Fix query timeout on instance security dashboard

Review changes
Download
Patches
Plain diff

Avielle Wolfe requested to merge 197238-fix-isd-timeout into master Jan 17, 2020

Overview 56
Commits 16
Pipelines 11
Changes 22

The query we were using to fetch the list of vulnerability findings for the instance security dashboard was fetching vulnerabilities for all pipelines and then filtering them by project.

Now we filter the pipelines we're fetching by project, greatly reducing the time to execute the query.

There are some additional bonuses to this change:

removes some exception logic from Gitlab::Vulnerabilities::History
simplifies Security::VulnerabilityFindingsController
simplifies specs by making the Vulnerable for the instance security dashboard a better duck type with Group
renames ApplicationInstance to InstanceSecurityDashboard, since its new logic is more specific. The new name isn't perfect since it doesn't really represent a model level domain concept, but at least it's clear what it's being used for.

#197238 (closed)

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Jul 22, 2021 by Mikołaj Wawrzyniak

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading