Support finding Sbom::Occurrences via dependency names (!161932) · Merge requests · GitLab.org / GitLab · GitLab

Michał Zając requested to merge 454305-add-group-dependenciesnames-graphql-query-3 into master Aug 06, 2024

What does this MR do and why?

This MR:

Adds Query.components to find Sbom::Components by their name
Changes Sbom::DependenciesFinder to support looking up by component_ids

For performance reasons (see !153596 (comment 1927321689) and https://gitlab.slack.com/archives/CNZ8E900G/p1722605163019149) we:

First have the user select names of the dependencies for which they want to see the vulnerabilities
Find them using Sbom::DependenciesFinder using component_id only so we don't perform a join

Related to #454305 (closed)

Database review

Look up `component_id`

Cold cache: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/30655/commands/95150

Warm cache: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/30655/commands/95151

Look up `Sbom::Occurrences`

I believe the initial slowness here stems from the AS MATERIALIZED

Cold cache: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/31008/commands/96309

Warm cache: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/31008/commands/96310

Look up `Sbom::Occurrences` using `AggregationsFinder`

Cold cache: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/31008/commands/96306

Warm cache: https://console.postgres.ai/gitlab/gitlab-production-main/sessions/31008/commands/96308

Edited Aug 26, 2024 by Michał Zając