Skip to content

Optimize view_engineer to use DB-side aggregation and cut load time #12606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open

Optimize view_engineer to use DB-side aggregation and cut load time #12606

wants to merge 2 commits into from

Conversation

DenysMoskalenko
Copy link
Contributor

Initially inspired by #12575

✨ Key Points

  • Full rewrite of view_engineer
    • replaces Python loops with SQL COUNT / CASE / Subquery
    • helper functions: _age_buckets, _product_stats, _augment_series_with_accepted
    • preserves the 5-minute @cache_page (But now it can be removed and I guess - should be removed)
  • One SQL round-trip per metric
    • month/week open / closed / accepted
    • product severity tables
    • age buckets for high/critical
  • Targeted ORM tuning
    • lean select_related & prefetch_related
    • dead imports & paths removed
  • No template or migration changes

🚀 Performance on our dataset

I cannot run it on the our production dataset for now, but I excpect huge improvement

Env Before After Δ
dev 12.7s 32 ms –99.7 %
prod ≈ 190s - -
Screenshots
Before After
Screenshot 2025-06-14 at 23 31 00 Screenshot 2025-06-14 at 23 30 29

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jun 14, 2025
edited
Loading

DryRun Security

🔴 Risk threshold exceeded.

This pull request contains sensitive edits to multiple files including dojo/utils.py and dojo/metrics/views.py, which may require additional review or configuration in the .dryrunsecurity.yaml file to approve the changes.

🔴 Configured Codepaths Edit in dojo/utils.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/metrics/views.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/metrics/views.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

@valentijnscholten
Copy link
Member

Thanks again for a nice optimization PR. If the queries are now much faster, the caching can probably be removed.

Since these changes are a little more involved. Is there anyway we can verify the results of the queries are still the same/correct. Would it be feasible to add a little unit test similar to https://github.com/DefectDojo/django-DefectDojo/blob/bugfix/unittests/test_metrics_queries.py ?

@valentijnscholten
Copy link
Member

Something I also wondered if there is a better/clearer name to the stuff named variables. To make it more clear what they are.

dogboat
dogboat requested changes Jun 18, 2025
View reviewed changes
Copy link
Contributor

@dogboat dogboat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

I also agree with @valentijnscholten about tests and variable names if possible.

@valentijnscholten valentijnscholten added this to the 2.49.0 milestone Jun 29, 2025
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@valentijnscholten
Copy link
Member

@DenysMoskalenko Thank you again for your contributions. I've moved this to the 2.49.0 while we wait for conflicts resolution.

@DenysMoskalenko
Copy link
Contributor Author

@DenysMoskalenko Thank you again for your contributions. I've moved this to the 2.49.0 while we wait for conflicts resolution.

Thanks, I will fix the conflicts.
Also I really want to add a unittests you asked, just have no time right now(

@DenysMoskalenko
Optimize the DB queries for metrics views.
94ca50e
@DenysMoskalenko
PR comments fixes:
fc656a2 
 - Remove Cache
 - Rename "stuff" variables
 - Change the date range
@DenysMoskalenko DenysMoskalenko force-pushed the optimize_metrics_views branch from 88a4bb7 to fc656a2 Compare July 4, 2025 20:12
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 4, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

Maffooch
Maffooch approved these changes Jul 9, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DenysMoskalenko great work here! I'm approving for now, but happy to wait on merging until you're happy with it 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.49.0
Development

Successfully merging this pull request may close these issues.
4 participants
@DenysMoskalenko @valentijnscholten @dogboat @Maffooch