Draft: Include `dismissed` by default for `Pipeline.securityReportFindings`
requested to merge 422542-pipeline-securityreportfindings-does-not-return-all-expected-results-2 into master
What does this MR do and why?
The existing behavior is to only return non-dismissed vulnerabilities
in the Pipeline.securityReportFindings
graphQL query
We now want to include ALL vulnerabilities, regardless of state. To get a response excluding the dismissed vulnerabilities you will now need to filter with a query something like:
query VulnerabilityFindings {
project(fullPath: "path/to/project") {
pipeline(iid: 1) {
securityReportFindings(state: [DETECTED, CONFIRMED, RESOLVED]) {
nodes {
description
state
}
}
}
}
}
resolves: #422542 (closed)
Changelog: changed
EE: true
Screenshots or screen recordings
Before | After |
---|---|
How to set up and validate locally
- Create a new project.
- Add a README.md file with the following content:
https://username:password@gitlab.com/test-group/project.git https://username:password@github.com/test-group/project.git
- Add a
.gitlab-ci.yml
file with the following content:include: - template: 'Jobs/Secret-Detection.latest.gitlab-ci.yml'
- Run a pipeline.
- Visit the project Vulnerability report page
- Change the status of one of the vulnerabilities to
Dismissed
. - Visit the
/-/graphql-explorer
- Execute a query like:
query VulnerabilityFindings { project(fullPath: "gitlab-org/vuln-bug") { pipeline(iid: 3) { securityReportFindings { nodes { description state } } } } }
- you should see the
dismissed
vulnerability in the response - Execute a query like:
query VulnerabilityFindings { project(fullPath: "gitlab-org/vuln-bug") { pipeline(iid: 3) { securityReportFindings(state: [DETECTED, CONFIRMED, RESOLVED]) { nodes { description state } } } } }
- the
dismissed
vulnerability should be excluded from the response
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Michael Becker