Skip to content

Change vulnerabilityFindingDismiss mutation to accept uuid argument

Why are we doing this work

We need to be able to dismiss pipeline findings. There is a mutation vulnerabilityFindingDismiss, but this does not work for pipelines. The only ID available to security findings is the UUID. We need to accept the UUID of a finding to dismiss the vulnerability finding and/or the security finding. We also need to deprecate the use of id as a parameter. However, that deprecation should come in a separate issue.

Relevant links

N/A

Non-functional requirements

  • Documentation: Update GraphQL docs
  • Testing: Add relevant tests

Implementation plan

  • backend Add uuid as an input for the vulnerabilityFindingDismiss mutation
  • backend Remove the requirement on id as an input
  • backend Add check to make sure at least id or uuid is present

Verification steps

  1. Run a pipeline on the main branch of a test project
  2. Get the UUID of a finding via GraphQL 
    query {
  project(fullPath:"jschafer/security-reports") {
    pipelines(first:1) {
      nodes {
        securityReportFindings(first:1) {
          nodes {
            uuid
          }
        }
      }
    }
  }
}
  3. Dismiss the finding via GraphQL 
    mutation {
  vulnerabilityFindingDismiss(input:{uuid:"<uuid>"}){
    finding {
      title
    }
  }
}
  4. GraphQL should return with the title of the security finding
  5. The Security tab on the pipeline should show the security finding as dismissed.
Edited by Jonathan Schafer