Commit 1656a6c6 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Disable creating `security_findings` by default

Create entries in `security_findings` table if the feature is enabled.
parent 8a75797e
...@@ -19,6 +19,8 @@ module Security ...@@ -19,6 +19,8 @@ module Security
end end
def execute def execute
return security_scan unless Feature.enabled?(:store_security_findings, project)
StoreFindingsMetadataService.execute(security_scan, security_report) StoreFindingsMetadataService.execute(security_scan, security_report)
deduplicate_findings? ? update_deduplicated_findings : register_finding_keys deduplicate_findings? ? update_deduplicated_findings : register_finding_keys
......
---
name: store_security_findings
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44312
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/276011
milestone: '13.6'
type: development
group: group::threat insights
default_enabled: false
...@@ -41,6 +41,37 @@ RSpec.describe Security::StoreScanService do ...@@ -41,6 +41,37 @@ RSpec.describe Security::StoreScanService do
known_keys.add(finding_key) known_keys.add(finding_key)
end end
context 'when the `store_security_findings` feature is not enabled' do
before do
stub_feature_flags(store_security_findings: false)
end
it 'does not call the `Security::StoreFindingsMetadataService`' do
store_scan
expect(Security::StoreFindingsMetadataService).not_to have_received(:execute)
end
context 'when the security scan already exists for the artifact' do
let_it_be(:security_scan) { create(:security_scan, build: artifact.job, scan_type: :sast) }
it 'does not create a new security scan' do
expect { store_scan }.not_to change { artifact.job.security_scans.count }
end
end
context 'when the security scan does not exist for the artifact' do
it 'creates a new security scan' do
expect { store_scan }.to change { artifact.job.security_scans.sast.count }.by(1)
end
end
end
context 'when the `store_security_findings` feature is enabled' do
before do
stub_feature_flags(store_security_findings: true)
end
it 'calls the `Security::StoreFindingsMetadataService` to store findings' do it 'calls the `Security::StoreFindingsMetadataService` to store findings' do
store_scan store_scan
...@@ -128,4 +159,5 @@ RSpec.describe Security::StoreScanService do ...@@ -128,4 +159,5 @@ RSpec.describe Security::StoreScanService do
end end
end end
end end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment