Update vulnerability_reads.owasp_top_10 for multiple identifiers (!140067) · Merge requests · GitLab.org / GitLab

Bala Kumar requested to merge 419092-store-owasp-top-10-multiple-identifiers-ingestion into master Dec 18, 2023

What does this MR do and why?

When a vulnerabilities is having many identifiers, vulnerability_reads.owasp_top_10 column was not populated as the ingestion logic was only using the first identifier.

For already created records, it should not be a problem as we have a backfill migration !139544 (diffs)

Screenshots or screen recordings

Without fix, the vulnerability should have owasp_top_10 as nil.

Before	After

How to set up and validate locally

Import project with multiple vulnerability identifiers. Example: https://gitlab.com/bala.kumar/verify-multiple-identifiers
Run pipeline for the main branch.
In Rails console for the imported project say 45, we should observe Project.find(45).vulnerability_reads.pluck(:owasp_top_10) having values like the screenshot above.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #419092 (closed)

Edited Dec 19, 2023 by Bala Kumar

Update vulnerability_reads.owasp_top_10 for multiple identifiers

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports