fix(db): fix vulnerability count mismatches across service group and …#1235
Open
tsim-sap wants to merge 2 commits into
Open
fix(db): fix vulnerability count mismatches across service group and …#1235tsim-sap wants to merge 2 commits into
tsim-sap wants to merge 2 commits into
Conversation
12fa810 to
6b67190
Compare
…image views Signed-off-by: Valiantsin Tsimoshyk <v.tsimoshyk@sap.com>
6b67190 to
f36f078
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR targets inconsistent vulnerability severity totals by aligning “badge/counts” queries with the same materialized-view-backed sources used for the vulnerability list, and by correcting a service-group counting procedure that was over-deduplicating per service.
Changes:
- Fixes
refresh_mvCountIssueRatingsService_procto deduplicate by(component_version_id, issue_id)per support group (not per service), preventing inflated support-group totals. - Switches image/component vulnerability counting to be derived from
mvVulnerabilityList(and service scoping viamvVulnerabilityService) to match list semantics. - Removes the unused
mvAllComponentsByServiceVulnerabilityCountsMV (event/procedure/table) and updates scheduling/fixtures/e2e seeding accordingly.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/e2e/image_query_test.go | Refreshes mvVulnerabilityService during e2e seeding to keep MV-backed queries consistent. |
| internal/database/mariadb/test/fixture.go | Adds RefreshMvVulnerabilityService() seeder helper and removes refresh of the dropped MV proc. |
| internal/database/mariadb/migrations/20260625100000_fix_vulnerability_count_mismatches.up.sql | Fixes service-group dedup logic and drops the unused mvAllComponentsByServiceVulnerabilityCounts objects. |
| internal/database/mariadb/migrations/20260625100000_fix_vulnerability_count_mismatches.down.sql | Restores the prior procedure behavior and recreates the dropped table/procedure on rollback. |
| internal/database/mariadb/migration.go | Stops scheduling the dropped refresh_mvAllComponentsByServiceVulnerabilityCounts event. |
| internal/database/mariadb/image_batch.go | Reworks per-image severity counting to use mvVulnerabilityList and optional service scoping via mvVulnerabilityService. |
| internal/database/mariadb/component.go | Removes an unreachable join and forces CountComponentVulnerabilities to use the single-component MV path. |
| internal/app/component/component_handler.go | Renames log event and removes emission of a now-deleted component-count event. |
| internal/app/component/component_handler_events.go | Deletes the unused component-count event type/constant. |
| internal/api/graphql/graph/baseResolver/vulnerability.go | Uses the new component-based counting path when resolving vulnerability counts under an Image parent. |
| internal/api/graphql/graph/baseResolver/image.go | Parses component IDs once for batch preloading and reuses them across preloads. |
| internal/api/graphql/graph/baseResolver/component.go | Switches image vulnerabilityCounts resolver to use GetIssueCountsByComponentIDs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| query = fmt.Sprintf("%s %s", query, groupBy) | ||
| query = fmt.Sprintf("%s GROUP BY CVR.component_id", query) |
Comment on lines
171
to
174
| query = query. | ||
| Join("Service S ON CVR.service_id = S.service_id"). | ||
| Join("mvVulnerabilityService MVS ON I.issue_id = MVS.issue_id"). | ||
| Join("Service S ON MVS.service_id = S.service_id"). | ||
| Where(sq.Eq{"S.service_ccrn": nonNilCCRNs}) |
michalkrzyz
approved these changes
Jul 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This aims to fix vulnerability count mismatches in several places.
What type of PR is this? (check all applicable)
Related Tickets & Documents
Closes #1210
Added tests?
Checklist