Commit 29e8f53a authored by Savas Vedova's avatar Savas Vedova

Expose the state field for vulnerability findings

Changelog: added
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62147
EE: true
parent 296c947e
...@@ -10951,6 +10951,7 @@ Represents vulnerability finding of a security report on the pipeline. ...@@ -10951,6 +10951,7 @@ Represents vulnerability finding of a security report on the pipeline.
| <a id="pipelinesecurityreportfindingscanner"></a>`scanner` | [`VulnerabilityScanner`](#vulnerabilityscanner) | Scanner metadata for the vulnerability. | | <a id="pipelinesecurityreportfindingscanner"></a>`scanner` | [`VulnerabilityScanner`](#vulnerabilityscanner) | Scanner metadata for the vulnerability. |
| <a id="pipelinesecurityreportfindingseverity"></a>`severity` | [`VulnerabilitySeverity`](#vulnerabilityseverity) | Severity of the vulnerability finding. | | <a id="pipelinesecurityreportfindingseverity"></a>`severity` | [`VulnerabilitySeverity`](#vulnerabilityseverity) | Severity of the vulnerability finding. |
| <a id="pipelinesecurityreportfindingsolution"></a>`solution` | [`String`](#string) | URL to the vulnerability's details page. | | <a id="pipelinesecurityreportfindingsolution"></a>`solution` | [`String`](#string) | URL to the vulnerability's details page. |
| <a id="pipelinesecurityreportfindingstate"></a>`state` | [`VulnerabilityState`](#vulnerabilitystate) | The finding status. |
| <a id="pipelinesecurityreportfindinguuid"></a>`uuid` | [`String`](#string) | Name of the vulnerability finding. | | <a id="pipelinesecurityreportfindinguuid"></a>`uuid` | [`String`](#string) | Name of the vulnerability finding. |
### `Project` ### `Project`
......
...@@ -31,6 +31,7 @@ query pipelineFindings( ...@@ -31,6 +31,7 @@ query pipelineFindings(
scanner { scanner {
vendor vendor
} }
state
severity severity
location { location {
...VulnerabilityLocation ...VulnerabilityLocation
......
...@@ -70,6 +70,11 @@ module Types ...@@ -70,6 +70,11 @@ module Types
null: true, null: true,
description: "URL to the vulnerability's details page." description: "URL to the vulnerability's details page."
field :state,
type: VulnerabilityStateEnum,
null: true,
description: "The finding status."
def location def location
object.location&.merge(report_type: object.report_type) object.location&.merge(report_type: object.report_type)
end end
......
...@@ -264,6 +264,7 @@ export const mockPipelineFindingsResponse = ({ hasNextPage } = {}) => ({ ...@@ -264,6 +264,7 @@ export const mockPipelineFindingsResponse = ({ hasNextPage } = {}) => ({
], ],
scanner: null, scanner: null,
severity: 'HIGH', severity: 'HIGH',
state: 'DETECTED',
location: { location: {
__typename: 'VulnerabilityLocationDependencyScanning', __typename: 'VulnerabilityLocationDependencyScanning',
blobPath: null, blobPath: null,
...@@ -280,6 +281,7 @@ export const mockPipelineFindingsResponse = ({ hasNextPage } = {}) => ({ ...@@ -280,6 +281,7 @@ export const mockPipelineFindingsResponse = ({ hasNextPage } = {}) => ({
'A prototype pollution vulnerability in handlebars may lead to remote code execution if an attacker can control the template in handlebars', 'A prototype pollution vulnerability in handlebars may lead to remote code execution if an attacker can control the template in handlebars',
description: null, description: null,
confidence: 'unknown', confidence: 'unknown',
state: 'RESOLVED',
identifiers: [ identifiers: [
{ {
externalType: 'retire.js', externalType: 'retire.js',
......
...@@ -15,7 +15,8 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do ...@@ -15,7 +15,8 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do
project project
description description
location location
solution] solution
state]
end end
specify { expect(described_class.graphql_name).to eq('PipelineSecurityReportFinding') } specify { expect(described_class.graphql_name).to eq('PipelineSecurityReportFinding') }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment