[BE] Extend GraphQL Ci::PipelineType to filter Security Report Findings based on State
Why are we doing this work
This is the backend work to be used by the UI as described in #331401 (closed). The pipeline security tab looks MOSTLY the same as the project/group/Security Center vulnerability reports, but it is implemented using entirely different code/endpoints. One exception is that the "hide dismissed" toggle that exists today on the pipeline security tab will be displayed as a State dropdown (which is aligned with the other vulnerability reports). Currently, the only options available in the dropdown will be Dismissed
& Detected
, but over time that list may expand.
Relevant links
Non-functional requirements
-
Documentation: Update GraphQL documentation -
Testing: Add/update GraphQL specs for the new type
Implementation plan
-
Add state
argument inee/app/graphql/resolvers/pipeline_security_report_findings_resolver.rb
so that we can filter bystate
with GraphQL -
Add the ability to filter by state
inee/app/finders/security/pipeline_vulnerabilities_finder.rb
(note: there is a filter byscope
in this file which just include findings withdismissed
state or withoutdismissed
state but we want here the filter which will filter by any state or array of states)
Edited by Thiago Figueiró