From 1ec3280cf7304f4369bac66e90ed4b6966aebe9d Mon Sep 17 00:00:00 2001 From: Schmil Monderer Date: Mon, 29 Sep 2025 11:10:13 +0300 Subject: [PATCH 1/3] Add risk_score field to vulnerability index EE: true Changelog: added --- ..._add_risk_score_field_to_vulnerability.yml | 11 ++++++++++ ...8_add_risk_score_field_to_vulnerability.rb | 21 +++++++++++++++++++ ee/lib/search/elastic/types/vulnerability.rb | 1 + ..._risk_score_field_to_vulnerability_spec.rb | 10 +++++++++ .../elastic/types/vulnerability_spec.rb | 1 + 5 files changed, 44 insertions(+) create mode 100644 ee/elastic/docs/20250929100948_add_risk_score_field_to_vulnerability.yml create mode 100644 ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb create mode 100644 ee/spec/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability_spec.rb diff --git a/ee/elastic/docs/20250929100948_add_risk_score_field_to_vulnerability.yml b/ee/elastic/docs/20250929100948_add_risk_score_field_to_vulnerability.yml new file mode 100644 index 00000000000000..0e4a83e2c26182 --- /dev/null +++ b/ee/elastic/docs/20250929100948_add_risk_score_field_to_vulnerability.yml @@ -0,0 +1,11 @@ +--- +name: AddRiskScoreFieldToVulnerability +version: '20250929100948' +description: Adds the vulnerabillity risk score field to the Vulnerability index. + The risk score will synced from vulnerability_finding_risk_scores table +group: group::security infrastructure +milestone: '18.5' +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/206657 +obsolete: false +marked_obsolete_by_url: +marked_obsolete_in_milestone: diff --git a/ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb b/ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb new file mode 100644 index 00000000000000..ea19ee3f8a79a9 --- /dev/null +++ b/ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +class AddRiskScoreFieldToVulnerability < Elastic::Migration + include ::Search::Elastic::MigrationUpdateMappingsHelper + + DOCUMENT_TYPE = Vulnerability + + private + + def index_name + ::Search::Elastic::Types::Vulnerability.index_name + end + + def new_mappings + { + risk_score: { + type: 'float' + } + } + end +end diff --git a/ee/lib/search/elastic/types/vulnerability.rb b/ee/lib/search/elastic/types/vulnerability.rb index 6eebc4f429d0e7..9866d03ffa2590 100644 --- a/ee/lib/search/elastic/types/vulnerability.rb +++ b/ee/lib/search/elastic/types/vulnerability.rb @@ -72,6 +72,7 @@ def base_mappings epss_scores: { type: 'float' }, reachability: { type: 'short' }, # enum token_status: { type: 'short' }, # enum + risk_score: { type: 'float' }, schema_version: { type: 'short' } } end diff --git a/ee/spec/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability_spec.rb b/ee/spec/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability_spec.rb new file mode 100644 index 00000000000000..291a32dadf7ae1 --- /dev/null +++ b/ee/spec/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability_spec.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +require 'spec_helper' +require File.expand_path('ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb') + +RSpec.describe AddRiskScoreFieldToVulnerability, :elastic, feature_category: :vulnerability_management do + let(:version) { 20250929100948 } + + include_examples 'migration adds mapping' +end diff --git a/ee/spec/lib/search/elastic/types/vulnerability_spec.rb b/ee/spec/lib/search/elastic/types/vulnerability_spec.rb index 235db7dee6e05e..8b818c4a430339 100644 --- a/ee/spec/lib/search/elastic/types/vulnerability_spec.rb +++ b/ee/spec/lib/search/elastic/types/vulnerability_spec.rb @@ -34,6 +34,7 @@ :epss_scores, :reachability, :token_status, + :risk_score, :schema_version] end -- GitLab From caa98e8cb7ab61b2c3a5762c89dc35e1331ad50d Mon Sep 17 00:00:00 2001 From: Schmil Monderer Date: Mon, 29 Sep 2025 08:13:11 +0000 Subject: [PATCH 2/3] Fix typo --- .../20250929100948_add_risk_score_field_to_vulnerability.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/elastic/docs/20250929100948_add_risk_score_field_to_vulnerability.yml b/ee/elastic/docs/20250929100948_add_risk_score_field_to_vulnerability.yml index 0e4a83e2c26182..89da2695294a20 100644 --- a/ee/elastic/docs/20250929100948_add_risk_score_field_to_vulnerability.yml +++ b/ee/elastic/docs/20250929100948_add_risk_score_field_to_vulnerability.yml @@ -1,7 +1,7 @@ --- name: AddRiskScoreFieldToVulnerability version: '20250929100948' -description: Adds the vulnerabillity risk score field to the Vulnerability index. +description: Adds the vulnerability risk score field to the Vulnerability index. The risk score will synced from vulnerability_finding_risk_scores table group: group::security infrastructure milestone: '18.5' -- GitLab From 7f8c992cca9a14758e748ec3113cd45502ec03c6 Mon Sep 17 00:00:00 2001 From: Schmil Monderer Date: Tue, 30 Sep 2025 10:58:39 +0000 Subject: [PATCH 3/3] Remove index_name method not needed because it is automaticly set based on the document type --- .../20250929100948_add_risk_score_field_to_vulnerability.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb b/ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb index ea19ee3f8a79a9..0c16b8f43030bc 100644 --- a/ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb +++ b/ee/elastic/migrate/20250929100948_add_risk_score_field_to_vulnerability.rb @@ -7,10 +7,6 @@ class AddRiskScoreFieldToVulnerability < Elastic::Migration private - def index_name - ::Search::Elastic::Types::Vulnerability.index_name - end - def new_mappings { risk_score: { -- GitLab