Skip to content

Add 'details' object to GraphQL query

Chen Charnolevsky requested to merge 482849-add-details-to-graphql-P3 into master

What does this MR do and why?

According to this task, this MR is the second step for adding 'details' to MR changes query.

(The first step was added 'details' to Ruby files.)

When gitlab found a vulnerability in 'mr changes page' there is a GraphQL query that brings all the details of the vulnerability.

In this MR:

  1. I have added a details object to GraphQL query.
  2. moving ee/app/assets/javascripts/security_dashboard/graphql/fragments/vulnerability_detail.fragment.graphql to a shared folder: app/assets/javascripts/graphql_shared/fragments/vulnerability_detail.fragment.graphql.

Note: We split Ruby and GraphQL changes because of backward compatibility issue.

References

Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
Screenshot_2024-09-05_at_9.18.23 Screenshot_2024-09-05_at_9.15.47

How to set up and validate locally

  1. Upload a GitLab Ultimate license
  2. Create an empty project
  3. Go to your locally project and edit with web IDE
  4. Create a new file called: gl-sast-report.json and copy the content from here: gl-sast-report.json
  5. Create a new file .gitlab-ci.yml and pasted this content: gitlab-ci.yml
  6. Create a new folder called app and a new file inside called app.py and pasted this content: app.py
  7. Create a new MR
  8. Go into 'Changes' in your MR and you will see the detected vulnerability using shapes next to the specific rows.
  9. Open Inspect element -> Network -> find graphql API request with operationName: "getMRCodequalityAndSecurityReports" -> Preview -> Check that details object exist in data.project.mergeRequest.sastReport.report.added[0]

Numbered steps to set up and validate the change are strongly suggested.

Related to #482849

Edited by Chen Charnolevsky

Merge request reports