Make AdvisoryScanner ingest multiple finding maps
Why are we doing this work
The work done in #420768 (closed) will allow us to ingest multiple vulnerabilities from differing
projects all at once. This work is dependent on some changing the AdvisoryScanner
so that
it passes in batches of findings maps to the new vulnerability ingestion service created
in #420768 (closed).
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: advisory_scans_bulk_vulnerability_ingestion
-
Performance: The vulnerability insertion rate should be higher than that of the single vulnerability insertion service we're currently using. -
Testing: The scanner should be tested with a group of projects to ensure that all findings are upserted at the same time.
Implementation plan
- Create a new feature flag
advisory_scans_bulk_vulnerability_ingestion
- Update
AdvisoryScanner
so that it calls the new service (TBD) if the feature flag is enabled. The flag and logic will be inside of a method calledcreate_vulnerabilities
. - Update the
log_success
andlog_error
methods so that they use an array of project IDS instead of a singular ID. - Update the tests so that it verifies that the vulnerabilities created are logged for all the projects at once
Verification steps
Edited by Oscar Tovar