Add `has_vulnerability_resolution` column to `vulnerability_reads`

We need to be able to filter vulnerabilities on whether they have the "Resolve with Duo" button enabled. This button is enabled if a finding's `CWE` value is included in this [hard-coded list][0] of `CWE` values. These values ultimately come from the `name` column of the [`vulnerability_identifiers` model][1] Alternatives Considered ------------------------- We could use the existing `identifier_names` column to build a scope like this: ```ruby scope :with_duo_resolution, -> do where("vulnerability_reads.identifier_names && ARRAY[?]::text[]", Vulnerabilities::Finding::HIGH_CONFIDENCE_AI_RESOLUTION_CWES) end ``` or store a regex-optimized string column and add a scope like: ```ruby AI_RESOLUTION_REGEX = Vulnerabilities::Finding::HIGH_CONFIDENCE_AI_RESOLUTION_CWES.join('|') scope :with_duo_resolution, -> do where("vulnerability_reads.identifier_names_string ~ ?", AI_RESOLUTION_REGEX) end ``` Why boolean column --------------------------- While the above are quicker to implement and have a much lower maintenance cost (they don't require migrations whenever the list of CWEs changes), ultimately the expected performance of a boolean column outweighed all other considerations. You can see more detailed discussions in [threads on the epic][2] [0]:https://gitlab.com/gitlab-org/gitlab/-/blob/1eee1a7b737f56a6f8d4af5c3d864a4838c62560/ee/app/models/vulnerabilities/finding.rb#L21-65 [1]:https://gitlab.com/gitlab-org/gitlab/-/blob/dfe27c56e0ac0fb36595e9a3702f450fce6ffcb1/ee/app/models/vulnerabilities/identifier.rb#L26 [2]:https://gitlab.com/groups/gitlab-org/-/epics/15036#note_2081255870 --- epic: https://gitlab.com/groups/gitlab-org/-/epics/15036 resolves: https://gitlab.com/gitlab-org/gitlab/-/issues/485583 Changelog: added EE: true

Add `has_vulnerability_resolution` column to `vulnerability_reads`
We need to be able to filter vulnerabilities on whether they have the "Resolve with Duo" button enabled. This button is enabled if a finding's `CWE` value is included in this [hard-coded list][0] of `CWE` values. These values ultimately come from the `name` column of the [`vulnerability_identifiers` model][1] Alternatives Considered ------------------------- We could use the existing `identifier_names` column to build a scope like this: ```ruby scope :with_duo_resolution, -> do where("vulnerability_reads.identifier_names && ARRAY[?]::text[]", Vulnerabilities::Finding::HIGH_CONFIDENCE_AI_RESOLUTION_CWES) end ``` or store a regex-optimized string column and add a scope like: ```ruby AI_RESOLUTION_REGEX = Vulnerabilities::Finding::HIGH_CONFIDENCE_AI_RESOLUTION_CWES.join('|') scope :with_duo_resolution, -> do where("vulnerability_reads.identifier_names_string ~ ?", AI_RESOLUTION_REGEX) end ``` Why boolean column --------------------------- While the above are quicker to implement and have a much lower maintenance cost (they don't require migrations whenever the list of CWEs changes), ultimately the expected performance of a boolean column outweighed all other considerations. You can see more detailed discussions in [threads on the epic][2] [0]:https://gitlab.com/gitlab-org/gitlab/-/blob/1eee1a7b737f56a6f8d4af5c3d864a4838c62560/ee/app/models/vulnerabilities/finding.rb#L21-65 [1]:https://gitlab.com/gitlab-org/gitlab/-/blob/dfe27c56e0ac0fb36595e9a3702f450fce6ffcb1/ee/app/models/vulnerabilities/identifier.rb#L26 [2]:https://gitlab.com/groups/gitlab-org/-/epics/15036#note_2081255870 --- epic: https://gitlab.com/groups/gitlab-org/-/epics/15036 resolves: https://gitlab.com/gitlab-org/gitlab/-/issues/485583 Changelog: added EE: true
0f8efd56 · Michael Becker · acf32ff5 · 0f8efd56 · 0f8efd56 · 0f8efd56
--- a/db/migrate/20240909171100_add_has_vulnerability_resolution_to_vulnerability_reads.rb
+++ b/db/migrate/20240909171100_add_has_vulnerability_resolution_to_vulnerability_reads.rb
+# frozen_string_literal: true
+
+class AddHasVulnerabilityResolutionToVulnerabilityReads < Gitlab::Database::Migration[2.2]
+  milestone '17.4'
+
+  def change
+    add_column :vulnerability_reads, :has_vulnerability_resolution, :boolean, default: false
+  end
+end
--- a/db/schema_migrations/20240909171100
+++ b/db/schema_migrations/20240909171100
+a11ad4cb6817642b4ef1deb0ce4906be4bdb56568d2e641b8d328bbcf730ec71
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -20005,6 +20005,7 @@ CREATE TABLE vulnerability_reads (
    archived boolean DEFAULT false NOT NULL,
    identifier_external_ids text[] DEFAULT '{}'::text[] NOT NULL,
    identifier_names text[] DEFAULT '{}'::text[] NOT NULL,
+    has_vulnerability_resolution boolean DEFAULT false,
    CONSTRAINT check_380451bdbe CHECK ((char_length(location_image) <= 2048)),
    CONSTRAINT check_4b1a1bf5ea CHECK ((has_merge_request IS NOT NULL)),
    CONSTRAINT check_a105eb825a CHECK ((char_length(cluster_agent_id) <= 10)),