Last year, I contributed to Jitsi Meet as part of GSoC’24. I had a great experience, so I decided to take part in the program again this year.

The three main reasons I went for GitLab:

• I’ve used it at a previous internship.
• I made a contribution to add an in-demand feature, and I found that the engineers were really knowledgeable and supportive.
• I wanted to learn GraphQL, and one of the listed projects was creating features for GitLab’s GraphQL vulnerabilities API.

Overview

Introduction:

GitLab's security features help developers find vulnerabilities in their code, but the current API doesn't expose all the important information that security teams need. For example, users can't easily access details about when vulnerabilities were first discovered, who authored the related commits, or which pipelines detected the issues. This makes it difficult for teams to automate their security workflows and track vulnerability trends over time.

Key Features:

• Added Vulnerability ID in Vulnerability & Archival Report CSV File
• Fixed bug where vulnerability returns none without license
• Return vulnerabilities initial_detected_pipeline and latest_detected_pipeline in GraphQL API
• GraphQL allows nested fields to be selected; this closed https://gitlab.com/gitlab-org/gitlab/-/issues/384476as well! in-progress:
• Vulnerability bulk confirm mutation pre-GSoC:
• Fix Style/SuperArguments offences
• Added shortcut to check "viewed" on MR-changes

Contributions

Here’s a list of my MRs:

• https://gitlab.com/gitlab-org/gitlab/-/merge_requests/198840
• https://gitlab.com/gitlab-org/gitlab/-/merge_requests/197038
• https://gitlab.com/gitlab-org/gitlab/-/merge_requests/187201
• https://gitlab.com/gitlab-org/gitlab/-/merge_requests/193819
• https://gitlab.com/gitlab-org/gitlab/-/merge_requests/195555
• https://gitlab.com/gitlab-org/gitlab/-/merge_requests/185676
• https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137912

Challenges

GitLab is a huge monolithic Ruby on Rails application. It was very challenging navigating through the project and figuring out where to add relevant code. GitLab maintainers also have a very high bar for code quality, so each MR had lots of revisions!

One of the most interesting problems I encountered was the N+1 query problem. In a large application like GitLab, users often perform actions that can cause many (1000+) trips to the database. Because of the scale of such requests, I learnt ways to optimize my code to perform a constant number of requests. Mainly, I used preloading and batch requests. This MR is a good example of my work to increase the mutation speed of vulnerability state updates!