Expose the state field for vulnerability findings

Changelog: added MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62147 EE: true

Expose the state field for vulnerability findings
Changelog: added MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62147 EE: true
29e8f53a · Savas Vedova · 296c947e · 29e8f53a · 29e8f53a · 29e8f53a
Commit 29e8f53a authored May 19, 2021 by Savas Vedova
5 changed files
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -10951,6 +10951,7 @@ Represents vulnerability finding of a security report on the pipeline.
 | <a id="pipelinesecurityreportfindingscanner"></a>`scanner` | [`VulnerabilityScanner`](#vulnerabilityscanner) | Scanner metadata for the vulnerability. |
 | <a id="pipelinesecurityreportfindingseverity"></a>`severity` | [`VulnerabilitySeverity`](#vulnerabilityseverity) | Severity of the vulnerability finding. |
 | <a id="pipelinesecurityreportfindingsolution"></a>`solution` | [`String`](#string) | URL to the vulnerability's details page. |
+| <a id="pipelinesecurityreportfindingstate"></a>`state` | [`VulnerabilityState`](#vulnerabilitystate) | The finding status. |
 | <a id="pipelinesecurityreportfindinguuid"></a>`uuid` | [`String`](#string) | Name of the vulnerability finding. |

 ### `Project`

--- a/ee/app/assets/javascripts/security_dashboard/graphql/queries/pipeline_findings.query.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/queries/pipeline_findings.query.graphql
@@ -31,6 +31,7 @@ query pipelineFindings(
          scanner {
            vendor
          }
+          state
          severity
          location {
            ...VulnerabilityLocation

--- a/ee/app/graphql/types/pipeline_security_report_finding_type.rb
+++ b/ee/app/graphql/types/pipeline_security_report_finding_type.rb
@@ -70,6 +70,11 @@ module Types
          null: true,
          description: "URL to the vulnerability's details page."

+    field :state,
+          type: VulnerabilityStateEnum,
+          null: true,
+          description: "The finding status."
+
    def location
      object.location&.merge(report_type: object.report_type)
    end

--- a/ee/spec/frontend/security_dashboard/mock_data/index.js
+++ b/ee/spec/frontend/security_dashboard/mock_data/index.js
@@ -264,6 +264,7 @@ export const mockPipelineFindingsResponse = ({ hasNextPage } = {}) => ({
              ],
              scanner: null,
              severity: 'HIGH',
+              state: 'DETECTED',
              location: {
                __typename: 'VulnerabilityLocationDependencyScanning',
                blobPath: null,
@@ -280,6 +281,7 @@ export const mockPipelineFindingsResponse = ({ hasNextPage } = {}) => ({
                'A prototype pollution vulnerability in handlebars may lead to remote code execution if an attacker can control the template in handlebars',
              description: null,
              confidence: 'unknown',
+              state: 'RESOLVED',
              identifiers: [
                {
                  externalType: 'retire.js',

--- a/ee/spec/graphql/types/pipeline_security_report_finding_type_spec.rb
+++ b/ee/spec/graphql/types/pipeline_security_report_finding_type_spec.rb
@@ -15,7 +15,8 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do
       project
       description
       location
-       solution]
+       solution
+       state]
  end

  specify { expect(described_class.graphql_name).to eq('PipelineSecurityReportFinding') }