Ingest vulnerabilities from multiple pipelines
What does this MR do and why?
Continuous Vulnerability Scanning detects vulnerabilities across the entire GitLab instance. As a performance improvement, we need to be able to create batches of vulnerabilities which may be on multiple different projects.
This change updates vulnerability ingestion to handle multiple pipelines
by storing them in the finding_map
object.
Some tasks need to query for objects on the project and compare them
with objects found during ingestion. Since this won't scale for multiple
projects, a separate IngestCvsSliceService
is defined which skips
these tasks.
For more information about the design of this service, see: !66735 (merged)
For more information about the vulnerability models, see: https://docs.gitlab.com/ee/development/sec/security_report_ingestion_overview.html
Relates to: #420768 (closed)
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Prerequisites: Ultimate license, GitLab runner registered
- Create a new project imported from https://gitlab.com/gitlab-examples/security/security-reports
- Go to CI / CD -> Pipelines and run a new pipeline on main
- Go to Security and Compliance -> Vulnerability Report and observe that it contains vulnerabilities
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.