fleet icon indicating copy to clipboard operation
fleet copied to clipboard

Published 20 hours ago verified publisher icon fleetdm

[REOPENED] No Vulnerabilities

Open qa-wolf[bot] opened this issue 9 months ago • 6 comments

Steps to reproduce:

  1. Log in as global admin
  2. Navigate to Software -> Vulnerabilities Expected: Vulnerabilities available Actual: No data Video: https://www.loom.com/share/f3d8e36ed7a54f249e00580e5223a7b1?sid=d610bfe4-d1a2-4b6c-82a8-7171813d0615 (https://www.loom.com/share/f3d8e36ed7a54f249e00580e5223a7b1?sid=d610bfe4-d1a2-4b6c-82a8-7171813d0615)

qa-wolf[bot] avatar Feb 28 '25 19:02 qa-wolf[bot]

@mostlikelee, I saw this and applied software label but probably needs more triaging.

sharon-fdm avatar Mar 03 '25 16:03 sharon-fdm

This is an ongoing/intermittent issue and is being looked into

jmwatts avatar Mar 05 '25 22:03 jmwatts

Potentially two issues identified by @mostlikelee :

  1. Old hosts are torn down and new hosts are spun up daily. Old hosts get cleared out using the "Host expiry" option in Organization Settings. When the linux hosts disappear, the OVAL vulnerabilities/orphan vulnerabilities aren't getting cleaned up.
  2. Vulnerabilities job is taking 2 hours to run (possibly due to how many vulnerabilities are in there). At some point while the job is running, there is a concurrency issue. Timeouts are likely being exceeded causing strange behavior.

jmwatts avatar Mar 26 '25 16:03 jmwatts

Should this still have a :reproduce tag?

iansltx avatar Apr 05 '25 23:04 iansltx

Created #28091 and #28093 to investigate the two issues identified above.

jmwatts avatar Apr 10 '25 17:04 jmwatts

@mostlikelee I've assigned you to the two SPIKE tickets (https://github.com/fleetdm/fleet/issues/28091 and https://github.com/fleetdm/fleet/issues/28093) created from this issue. I'm not sure if I should be adding the :product tag here or waiting until we have the outcome of those tickets.

jmwatts avatar Apr 10 '25 17:04 jmwatts

@mostlikelee I see that the spike tickets are on the board. I'm moving this to in progress so it's out of the new column.

eugkuo avatar Jun 19 '25 19:06 eugkuo

Safeguard in the cloud, Vulnerabilities displayed, Peace now in our grasp.

fleet-release avatar Jul 15 '25 22:07 fleet-release

This should not have been closed as it's still an issue.

jmwatts avatar Jul 15 '25 22:07 jmwatts

Sounds like @jmwatts reproduced but this was still in the Done column and we missed it

@mostlikelee - put it in the New Requests column, but definitely could use eyes since this is from February

RachelElysia avatar Aug 19 '25 20:08 RachelElysia

@mostlikelee @jmwatts sounds like this is still a bug that we've been able to reproduce.

I updated this issue to use the bug report template and moved it over to "Ready to estimate"

I left the Fleet version as a TODO. Assuming we were able to repro this on the latest Fleet version.

cc @lukeheath

noahtalerman avatar Sep 02 '25 21:09 noahtalerman

Moving to Ready to spec because there's no To fix here and this isn't indicated as a timebox to understand what the root cause is.

/cc @noahtalerman @mostlikelee

iansltx avatar Sep 03 '25 05:09 iansltx

@mostlikelee Please triage. Looks like there is a spike on drafting for this that could come in first as a timebox item.

lukeheath avatar Sep 04 '25 18:09 lukeheath

Determining the root cause of the bug is included in the bug estimate. Moving back to ready to estimate.

lukeheath avatar Sep 15 '25 15:09 lukeheath

Timebox to 5

  • come up with hypothesis
  • look at logs
  • talk with QA Wolf to get more details (Slack channel)

getvictor avatar Oct 03 '25 16:10 getvictor

Closing since we have 2 new bugs. Fixing both these bugs should resolve QA Wolf issues:

  • https://github.com/fleetdm/fleet/issues/35043
  • https://github.com/fleetdm/fleet/issues/35044

getvictor avatar Oct 31 '25 20:10 getvictor

Vulnerabilities, Once lost, now found and fixed, Secured digital breeze.

fleet-release avatar Oct 31 '25 20:10 fleet-release