Skip to content

Migrate refreshVulnerability to GraphQL

What does this MR do?

Related to #228740 (closed).

This MR migrates refreshVulnerability method to GraphQL. Previously it was using the REST API. In order to test this, you'll need to have a EE license.

  1. Go to your project
  2. Click on Security & Compliance > Vulnerability Report > Pick a vulnerability.
  3. In order to test these changes, you'll need to have a separate account (perhaps in incognito mode) and open the same page.
  4. From the browser with the user that has access to modify the vulnerability, change the state
  5. From the browser with the secondary user, wait till the query is triggered (it gets triggered every 5 seconds if there are some changes) and you should see that the vulnerability state is updated (below a screenshot that illustrates this). Alternatively, (haven't tried but it should also work), open a secondary tab with the same user and simply change the status from there and check that the other tab has been updated accordingly.

Screenshots (strongly suggested)

There are no visual changes for this MR as it simply replaces REST with GraphQL. However, here's a Gif to illustrate how this works after these changes:

realtime-state-sync

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Savas Vedova

Merge request reports

Loading