Skip to content

Add `has_vulnerabilities` flag into projects table

What does this MR do?

This MR introduces a new column for the project_settings table called has_vulnerabilities. Previously we were identifying the projects with vulnerabilities on the fly by joining the vulnerabilities table which had some performance issues and timeouts since both tables are a bit big.

We are setting this new column as true when we store security reports for a project.

This MR also introduces an index for this new boolean column.

Related to #244380 (closed).

Database review

This MR introduces 2 new migrations. The first one to add a new column into the project_settings table called has_vulnerabilities and the second one is to create a partial index on the project_id column.

rake db:migrate:up

VERSION=20201022191817

== 20201022191817 AddHasVulnerabilitiesIntoProjectSettings: migrating =========
-- add_column(:project_settings, :has_vulnerabilities, :boolean, {:default=>false, :null=>false})
   -> 0.0013s
== 20201022191817 AddHasVulnerabilitiesIntoProjectSettings: migrated (0.0054s)

VERSION=20201022192254

== 20201022192254 IndexProjectSettingsOnProjectIdPartially: migrating =========
-- transaction_open?()
   -> 0.0000s
-- index_exists?(:project_settings, :project_id, {:name=>"index_project_settings_on_project_id_partially", :where=>"has_vulnerabilities IS TRUE", :algorithm=>:concurrently})
   -> 0.0017s
-- add_index(:project_settings, :project_id, {:name=>"index_project_settings_on_project_id_partially", :where=>"has_vulnerabilities IS TRUE", :algorithm=>:concurrently})
   -> 0.0024s
== 20201022192254 IndexProjectSettingsOnProjectIdPartially: migrated (0.0045s)
rake db:migrate:down

VERSION=20201022191817

== 20201022191817 AddHasVulnerabilitiesIntoProjectSettings: reverting =========
-- remove_column(:project_settings, :has_vulnerabilities)
   -> 0.0010s
== 20201022191817 AddHasVulnerabilitiesIntoProjectSettings: reverted (0.0053s)

VERSION=20201022192254

== 20201022192254 IndexProjectSettingsOnProjectIdPartially: reverting =========
-- transaction_open?()
   -> 0.0000s
-- indexes(:project_settings)
   -> 0.0030s
-- remove_index(:project_settings, {:algorithm=>:concurrently, :name=>"index_project_settings_on_project_id_partially"})
   -> 0.0030s
== 20201022192254 IndexProjectSettingsOnProjectIdPartially: reverted (0.0064s)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Mehmet Emin INAC

Merge request reports

Loading