Getting new jira external issue takes more than 1 minute
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
When creating a new Jira issue for a finding, an external issue link is created immediately, but getting the actual externalIssue and webUrl where we redirect to takes more than a minute.
For findings on the MR security scanning widget, you can open the vulnerability finding modal to create a Jira issue (if Jira integration is configured). After clicking that button, the external issue link is created, but we don't have the webUrl yet where we can to redirect to. We start polling for vulnerability externalIssueLinks, but it takes more than a minute.
This might be due to reactive caching's reactive_cache_refresh_interval which defaults to 1 minute. If one removes the reactive caching at integrations/jira/by_ids_finder.rb, we get the externalIssue much quicker.
This used to redirect quicker. There is an indication that this was before %18.3, but we're not sure.
If a new Jira issue is being created, it usually takes about a minute, sometimes a bit longer. But if the issue already exists, the redirection to Jira happens quickly.
Steps to reproduce
- Go to https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/jira-create-new-issue/-/merge_requests/1
- Click on a finding in the security scanning widget that has already been dismissed (this because the mutation to create a jira issue only works with vulnerabilities, so by dismissing them we've created a vulnerability already. A mutation for security findings will be added as part of #441954 (closed))
- After the mutation
vulnerabilityJiraIssueCreatehas returned, the polling for external issues will start, check the network tab. TheexternalIssuein the response will benullfor more than a minute - After that you'll eventually see an
externalIssuewith awebUrl. It's that url that we need more quickly to be able to redirect the user to the Jira ticket. - Note: you'll see the "Create Jira issue" button stop loading and disappear before the
webUrlhas returned. This is a bug. Also, when the frontend receives thewebUrlit's possible you are not redirected because it's currently trying to open as a new tab and browsers aggressively block popups (we will fix this too as part of #441954 (closed))
Screen_Recording_2025-09-08_at_18.22.16
Example Project
What is the current bug behavior?
It takes way too long to get the url of the Jira ticket as we expect to redirect the user after clicking the button.
What is the expected correct behavior?
Get the externalIssue and its webUrl in a timely fashion (<3s e.g.) to redirect to. Even better would be if we can get the url as part of the response of the mutation vulnerabilityJiraIssueCreate.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Possible fixes
The Projects::Integrations::Jira::ByIdsFinder used here in turn uses Projects::Integrations::Jira::IssuesFinder. This suffers from an issue since upgrading to Jira API v3 recently due to the API's eventual consistency characteristic. Implement search-and-reconcile pattern for Jira... (#577380) • Anton Smith • Next 1-3 releases aims to fix this in that finder, which might help fixing it here.
Patch release information for backports
If the bug fix needs to be backported in a patch release to a version under the maintenance policy, please follow the steps on the patch release runbook for GitLab engineers.
Refer to the internal "Release Information" dashboard for information about the next patch release, including the targeted versions, expected release date, and current status.
High-severity bug remediation
To remediate high-severity issues requiring an internal release for single-tenant SaaS instances, refer to the internal release process for engineers.