From f742f14f06b1af15b7b3e8fbd3b58a7b8ba17926 Mon Sep 17 00:00:00 2001
From: Rushik Subba <srushik@gitlab.com>
Date: Tue, 21 Oct 2025 12:36:24 +0530
Subject: [PATCH] Sync risk_score to elasticsearch

In the RiskScoreCalculation service
call Vulnerabilities::EsHelper to sync changes
to elasticsearch

EE: true
Changelog: other
---
 .../findings/risk_score_calculation_service.rb    | 15 ++++++++++-----
 .../risk_score_calculation_service_spec.rb        |  7 +++++++
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/ee/app/services/vulnerabilities/findings/risk_score_calculation_service.rb b/ee/app/services/vulnerabilities/findings/risk_score_calculation_service.rb
index 9fb7d07d70de46..66cc14eb294476 100644
--- a/ee/app/services/vulnerabilities/findings/risk_score_calculation_service.rb
+++ b/ee/app/services/vulnerabilities/findings/risk_score_calculation_service.rb
@@ -3,7 +3,7 @@
 module Vulnerabilities
   module Findings
     class RiskScoreCalculationService
-      attr_reader :vulnerabilities
+      attr_reader :vulnerability_ids
 
       BATCH_SIZE = 1000
 
@@ -16,7 +16,7 @@ def initialize(vulnerability_ids)
       end
 
       def execute
-        findings = Vulnerabilities::Finding.with_cve_enrichments.by_vulnerability(@vulnerability_ids)
+        findings = Vulnerabilities::Finding.with_cve_enrichments.by_vulnerability(vulnerability_ids)
         findings_to_update = filter_findings_by_feature_flag(findings)
 
         findings_to_update.each_slice(BATCH_SIZE) do |findings_batch|
@@ -36,8 +36,9 @@ def execute
             update_only: [:risk_score]
           )
 
-          log_updates
+          log_updates(findings_to_update.map(&:vulnerability_id))
         end
+        sync_elasticsearch
       end
 
       private
@@ -64,14 +65,18 @@ def timestamp
         @timestamp ||= Time.current
       end
 
-      def log_updates
+      def log_updates(ids)
         Gitlab::AppLogger.info(
           class: self.class.name,
           message: "Vulnerability finding risk scores updated",
-          vulnerability_ids: @vulnerability_ids,
+          vulnerability_ids: ids,
           timestamp: timestamp
         )
       end
+
+      def sync_elasticsearch
+        Vulnerabilities::EsHelper.sync_elasticsearch(vulnerability_ids)
+      end
     end
   end
 end
diff --git a/ee/spec/services/vulnerabilities/findings/risk_score_calculation_service_spec.rb b/ee/spec/services/vulnerabilities/findings/risk_score_calculation_service_spec.rb
index 6b1bd320ce7e27..dcb1ead65ea919 100644
--- a/ee/spec/services/vulnerabilities/findings/risk_score_calculation_service_spec.rb
+++ b/ee/spec/services/vulnerabilities/findings/risk_score_calculation_service_spec.rb
@@ -89,6 +89,13 @@
         service.execute
       end
 
+      it "syncs to elasticsearch" do
+        expect(Vulnerabilities::EsHelper).to receive(:sync_elasticsearch)
+          .with(vulnerability_ids)
+
+        service.execute
+      end
+
       context "with findings from different groups" do
         let_it_be(:project_2) { create(:project) }
         let_it_be(:vulnerability_list_2) { create_list(:vulnerability, 2, project: project_2) }
-- 
GitLab