Resolve Vulnerabilities detected from a specific Scanner (!109923) · Merge requests · GitLab.org / GitLab

mo khan requested to merge 382625/resolve-vulns-by-scanner into master Jan 24, 2023

What does this MR do and why?

When an analyzer job fails, the security report ingestion process can mistakingly mark the vulnerabilities on the default branch as resolved. The change in this merge requests provides a way to specify the Scanner to filter by to prevent accidentally marking a vulnerability as resolved.

The change in this MR produces the following query:

SELECT "vulnerabilities".*
FROM "vulnerabilities"
INNER JOIN "vulnerability_reads" "vulnerability_read"
  ON "vulnerability_read"."vulnerability_id" = "vulnerabilities"."id"
WHERE "vulnerability_read"."project_id" = 1216
  AND "vulnerability_read"."scanner_id" = 489;

A database index, !110700 (merged), was added to optimize performance of this query. The current query plan can be found at https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/15467/commands/53653.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Feb 14, 2023 by mo khan

Resolve Vulnerabilities detected from a specific Scanner

What does this MR do and why?

MR acceptance checklist

Merge request reports