Direct Transfer - Handle Vulnerabilities
Import by direct transfer is really cool, working pretty well for importing projects from a GitLab instance to another.
Unfortunately, in the current situation, it doesn't support import of vulnerability reports.
For the purpose of local testing the Vulnerability Resolution feature, we need to sync projects from staging to GDK, including vulnerability reports.
DoD:
- Include vulnerabilities in Direct Transfer
These tables are necessary to support the vulnerability report:
-
vulnerabilities -
vulnerability_feedback -
vulnerability_finding_evidences -
vulnerability_finding_links -
vulnerability_finding_signatures -
vulnerability_identifiers -
vulnerability_occurrences ( finding.rb) -
vulnerability_reads -
vulnerability_scanners -
vulnerability_state_transitions
These tables are necessary to support the security dashboard:
-
vulnerability_historical_statistics -
vulnerability_statistics -
vulnerability_namespace_historical_statistics
It is unclear if these tables need to be transferred:
-
vulnerability_flags - Needed if we want to support SAST false-positive detection -
vulnerability_issue_links - Needed if we want to preserve issue links -
vulnerability_findings_remediations - Needed if we want to preserve "remediate with a merge request" -
vulnerability_merge_request_links - Needed if we want to preserve merge request links -
vulnerability_occurrence_identifiers - Unsure how this differs from vulnerability_identifiers -
vulnerability_remediations - Needed if we want to preserve "remediate with a merge request" -
vulnerability_user_mentions - Needed if we want to preserve user mentions
https://docs.gitlab.com/ee/development/bulk_imports/contributing.html
Edited by Meir Benayoun