Lines of code not being added to the evaluation target
Incident Report for Fluid Attacks


It was identified that at least one group experienced a situation where a root was cloned without its corresponding lines of code being included in the scope. The issue started on UTC-5 23-09-14 08:27 and was reactively discovered 9.1 hours (TTD) later by a user reporting through our help desk [1] that vulnerabilities were not being reported in one of their repositories due to missing lines of code in the repository files. The problem was resolved in 18.4 hours (TTF) resulting in a total impact of 1.1 days (TTR).


The surface data for this specific finding had not been updated. These data are typically refreshed via a mutation named refreshToeLines, within a server_async task named integrates_refresh, responsible for populating surface data. However, this task failed to execute for the affected finding.

Unfortunately, the available traceability data for server_async tasks did not provide sufficient insight into why the task did not execute.


The Surface data for the affected finding were populated by manually executing the integrates_refresh task.


The lack of traceability in the server_async logs hindered the ability to pinpoint the exact cause of the bug. As a result, an issue was created to enhance traceability in these tasks [2]. LACK_OF_TRACEABILITY

Posted Sep 15, 2023 - 18:23 GMT-05:00

The engineering team made a correction and the number of lines of code can be viewed normally.
Posted Sep 15, 2023 - 12:03 GMT-05:00
Groups have been identified in which, after cloning a repository, the lines of code in the repository have not been registered as a target for evaluation.
Posted Sep 14, 2023 - 17:30 GMT-05:00
This incident affected: Platform.