Skip to content

Add validation to Default Branch Image when parsing CS vulnerability

What does this MR do and why?

This MR adds validation of value of the image for the default branch. This value is used to deduplicate findings. With this MR we will start validating if the value provided by the analyzer (that should carry the value from CS_DEFAULT_BRANCH_IMAGE variable) is valid (if there is at least one vulnerability with given location_image in the database).

Queries

SELECT
  1 AS one
FROM
  "vulnerability_reads"
WHERE
  "vulnerability_reads"."project_id" = 24673064
  AND "vulnerability_reads"."report_type" = 2
  AND "vulnerability_reads"."location_image" = 'registry.gitlab.com / gitlab - org / security - products / analyzers / container - scanning / tmp / grype :59eb479934ca3bde2e62d48b75817f3d9e44294f'
LIMIT
  1
Time: 15.521 ms
  - planning: 1.850 ms
  - execution: 13.671 ms
    - I/O read: 13.560 ms
    - I/O write: 0.000 ms

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/11173/commands/39966

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #339320 (closed)

Edited by Alan (Maciej) Paruszewski

Merge request reports

Loading