Skip to content

Migrate vulnerability state management to GraphQL

Savas Vedova requested to merge 228740-use-graphql-mutations-to-update-state into master

What does this MR do?

This change is regarding migrating REST endpoints to GraphQL in Vulnerability Management.

In order to access the vulnerability page:

  1. You'll need EE license
  2. You'll need to have a project with security scanners enabled and run the pipeline at least once.
  3. If there are any vulnerabilities found, you can see them through Project > Security & Compliance > Vulnerability Report
  4. Clicking on a vulnerability title will bring you the Vulnerability Detail page, where the changes of this MR happens.

We currently have 4 states:

  1. Dismissed
  2. Confirmed
  3. Resolved
  4. Detected

By default, a vulnerability is in Detected state but you can change the state in the Vulnerability Details page. Reverting a vulnerability will bring its state back to Detected.

In GraphQL we have one mutation foreach state. Therefore, I had to create 3 mutations (as one of them already pre-existed). The following files in this MR represents these changes:

image

Then, the core changes of this MR happens in this file: ee/app/assets/javascripts/vulnerabilities/components/header.vue. Rest of the MR is just adopting to these changes.

Screenshots (strongly suggested)

before after
change-state-before change-state-gql

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #228740 (closed)

Edited by Savas Vedova

Merge request reports