Enable securityReportFindings GraphQL to retrieve scanners
requested to merge 368601-securityreportfindings-graphql-resolver-is-unable-to-retrieve-scanners into master
What does this MR do and why?
This MR fixes the PipelineVulnerabilitiesFinder
to include the project_id
in the scanner for the findings. This is necessary for the securityReportFindings GraphQL field to respond with the scanner data, as the `ScannerPolicy authorization is delegated to the project authorization.
Screenshots or screen recordings
Before
After
How to set up and validate locally
- Check out the master branch
- Make the following GraphQL call
query pipelineFindings {
project(fullPath: "<project path>") {
pipeline(iid:"<pipeline IID>") {
securityReportFindings(first:1) {
nodes {
scanner {
name
}
}
}
}
}
}
- The scanner should be
null
{
"data": {
"project": {
"pipeline": {
"securityReportFindings": {
"nodes": [
{
"scanner": null
}
]
}
}
}
}
}
- Check out this branch
- Make the call again
- The scanner should not be
null
{
"data": {
"project": {
"pipeline": {
"securityReportFindings": {
"nodes": [
{
"scanner": "<scanner name>"
}
]
}
}
}
}
}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #368601 (closed)
Edited by Jonathan Schafer