Skip to content

Sync approval rules even when security_scans are duplicated

Sashi Kumar Kumaresan requested to merge sk/fix-store-scan-worker into master

What does this MR do and why?

This change invokes SyncFindingsToApprovalRulesWorker from StoreScansService before doing an early return as the approval rules can be synced even when security_scans are already present.

More context: https://gitlab.com/gitlab-com/sec-sub-department/section-sec-request-for-help/-/issues/258#note_1879518307

Steps to verify

  • Create a project with a build job and one or more security scan job. Refer https://gitlab.com/gitlab-org/govern/security-policies/sashis-test-group/test-419789 for example
  • Create a branch and run a pipeline for the branch
  • Verify in logs that Security::StoreScansWorker and Security::ScanResultPolicies::SyncFindingsToApprovalRulesWorker are called
  • Once the pipeline is complete, re-run the build job and verify that both the workers are called again
tail -f log/sidekiq.log | grep -e 'StoreScansWorker' -e 'SyncFindingsToApprovalRulesWorker'

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Sashi Kumar Kumaresan

Merge request reports

Loading