Subashis Chakraborty activity https://gitlab.com/subashis 2026-03-18T04:29:09Z tag:gitlab.com,2026-03-18:5215635933 Subashis Chakraborty pushed to project branch 592096-es-aggregation at GitLab.org / GitLab 2026-03-18T04:29:09Z subashis Subashis Chakraborty

Subashis Chakraborty (dcc76289) at 18 Mar 04:29

Add TopCwesFinder to identify and rank top CWEs from vulnerabilities

 tag:gitlab.com,2026-03-18:5215262664 Subashis Chakraborty opened merge request !227808: Draft: Add TopCwesFinder to identify and rank top CWEs from vulnerabilities at GitLab.org / GitLab 2026-03-18T00:37:43Z subashis Subashis Chakraborty

What does this MR do and why?

Add TopCwesFinder to identify and rank top CWEs from vulnerabilities

Implements a native Elasticsearch aggregation finder to:

  • Identify the top 10 CWEs (Common Weakness Enumeration) in vulnerabilities
  • Include severity breakdown for each CWE
  • Support filtering by severity levels
  • Follow existing finder patterns

Includes:

  • TopCwesFinder implementation with execute, parse_aggregation, format_top_cwes methods
  • by_top_cwes aggregation in VulnerabilityAggregations
  • Integration with VulnerabilityQueryBuilder
  • Comprehensive RSpec tests covering finder, aggregation, and query builder functionality

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #592096

 tag:gitlab.com,2026-03-18:5215261237 Subashis Chakraborty pushed new project branch 592096-es-aggregation at GitLab.org / GitLab 2026-03-18T00:36:35Z subashis Subashis Chakraborty

Subashis Chakraborty (3765ef03) at 18 Mar 00:36

Add TopCwesFinder to identify and rank top CWEs from vulnerabilities

 tag:gitlab.com,2026-03-17:5214959706 Subashis Chakraborty commented on merge request !226308 at GitLab.org / GitLab 2026-03-17T22:07:36Z subashis Subashis Chakraborty

Also, due dates should be able to be set retroactively.

Thanks @bwill for this 👍

 tag:gitlab.com,2026-03-17:5214182260 Subashis Chakraborty commented on merge request !227665 at GitLab.org / GitLab 2026-03-17T18:04:56Z subashis Subashis Chakraborty

Thanks Ugo for the heads up, I will wait until query plan is added here.

 tag:gitlab.com,2026-03-17:5213581682 Subashis Chakraborty commented on merge request !226308 at GitLab.org / GitLab 2026-03-17T15:39:10Z subashis Subashis Chakraborty

Thanks @uokeadu. @bwill Can you please do the maintainer review for this MR 🙏?

 tag:gitlab.com,2026-03-17:5213573799 Subashis Chakraborty approved merge request !226308: Add vulnerability_finding_due_dates table to store remediation due dates at GitLab.org / GitLab 2026-03-17T15:37:19Z subashis Subashis Chakraborty

What does this MR do and why?

Add vulnerability_finding_due_dates to store remediation due dates for vulnerability findings.

Changes

  • Create vulnerability_finding_due_dates table with:

    • vulnerability_occurrence_id (unique, FK -> vulnerability_occurrences, ON DELETE CASCADE)
    • project_id
    • due_date
    • timestamps

  • Add indexes on vulnerability_occurrence_id and project_id

  • Configure Loose Foreign Key cleanup for project_id → projects

  • Add Vulnerabilities::FindingDueDate model and has_one :finding_due_date association on Vulnerabilities::Finding

  • Add factory and model specs

  • Include association in import/export configuration

References

Issue: https://gitlab.com/gitlab-org/gitlab/-/work_items/592222+

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

 tag:gitlab.com,2026-03-17:5213572863 Subashis Chakraborty commented on merge request !226308 at GitLab.org / GitLab 2026-03-17T15:37:06Z subashis Subashis Chakraborty

Thanks for the explanation 👍.

 tag:gitlab.com,2026-03-17:5213568591 Subashis Chakraborty commented on merge request !226308 at GitLab.org / GitLab 2026-03-17T15:36:11Z subashis Subashis Chakraborty

Ah, ok it would not be usual to see we are giving due dates in past. If we do not have any validation or constraint here, it means there is a possibility of that.

 tag:gitlab.com,2026-03-17:5213559294 Subashis Chakraborty commented on merge request !226308 at GitLab.org / GitLab 2026-03-17T15:34:25Z subashis Subashis Chakraborty

Thanks @uokeadu for updating this.

 tag:gitlab.com,2026-03-17:5213551216 Subashis Chakraborty commented on epic #17422 at GitLab.org 2026-03-17T15:32:34Z subashis Subashis Chakraborty

shall we let the backend pass this url as a field?

@lorenzvanherwaarden we can do that. As it will be passed as a new field. Hope that will not be an issue for version compatibility in frontend.

Shall we name it url or definitionUrl or something?

I would go for url. WDYT?

 tag:gitlab.com,2026-03-17:5213398067 Subashis Chakraborty commented on merge request !226694 at GitLab.org / GitLab 2026-03-17T15:02:30Z subashis Subashis Chakraborty

Thanks @sming-gitlab for working on this. LGTM.

 tag:gitlab.com,2026-03-17:5213396935 Subashis Chakraborty approved merge request !226694: Update mr_reports_tab FF actor to project at GitLab.org / GitLab 2026-03-17T15:02:16Z subashis Subashis Chakraborty

What does this MR do and why?

This MR updates the actor for all mr_reports_tab FF reference to be project instead of current_user.

There is no UI/UX changes, everything continues to work expected:

mr_reports_tab true mr_reports_tab false
image image

mr_reports_tab true

  • Has "Reports" tab
  • Display "View reports"
  • Widget is not expandable

mr_reports_tab false

  • No "Reports" tab
  • Widget is expandable

References

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Clone this repo and create a MR similar to this: gitlab-org/govern/threat-insights-demos/frontend/mr-reports-tab!1
  2. Trigger a pipeline and it will create some findings

Enable and disable FF:

http://gdk.test:3000/rails/features/mr_reports_tab

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #592500

 tag:gitlab.com,2026-03-16:5210286920 Subashis Chakraborty pushed to project branch master at GitLab.org / GitLab 2026-03-16T22:33:30Z subashis Subashis Chakraborty

Subashis Chakraborty (8eefcfcc) at 16 Mar 22:33

Merge branch '559249-refactor' into 'master'

... and 1 more commit

tag:gitlab.com,2026-03-16:5210285991 Subashis Chakraborty deleted project branch 559249-refactor at GitLab.org / GitLab 2026-03-16T22:32:58Z subashis Subashis Chakraborty

Subashis Chakraborty (3dd02c93) at 16 Mar 22:32

tag:gitlab.com,2026-03-16:5210285012 Subashis Chakraborty accepted merge request !227191: Extract common test patterns from security resolver specs at GitLab.org / GitLab 2026-03-16T22:32:27Z subashis Subashis Chakraborty

Extract common test patterns from security resolver specs

Create shared examples file for common test patterns used across VulnerabilitiesPerSeverityResolver, VulnerabilitiesOverTimeResolver, and RiskScoreResolver specs. This reduces duplication and improves maintainability by centralizing authorization and feature flag validation patterns.

Related to #559249

 tag:gitlab.com,2026-03-16:5209981610 Subashis Chakraborty pushed to project branch 559249-refactor at GitLab.org / GitLab 2026-03-16T20:27:02Z subashis Subashis Chakraborty

Subashis Chakraborty (3dd02c93) at 16 Mar 20:27

Extract common test patterns from security resolver specs

... and 601 more commits

tag:gitlab.com,2026-03-16:5209761255 Subashis Chakraborty commented on epic #17422 at GitLab.org 2026-03-16T19:10:04Z subashis Subashis Chakraborty

If we have time in the milestone, we can research this further as stretch item perhaps.

I can look into this while I am doing the development.