Ensure Vulnerabilities indexing during for initial ES setup (!197147) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Backfills vulnerabilities index during the initial ES indexing setup.

We are skipping backfill for self-managed and the scope for same will be part of #525484 (closed)

How to set up and validate locally

If you already have vulnerabilties index populated truncate it

curl -XPOST "http://localhost:9200/gitlab-development-vulnerabilities/_delete_by_query" -H "Content-Type: application/json" -d'
{
  "query": {
    "match_all": {}
  }
}'

In Rails console > bundle exec rails console trigger the new indexing action by invoking

::Search::Elastic::ReindexingService.execute

Have > gdk rails-background-jobs start and ensure it is running.
We should now observe bookkeeping logs in > tail -f log/elasticsearch.log for vulnerabilities.
Wait for sometime for the bulkindexer to run or manually invoke it in rails console using Elastic::ProcessInitialBookkeepingService.new.execute, run it a few times till we see [0, 0].
Now the ES index should have vulnerabilities backfilled and should show results for the below query.

curl -XGET "http://localhost:9200/gitlab-development-vulnerabilities/_search" -H "Content-Type: application/json" -d'
{
  "query": {
    "match_all": {}
  },
  "size": 10000
}'

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #543089 (closed)

Edited Jul 10, 2025 by Bala Kumar

Ensure Vulnerabilities indexing during for initial ES setup

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports