Skip to content

snyk: add attributes.status and attributes.updated_at field values to fingerprint #14430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

snyk: add attributes.status and attributes.updated_at field values to fingerprint #14430

wants to merge 2 commits into from
+10 −1

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Jul 7, 2025

Proposed commit message

See title.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 self-assigned this Jul 7, 2025
@efd6 efd6 added enhancement New feature or request Integration:snyk Snyk Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jul 7, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jul 7, 2025
edited
Loading

🚀 Benchmarks report

Package snyk 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
issues 4310.34 3021.15 -1289.19 (-29.91%) 💔

To see the full report comment with /test benchmark fullreport

@efd6 efd6 marked this pull request as ready for review July 7, 2025 04:18
@efd6 efd6 requested a review from a team as a code owner July 7, 2025 04:18
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@efd6 efd6 requested a review from clement-fouque July 7, 2025 04:18
@efd6
Copy link
Contributor Author

efd6 commented Jul 7, 2025

Waiting for @clement-fouque.

clement-fouque
clement-fouque requested changes Jul 10, 2025
View reviewed changes
Copy link
Contributor

@clement-fouque clement-fouque left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reviewed the API and we have 2 options:

  • Either we add the ignored field along with status and updated_at
  • Either we remove the status as the updated_at should be updated anyway

I'm proposing the first option (all fields) as it's clearer to understand what is affecting fingerprint and it protects from issues on Snyk API (if status changes and updated_at field is not updated).

packages/snyk/data_stream/issues/elasticsearch/ingest_pipeline/default.yml
@@ -28,7 +28,10 @@ processors:
- fingerprint:
fields:
- snyk.issues.id
- snyk.issues.attributes.status
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- snyk.issues.attributes.status
- snyk.issues.attributes.ignored
- snyk.issues.attributes.status

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this necessary?

Copy link
Contributor

@clement-fouque clement-fouque Jul 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my comment in the PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the position is that it may be the case that ignored changes but updated does not? Looking at the API, I don't think that is the case. The reason I included status in the fingerprint is to avoid timestamp collision even though that would be very unlikely. I have added the ignored field though.

packages/snyk/changelog.yml Outdated
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.2.0"
changes:
- description: Add `attributes.status` and `attributes.updated_at` field values to fingerprint.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- description: Add `attributes.status` and `attributes.updated_at` field values to fingerprint.
- description: Add `attributes.ignored`, `attributes.status` and `attributes.updated_at` field values to fingerprint.

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @efd6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clement-fouque clement-fouque clement-fouque requested changes

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

@efd6 efd6

Labels
enhancement New feature or request Integration:snyk Snyk Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[snyk]: Fingerprint should include the status
4 participants
@efd6 @elasticmachine @chrisberkhout @clement-fouque