Skip to content

Deprecate GraphQL field PipelineSecurityReportFinding.projectFingerprint

What does this MR do and why?

We are in the process of deprecating the usage of the project_fingerprint attribute of the findings. By using uuid values to identify findings, we can easily associate any related entity with finding, as described in Remove `projectFingerprint` from `PipelineSecur... (#349013). This MR deprecates the project_fingerprint field from the GraphQL query.

Deprecation Notice MR

Screenshots or screen recordings

Screen_Shot_2022-06-08_at_3.33.20_PM

How to set up and validate locally

  1. In the GraphiQL explorer, query a project that has a pipeline with security findings (https://gitlab.com/gitlab-examples/security/security-reports always works well).
query {
  project(fullPath:"<namespace/project>"){
    pipelines{
      nodes{
        iid
      }
    }
  }
}
  1. When using the following query, both uuid and projectFingerprint should data, but projectFingerprint should not show up in the autocomplete (uuid should). There should also be a squiggly line with a tooltip indicating the deprecation.
query {
  project(fullPath:"<namespace/project>"){
    pipeline(iid:"<pipeline id>"){
      securityReportFindings(first:10){
        nodes{
          uuid
          projectFingerprint
        }
      }
    }
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #349013

Edited by Jonathan Schafer

Merge request reports

Loading