Skip to content

Add a service to promote security findings to vulnerability findings

What does this MR do and why?

Describe in detail what your merge request does and why.

This Merge Requests add a new Service to create a Vulnerabilities::Finding from Security::Finding as described here.

Related issue: #361948 (closed)

Query Plans

SELECT
    "security_findings".*
FROM
    "security_findings"
WHERE
    "security_findings"."uuid" = '3e3d3f55-cacf-564b-8afc-31fb0125ad15'
ORDER BY
    "security_findings"."id" DESC
LIMIT 1

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10934/commands/39277

A new index will be added for this query in a follow-up MR as discussed here.

SELECT
    "security_scans".*
FROM
    "security_scans"
WHERE
    "security_scans"."id" = 47

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10714/commands/38649

SELECT
    "ci_builds".*
FROM
    "ci_builds"
WHERE
    "ci_builds"."type" = 'Ci::Build'
    AND "ci_builds"."id" = 2625712723

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10714/commands/38650

SELECT
    "ci_job_artifacts"."project_id",
    "ci_job_artifacts"."file_type",
    "ci_job_artifacts"."size",
    "ci_job_artifacts"."created_at",
    "ci_job_artifacts"."updated_at",
    "ci_job_artifacts"."expire_at",
    "ci_job_artifacts"."file",
    "ci_job_artifacts"."file_store",
    "ci_job_artifacts"."file_sha256",
    "ci_job_artifacts"."file_format",
    "ci_job_artifacts"."file_location",
    "ci_job_artifacts"."id",
    "ci_job_artifacts"."job_id",
    "ci_job_artifacts"."locked"
FROM
    "ci_job_artifacts"
WHERE
    "ci_job_artifacts"."job_id" = 2625713871

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10714/commands/38651

SELECT
    "ci_pipelines".*
FROM
    "ci_pipelines"
WHERE
    "ci_pipelines"."id" = 570320333

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/10714/commands/38652

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Marcos Rocha

Merge request reports

Loading