Rename Vulnerabilities API to Vulnerability Findings API
What does this MR do?
Addresses the "Rename existing Vulnerabilities API
to Vulnerability Findings API
" step of First-class vulnerabilities backend MVC implementation.
Important: the new Vulnerability Findings API comes behind the feature flag, disabled by default. The vulnerability_findings
API endpoint is always present to be able to react to the feature flag enablement without reloading
the app (Grape API is evaluated once and preloaded upon app start).
When the feature flag is disabled (default), vulnerability_findings
API just responds with 404 Not Found
for any request. vulnerabilities
API returns Vulnerability::Occurrence
s.
When the feature flag is enabled, vulnerability_findings
API behaves just like old vulnerabilities
API, returning Vulnerability::Occurrence
s. And the new vulnerabilities
endpoint will return project's Vulnerabilities
list, paginated. This will be done in subsequent MRs, currently stubbed as 404 Not Found
.
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
-
Documentation created/updated or follow-up review issue created -
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Performance and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team