Backfill false_positive in vulnerabilities and sync ES for dismiss action
What does this MR do and why?
-
Add migration to backfill
false_positivein vulnerabilitiesbundle exec ruby scripts/elastic-migration backfill_false_positive_in_vulnerabilities
-
Synchronisation
false_positiveto theVulnerabilitiesElasticsearch index during updates handled by theDismissFalsePositiveService- see also: !211939 (merged)
-
Update pre-loader to consider
false_positivewithconfidentiality_score > 0
Query plan
https://console.postgres.ai/gitlab/gitlab-production-sec/sessions/46194/commands/141054
SELECT "vulnerability_occurrences"."vulnerability_id"
FROM "vulnerability_occurrences"
WHERE "vulnerability_occurrences"."vulnerability_id" BETWEEN 0 AND 100
AND (EXISTS (
SELECT 1
FROM "vulnerability_flags"
WHERE "vulnerability_flags"."flag_type" = 0
AND "vulnerability_flags"."confidence_score" > 0.0
AND "vulnerability_flags"."vulnerability_occurrence_id" = "vulnerability_occurrences"."id"
))Click to expand
References
- Backfill false_positive in vulnerabilities and ... (#581067)
- Add Elasticsearch sync for vulnerabilities in U... (!211939 - merged)
- Add ability to remove False Positive flag from ... (#578903 - closed)
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Ugo Nnanna Okeadu