Draft:[PoC only]Add vulnerabilities to dependencies
What does this MR do and why?
Add vulnerabilities to dependencies. POC only.
Related issue: #422258 (closed)
Some of the missing changes:
-
app/graphql/gitlab_schema.rb
to_global_id will have to be added unless another type is used. - this code isn't DRY
- this code doesn't have specs
- FF related code hasn't been included
- DB indices have not been included
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
Graphql
query {
project(fullPath:"sbom-group/nested-group/another-group"){
dependencies(sort: NAME_ASC, componentNames: ["git"]) {
nodes{
name
packager
version
vulnerabilities{
id
url
name
severity
}
}
}
}
}
{
"data": {
"project": {
"dependencies": {
"nodes": [
{
"name": "git",
"packager": "BUNDLER",
"version": "1.11.0",
"vulnerabilities": [
{
"id": "558",
"url": "http://gdk.test:3000/sbom-group/nested-group/another-group/-/security/vulnerabilities/558",
"name": "Improper Control of Generation of Code ('Code Injection')",
"severity": "high"
},
{
"id": "560",
"url": "http://gdk.test:3000/sbom-group/nested-group/another-group/-/security/vulnerabilities/560",
"name": "Improper Control of Generation of Code ('Code Injection')",
"severity": "high"
}
]
},
{
"name": "git",
"packager": "BUNDLER",
"version": "1.11.0",
"vulnerabilities": [
{
"id": "1150",
"url": "http://gdk.test:3000/sbom-group/nested-group/another-group/-/security/vulnerabilities/1150",
"name": "Improper Control of Generation of Code ('Code Injection')",
"severity": "high"
},
{
"id": "1151",
"url": "http://gdk.test:3000/sbom-group/nested-group/another-group/-/security/vulnerabilities/1151",
"name": "Improper Control of Generation of Code ('Code Injection')",
"severity": "high"
}
]
}
]
}
}
}
}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins