Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/server/vulnerabilities/macoffice
History
Victor Lyuboslavsky 092b51f1c2
Vulnerabilities cron optimization (#39820) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #31820 and #39898

Vulnerability processing performance improvements, and added OTEL spans
to the vulnerabilities cron job.
Optimized the two main bottlenecks in the vulnerability cron job: CPE
matching and CVE insertion. In my loadtest testing (10K hosts), the
overall initial vulnerabilities job went from over 2 hours down to 53
minutes, and the number of spans (DB accesses) went from ~2 million to
~90K.

1. CPE matching (TranslateSoftwareToCPE): replaced the goqu query
builder with hand-written SQL using raw database/sql queries. Replaced
UNION with separate queries because case number 3 was an expensive full
text match operation and in most cases we did not need to do that.

2. CVE insertion (TranslateCPEToCVE and other places): replaced
individual INSERT INTO software_cve ... VALUES (?,?,?,?) calls with
batch inserts of 500 rows each, using the existing BatchProcessSimple
helper. Same pattern applied to OS vulnerability inserts using the
existing InsertOSVulnerabilities batch method.

Functional equivalence verified using osquery perf dataset locally. Both
changes produce identical output (22,366 CPEs, 131,233 CVEs) when
compared against the old code using a before/after comparison tool.
- CPE caveats: bugs #39898 and
https://github.com/fleetdm/fleet/issues/39899 found

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Expanded tracing for automated vulnerability workflows to improve
observability.

* **Performance**
* Bulk/batched processing for software and OS vulnerability inserts to
speed ingestion and downstream tasks.
* More efficient CPE lookup and read-optimized database access for
faster translations.

* **Bug Fixes**
* Improved error recording and read-after-write consistency to reduce
missed or duplicate vulnerability notifications.

* **Tests**
  * Test suite updated to support batch insertion semantics.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-18 13:59:15 -06:00
..
analyzer.go Vulnerabilities cron optimization (#39820) 2026-02-18 13:59:15 -06:00
analyzer_test.go Vulnerabilities cron optimization (#39820) 2026-02-18 13:59:15 -06:00
integration_analyzer_test.go Moving Go integration tests to integration test job (#21126) 2024-08-07 14:00:25 +02:00
integration_parser_test.go Add new archive URL as data source for Mac Office release notes (#26978) 2025-03-10 08:46:18 -05:00
integration_sync_test.go Fix CI: extend grace periods for MSRC feeds and expand test coverage for file validation. (#37991) 2026-01-07 10:28:20 -06:00
parser.go Bugfix: Mac Office Vuln Parser (#32545) 2025-09-03 12:33:02 -04:00
release_note.go Microsoft office FMA version from release notes (#30686) 2025-07-23 12:07:18 -05:00
release_note_test.go Microsoft office FMA version from release notes (#30686) 2025-07-23 12:07:18 -05:00
sync.go Improve test coverage and bug fix (#10301) 2023-03-06 15:07:27 -04:00
sync_test.go Improve test coverage and bug fix (#10301) 2023-03-06 15:07:27 -04:00