Do not store security scans for already purged pipelines (!88412) · Merge requests · GitLab.org / GitLab

Mehmet Emin INAC requested to merge 351524_dont_change_status_of_purged_security_scans into master May 24, 2022

What does this MR do and why?

It's possible that a user can retry a non-security-related CI build after the security scans for the pipeline get purged which triggers storing the security scans again and overrides the status of the already purged security scans.

We could just prevent overriding the status of the security scans but there is no point of running the entire logic of storing the security scans and security findings which can be quite expensive as it's an IO and memory-heavy operation.

Important Note: This implementation is vulnerable to race conditions as we are marking the security_scans records as purged in a different process but this is better than having nothing anyways.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 07, 2022 by Mehmet Emin INAC

Do not store security scans for already purged pipelines

What does this MR do and why?

MR acceptance checklist

Merge request reports