Skip to content

Use `uuid` value from the `security_findings` table to pick findings from report artifacts

Why are we doing this work

We are in the process of deprecating the usage of the project_fingerprint attribute of the findings. By using uuid values to identify findings, we can easily associate any related entity with finding.

The security_findings table is storing only some part of the finding data to implement sorting and filtering on the database layer before downloading all the artifact files into the memory. By this way, we are able to determine which artifact file(s) to download. After downloading the artifact, we are using an attribute called position to find the relevant entry in the artifact. This works without any problem but since we already have the uuid for findings, we can use it to remove the need of having an extra attribute called position.

Implementation plan

  • backend Use uuid attribute of security_findings records to pick the correct finding from artifact. The place this logic exists is Security::FindingsFinder introduced by !41762 (merged)