Fix the `vulnerabilitySeveritiesCount` query for the group security dashboard
Why are we doing this work
The counts of severities are wrong for projects in the "Project security status" list for the "group security dashboard" because the client application is not sending the state
parameter to GraphQL API to fetch vulnerabilitySeveritiesCount
.
Relevant links
- Discovered while testing the solution for #244380 (closed)
Implementation plan
-
frontend Send the state
parameter as[DETECTED, CONFIRMED]
while fetching thevulnerabilitySeveritiesCount
. The query for group level can be located here:ee/app/assets/javascripts/security_dashboard/graphql/group_vulnerability_grades.query.graphql
. -
frontend Please note that the query is used in first_class_vulnerability_severities.vue
which is used by both theinstance
andgroup
level dashboards. Therefore we'll also need to update theinstance
level query which can be located here:ee/app/assets/javascripts/security_dashboard/graphql/instance_vulnerability_grades.query.graphql
I believe once the queries are updated, we can hard-code the state filters in ee/app/assets/javascripts/security_dashboard/components/first_class_vulnerability_severities.vue
as in the dashboards we don't have the concept of filters.
An example query looks like;
query getVulnerabilitySeveritiesCount {
project(fullPath: "...") {
vulnerabilitySeveritiesCount(state: [DETECTED, CONFIRMED]) {
critical
high
medium
low
unknown
info
}
}
}
Edited by Savas Vedova