GraphQL mutation to dismiss Security Finding
Why are we doing this work
Following Change vulnerabilityFindingDismiss mutation to ... (#360478 - closed), we are able to use the UUID of a vulnerability finding to dismiss it. However, this does not work for security findings. This is necessary to be able to dismiss vulnerabilities from the pipeline as we currently do, without the need for a vulnerability finding. The way this mutation currently works, is that is searches for a vulnerability finding by uuid
or id
(id
to be deprecated in 16.0)
Relevant links
Non-functional requirements
-
Testing: Add tests for dismissing security findings with or without vulnerability findings
Implementation plan
-
backend Create a new mutation called dismissSecurityReportFinding
based onvulnerabilityFindingDismiss
-
backend Deprecate vulnerabilityFindingDismiss
Verification steps
- Get the uuid of a non-dismissed finding
query pipelineFindings {
project(fullPath: "<project path>") {
pipeline(iid:"<pipeline iid>") {
securityReportFindings(first:1) {
nodes {
uuid
state
}
}
}
}
}
- Call the dismiss mutation
mutation {
securityFindingDismiss(input:{uuid:"<uuid>"}) {
uuid
}
}
- Check the finding state again
query pipelineFindings {
project(fullPath: "<project path>") {
pipeline(iid:"<pipeline iid>") {
securityReportFindings(first:1) {
nodes {
uuid
state
}
}
}
}
}
Edited by Jonathan Schafer