Lines of code not being added to the evaluation target
Incident Report for Fluid Attacks
Postmortem

Impact

It was detected that at least in one group a root was cloned without its lines of code being added to the scope (UTC-05 23-09-14 08:30 to 23-09-15 12:03: 1.2 days -time to recover-). The incident was detected reactively (at UTC-5 23-09-14 17:30: 0.3 days -time to detect-) by a user reporting through our help desk [1] that vulnerabilities were not being reported in one of its repositories because lines of code in the repository files were not being added to the scope.

Cause

The surface data for this finding had not been updated, they are updated through a mutation named refreshToeLines, which is contained in a server_async task namedintegrates_refresh that is responsible for populating the surface data. However, this task was not executed for the specific finding.

Unfortunately, currently, the traceability data for server_async tasks is not sufficient to determine why the task was not executed.

Solution

Surface data were populated for the finding in question through the execution of the integrates_refresh task.

Conclusion

Due to the lack of traceability in the server_async logs, it was not possible to determine the exact reason for the bug, so the following issue was created to increase traceability in these tasks [2]. LACK_OF_TRACEABILITY

Posted Sep 15, 2023 - 18:23 GMT-05:00
Resolved
The engineering team made a correction and the number of lines of code can be viewed normally.
Posted Sep 15, 2023 - 12:03 GMT-05:00
Identified
Groups have been identified in which, after cloning a repository, the lines of code in the repository have not been registered as a target for evaluation.
Posted Sep 14, 2023 - 17:30 GMT-05:00
This incident affected: Platform.
Current Status Powered by Atlassian Statuspage