Add validation to Default Branch Image when parsing CS vulnerability (!93047) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 339320-add-validation-of-default-branch-image into master Jul 21, 2022

What does this MR do and why?

This MR adds validation of value of the image for the default branch. This value is used to deduplicate findings. With this MR we will start validating if the value provided by the analyzer (that should carry the value from CS_DEFAULT_BRANCH_IMAGE variable) is valid (if there is at least one vulnerability with given location_image in the database).

Queries

SELECT
  1 AS one
FROM
  "vulnerability_reads"
WHERE
  "vulnerability_reads"."project_id" = 24673064
  AND "vulnerability_reads"."report_type" = 2
  AND "vulnerability_reads"."location_image" = 'registry.gitlab.com / gitlab - org / security - products / analyzers / container - scanning / tmp / grype :59eb479934ca3bde2e62d48b75817f3d9e44294f'
LIMIT
  1

Time: 15.521 ms
  - planning: 1.850 ms
  - execution: 13.671 ms
    - I/O read: 13.560 ms
    - I/O write: 0.000 ms

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/11173/commands/39966

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #339320 (closed)

Edited Jul 26, 2022 by Alan (Maciej) Paruszewski

Add validation to Default Branch Image when parsing CS vulnerability

What does this MR do and why?

Queries

MR acceptance checklist

Merge request reports