Add vulnerability state as part of the granular
What does this MR do and why?
Add vulnerability state as part of the granular settings for Vulnerability-Check approval project rules.
UI: involves an addition of a dropbox (vulnerability_states
) with the option Newly added
(to represent findings not present in target branch) and the existing vulnerability states.
API: The UI send the request to an API endpoint which has been changed to support and persist the new field vulnerability_states
for both create and update.
Sync job: The sync job which evaluates approval rules which are not satisfied anymore have been changed to take in consideration the vulnerability state instead of only considering newly added findings.
Related issue: #335336 (closed)
Database
$ bundle exec rails db:migrate:down VERSION=20211013192749
== 20211013192749 AddStatesIntoApprovalProjectRules: reverting ================
-- remove_column(:approval_project_rules, :vulnerability_states_int)
-> 0.0027s
== 20211013192749 AddStatesIntoApprovalProjectRules: reverted (0.0028s) =======
$ bundle exec rails db:migrate:up VERSION=20211013192749
== 20211013192749 AddStatesIntoApprovalProjectRules: migrating ================
-- add_column(:approval_project_rules, :vulnerability_states_int, :integer, {:array=>true, :null=>false, :default=>[0]})
-> 0.0049s
== 20211013192749 AddStatesIntoApprovalProjectRules: migrated (0.0049s) =======
Query
Execution plan through database-lab:
explain SELECT COUNT(DISTINCT "vulnerabilities"."id") FROM "vulnerabilities" LEFT OUTER JOIN "vulnerability_occurrences" "findings" ON "findings"."vulnerability_id" = "vulnerabilities"."id" WHERE "vulnerabilities"."project_id" = 26074395 AND "findings"."uuid" IN ('184244fe-5321-51af-955c-a1933f015e9b', 'a9585c87-57af-5ec8-b370-5c42f8994d3b', '418164fd-17e6-5349-9b48-a58803f1e21f', '96daee91-
[...SKIP...]
Session: 6996. Plan with execution:
Aggregate (cost=71.70..71.71 rows=1 width=8) (actual time=23.156..23.158 rows=1 loops=1).
Buffers: shared hit=22 read=29.
I/O Timings: read=22.815 write=0.000.
-> Nested Loop (cost=1.12..71.69 rows=1 width=8) (actual time=23.051..23.052 rows=0 loops=1).
Buffers: shared hit=14 read=29.
I/O Timings: read=22.815 write=0.000.
-> Index Scan using index_v.
[...SKIP...].
Full execution plan (The text in the preview above has been cut).
Other artifacts are provided in the thread.
Recommendations:
Summary:
Time: 26.131 ms
- planning: 2.904 ms
- execution: 23.227 ms
- I/O read: 22.815 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 22 (~176.00 KiB) from the buffer pool
- reads: 29 (~232.00 KiB) from the OS file cache, including disk I/O
- dirtied: 0
- writes: 0
Details and visualization: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/6996/commands/24789.
Screenshots or screen recordings
New dropbox
Dropbox items
Error message
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.