API: return stats for api (re)imports #5635
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
github-actions
bot
added
the
New Migration
valentijnscholten
changed the title
valentijnscholten
removed
the
New Migration
This reverts commit 0b7781e.
github-actions
bot
added
the
New Migration
valentijnscholten
changed the title
Maffooch
approved these changes
Jan 3, 2022
|
Pretty cool 😃 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds some improvements to Reimport (and Import), mainly focused on returning statistics. These can be useful in ci/cd situations, for example to do follow up actions if there were new (critical) findings, or to store statistics in a ci/cd platform to show trends.
Changes:
IMPORT_UPDATED_FINDING;IMPORT_UNTOUCHED_FINDINGto record which findings were untouched by a reimport;statsproperty toTest;statsproperty toTest_Import;statisticsin API responses forimport_scanandreimport_scan;indexto help with statistics lookup queries;IMPORT_UNTOUCHED_FINDINGaction;IMPORT_UNTOUCHED_FINDING;@override_settings(TRACK_IMPORT_HISTORY=True)from tests as True has been the default for a whileAt some point during this PR I had added the
statsproperty also toProduct_Type,ProductandEngagement. But this would become slow when serializing lists of these models. I tried to work with prefetching, but that is slow on these big joins. I tried using a seperate query for the statistics, but this would be hard to do at the right moment in the serializer classes (after paging, after filtering, but before serializing). So I removed this part and focused just on (re-)import statistics, which was the original goal of this PR.A more generic solution for statistics on
Product_Type,Product,EngagementandTestserializer has to be a different PR. The more I work with statistics on these models, the more I see that all this prefetching and querying is hard to maintain and hard to keep performant for all usecases. So maybe we should introduce a statistics table ('materialized view'), similar to product grade, that gets updated on modifications but can return statistics very easily without complex joins or slow performance.The statistics are quite verbose as I think it's important to have the severity in there as well to be able to make decisions based on for example the number of critical vulnerabilities still open or that were added. It also means that the stats are correct even if some parsers are importing findings as not
activeoris_mitigated.For import there is only the
afterpart of the statistics:For reimport, there is also the
beforeanddeltaparts.