Skip to content

"Last updated" on the Security Dashboard doesn't seem to link to a successful pipeline all the time

Summary

We recently added a pipeline widget to the security dashboard. It displays the latest pipeline which was used to update the dashboard data. The pipeline linked doesn't seem to be the latest successful pipeline, so either we're not showing the right pipeline, or we update the dashboard with unexpected pipelines.

Steps to reproduce

It's hard to reproduce this issue, but I spotted the same issue twice today. I simply went to https://gitlab.com/gitlab-org/gitlab/-/security/dashboard/?state=DETECTED&state=CONFIRMED and followed the link next to "Last updated".

Example Project

What is the current bug behavior?

The linked pipeline is still running, which should not happen. I can understand it could be the case if someone was running again by hand a job, but every time I followed this link this morning, I found a running pipeline. That's too many times to be a coincidence.

What is the expected correct behavior?

Linking to a finished, successful pipeline. We could imagine that security jobs are finished, and it's safe to use an unfinished pipeline in this case, but I saw some security jobs still running.

Relevant logs and/or screenshots

Screen_Shot_2020-10-22_at_10.44.21 linking to Screen_Shot_2020-10-22_at_10.44.13

Or more recently:

Screen_Shot_2020-10-22_at_17.12.05 linking to Screen_Shot_2020-10-22_at_17.12.12

(note the nodejs scan job still running).

Pipeline: https://gitlab.com/gitlab-org/gitlab/-/pipelines/206526184

Output of checks

This bug happens on GitLab.com

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Implementation Plan

  • database Introduce a new column called latest_pipeline_id for the vulnerability_statistics table
  • backend Extend the logic on Security::StoreReportsService to set the latest_pipeline_id for the vulnerability_statistics record related to project
  • database Implement a background migration to populate the latest_pipeline_id for the missing records
  • backend Change the Project#latest_pipeline_with_security_reports method to return the value from associated vulnerability_statistic record.

/cc @lkerr @thiagocsf @matt_wilson

Edited by Mehmet Emin INAC