Secure `[analyzer]_scans` metrics report on all CI jobs (!67812) · Merge requests · GitLab.org / GitLab

Cameron Swords requested to merge remove-join-to-builds-analyzer-scans into master Aug 10, 2021

What does this MR do?

[analyzer]_scans service ping metrics are sent for every CI job that contains a scan, not just for those that are part of successful non-retried jobs. This is an attempt to reduce the load on the database.

Resolves issue #336170 (closed).

Impact to the database

Query

A query like the following will be made for each scan type (of which there are nine).

SELECT
    count("security_scans"."build_id")
FROM
    "security_scans"
WHERE
    "security_scans"."scan_type" = 1
    AND "security_scans"."created_at" BETWEEN '2021-07-11 06:48:30.475125' AND '2021-08-08 06:48:30.475324'
    AND "security_scans"."build_id" >= 1491032526
    AND "security_scans"."build_id" < 1491132526

This is an expected improvement on the previous query as it doesn't have to join with the ci_builds table and filter by the latest successful build.

The new query searches using the index on scan_type. This query is run against scan_type 1 (SAST), which accounts for the vast majority of Security Scans.

The explain plan generated from #database_lab can be found at the following location https://explain.depesz.com/s/q0rE.

Does this MR meet the acceptance criteria?

Conformity

I have included changelog trailers, or none are needed. (Does this MR need a changelog?)
I have added/updated documentation, or it's not needed. (Is documentation required?)
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
I have self-reviewed this MR per code review guidelines.
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
I have followed the style guides.
This change is backwards compatible across updates, or this does not apply.

Availability and Testing

I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
I have tested this MR in all supported browsers, or it's not needed.
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.

Edited Aug 19, 2021 by Cameron Swords

Secure `[analyzer]_scans` metrics report on all CI jobs