diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fc3525..610bb9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). ## [Unreleased] +### Fixed (2026-06-17) + +- **Race condition in SNow CVE Demo workflow** — `send_cve_to_snow.yml` now + pauses 60 seconds at the start to allow Lightspeed to ingest the vulnerability + state uploaded by `insights-client` before querying the vulnerability API. + Without the delay the CVE query returned stale results and missed the newly + introduced CVE. Closes #145. + ### Changed (2026-06-16) - **Architecture diagram tweaks** — reduced RHEL host stack to a single host in diff --git a/playbooks/servicenow/send_cve_to_snow.yml b/playbooks/servicenow/send_cve_to_snow.yml index 51139d4..3beacba 100644 --- a/playbooks/servicenow/send_cve_to_snow.yml +++ b/playbooks/servicenow/send_cve_to_snow.yml @@ -43,6 +43,15 @@ target_fqdn: "" tasks: + # ── Allow Lightspeed to process the new vulnerability state ─────────────── + # insights-client (run in the previous workflow step) uploads host state to + # console.redhat.com, but Lightspeed needs ~60s to ingest it and surface the + # CVE in the vulnerability API. Without this pause the query returns stale + # results and misses the newly introduced CVE. + - name: Wait 60 s for Lightspeed to ingest the new vulnerability state + ansible.builtin.pause: + seconds: 60 + # ── Resolve host from AAP inventory if not provided ─────────────────────── - name: Acquire AAP token for inventory lookup when: target_fqdn | length == 0