On prem: Properly upgrading to fixability and license filters
This doc pertains to helm chart 2.6.3+, FOSSA Core v4.10.11+
FOSSA recently released Fixability filters in IssuesV2, which will allow users to be able to filter security issues by whether or not there is a fix. In order to enable this for users on-prem, a backfill job is required.
Without running the backfill, users will have partial support for has fix, but filter results may exclude issues that exist on dependencies that are imported from custom third party repos.
On-Prem instances on version 4.10.11 or newer should run this backfill. As of writing the latest helm version is 2.6.3. In order to do this you can navigate to the admin panel on the instance and find the “Backfill Issue Sanitized Locators” backfill button at the bottom of the page. Hit the button and let it run!
If this admin panel is not available, this can also be run in a repl console within a FOSSA pod. In order to run the job this way:
exec into a pod
Run node dist/tools/fossa.js
Then run
const backfill = require('./dist/faktory/jobs/backfill/BackfillSanitizedLocators').default;
backfill.performAsync();
You may notice another backfill button for license identification. This ties to the declared/discovered license filter. Please perform the backfill for this function as well.
Documented by Solomon on 4/3/2023