resolve accept multiple GlobalIDs

Without deprecate_vulnerabilities_feedback

  1. Same as above and...
  2. Modify Vulnerabilities::DestroyDismissalFeedbackService to accept multiple Vulnerability objects
  3. Modify VulnerabilityFeedback::DestroyService to accept multiple Vulnerability objects, separate them into those that will need to be reverted to detected (to retain current functionality of the service object) and those that don't have to. Then delete Feedback records for all of provided Vulnerabilties and execute Vulnerabilities::RevertToDetectedService for Vulnerability objects that need it well.

Verification steps

Edited by Michał Zając