Fetch container or dependency scanning feedback

Only feedback on vulnerabilities reported by container scanning and dependency scanning jobs need to be updated.

Fetch container or dependency scanning feedback
Only feedback on vulnerabilities reported by container scanning and dependency scanning jobs need to be updated.
2fdb7b8d · Avielle Wolfe · 35ba9576 · 2fdb7b8d
隐藏空白更改
内联并排

Showing with 5 addition and 1 deletion

db/post_migrate/20190827193201_update_fingerprints_on_non_default_branch_feedback.rb ...201_update_fingerprints_on_non_default_branch_feedback.rb +5 -1

未找到文件。
--- a/db/post_migrate/20190827193201_update_fingerprints_on_non_default_branch_feedback.rb
+++ b/db/post_migrate/20190827193201_update_fingerprints_on_non_default_branch_feedback.rb
@@ -89,6 +89,7 @@ class UpdateFingerprintsOnNonDefaultBranchFeedback < ActiveRecord::Migration[5.2
    self.table_name = 'vulnerability_feedback'

    belongs_to :pipeline
+    has_many :artifacts, through: :pipeline
    has_many :occurrences, through: :pipeline

    enum category: { dependency_scanning: 1, container_scanning: 2 }
@@ -97,7 +98,10 @@ class UpdateFingerprintsOnNonDefaultBranchFeedback < ActiveRecord::Migration[5.2
    # by container scanning or dependency scanning jobs run on any branch except
    # the default branch
    def self.where_might_need_update
-      left_outer_joins(:occurrences).where('vulnerability_occurrences IS NULL')
+      left_outer_joins(:occurrences)
+        .joins(:artifacts)
+        .where(ci_job_artifacts: { file_type: [6, 7] })
+        .where('vulnerability_occurrences IS NULL')
    end
  end
  private_constant :Feedback