Add details to PipelineSecurityReportFindingType
requested to merge 371261-add-genericreport-fields-to-pipelinesecurityreportfinding-graphql-type into master
What does this MR do and why?
This MR adds the details
field to security findings, similar to the details
field Vulnerabilities use.
Screenshots or screen recordings
The security finding details match the vulnerability details.
How to set up and validate locally
- Run the following GraphQL query on the security reports test project.
project(fullPath:"<project path>") {
pipeline(iid:"<pipeline iid>") {
securityReportFindings(scanner:"zaproxy") {
nodes {
uuid
details {
... on VulnerabilityDetailDiff {
before
after
}
}
}
}
}
}
- Run the following query on the corresponding Vulnerability (should be the
X-Frame-Options Header Not Set
DAST vulnerability)
vulnerability(id:"gid://gitlab/Vulnerability/<Vulnerability ID>") {
details {
... on VulnerabilityDetailDiff {
before
after
}
}
}
- The details should match
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #371261 (closed)
Edited by Jonathan Schafer