Add ability to sort vulnerabilities by report type

This change adds ability to sort vulnerabilities by report type in
GraphQL.

doc/api/graphql/reference/gitlab_schema.graphql

@@ -19836,6 +19836,16 @@ enum VulnerabilitySort {
   """
   detected_desc
 
+  """
+  Report Type in ascending order
+  """
+  report_type_asc
+
+  """
+  Report Type in descending order
+  """
+  report_type_desc
+
   """
   Severity in ascending order
   """

doc/api/graphql/reference/gitlab_schema.json

@@ -57815,6 +57815,18 @@
               "description": "Detection timestamp in ascending order",
               "isDeprecated": false,
               "deprecationReason": null
+            },
+            {
+              "name": "report_type_desc",
+              "description": "Report Type in descending order",
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
+              "name": "report_type_asc",
+              "description": "Report Type in ascending order",
+              "isDeprecated": false,
+              "deprecationReason": null
             }
           ],
           "possibleTypes": null

doc/api/graphql/reference/index.md

@@ -3640,6 +3640,8 @@ Vulnerability sort values.
 | ----- | ----------- |
 | `detected_asc` | Detection timestamp in ascending order |
 | `detected_desc` | Detection timestamp in descending order |
+| `report_type_asc` | Report Type in ascending order |
+| `report_type_desc` | Report Type in descending order |
 | `severity_asc` | Severity in ascending order |
 | `severity_desc` | Severity in descending order |
 | `title_asc` | Title in ascending order |

ee/app/graphql/types/vulnerability_sort_enum.rb

@@ -11,5 +11,7 @@ module Types
     value 'title_asc', 'Title in ascending order'
     value 'detected_desc', 'Detection timestamp in descending order'
     value 'detected_asc', 'Detection timestamp in ascending order'
+    value 'report_type_desc', 'Report Type in descending order'
+    value 'report_type_asc', 'Report Type in ascending order'
   end
 end

ee/app/models/ee/vulnerability.rb

@@ -103,6 +103,8 @@ module EE
       scope :order_title_desc, -> { reorder(title: :desc, id: :desc) }
       scope :order_created_at_asc, -> { reorder(created_at: :asc, id: :desc) }
       scope :order_created_at_desc, -> { reorder(created_at: :desc, id: :desc) }
+      scope :order_report_type_asc, -> { reorder(report_type_order.asc, id: :desc) }
+      scope :order_report_type_desc, -> { reorder(report_type_order.desc, id: :desc) }
       scope :order_id_desc, -> { reorder(id: :desc) }
 
       scope :with_limit, -> (maximum) { limit(maximum) }
@@ -192,6 +194,18 @@ module EE
         )
       end
 
+      def report_type_order
+        report_types
+          .sort
+          .to_h
+          .values
+          .each
+          .with_index
+          .reduce(Arel::Nodes::Case.new(arel_table[:report_type])) do |node, (value, index)|
+            node.when(value).then(index)
+          end
+      end
+
       def active_states
         ACTIVE_STATES
       end
@@ -212,6 +226,8 @@ module EE
         when 'title_asc' then order_title_asc
         when 'detected_desc' then order_created_at_desc
         when 'detected_asc' then order_created_at_asc
+        when 'report_type_desc' then order_report_type_desc
+        when 'report_type_asc' then order_report_type_asc
         else
           order_severity_desc
         end

ee/changelogs/unreleased/249245-add-sorting-vulnerabilities-by-report-type.yml

+---
+title: Add ability to sort vulnerabilities by report type in GraphQL
+merge_request: 42979
+author:
+type: added

ee/spec/graphql/types/vulnerability_sort_enum_spec.rb

@@ -6,6 +6,6 @@ RSpec.describe GitlabSchema.types['VulnerabilitySort'] do
   it { expect(described_class.graphql_name).to eq('VulnerabilitySort') }
 
   it 'exposes all the existing Vulnerability sort orders' do
-    expect(described_class.values.keys).to include(*%w[severity_desc severity_asc title_desc title_asc detected_desc detected_asc])
+    expect(described_class.values.keys).to include(*%w[severity_desc severity_asc title_desc title_asc detected_desc detected_asc report_type_desc report_type_asc])
   end
 end

ee/spec/models/ee/vulnerability_spec.rb

@@ -301,6 +301,29 @@ RSpec.describe Vulnerability do
     end
   end
 
+  describe '.order_report_type' do
+    let_it_be(:vulnerability_dast) { create(:vulnerability, :dast) }
+    let_it_be(:vulnerability_secret_detection) { create(:vulnerability, :secret_detection) }
+    let_it_be(:vulnerability_sast) { create(:vulnerability, :sast) }
+    let_it_be(:vulnerability_coverage_fuzzing) { create(:vulnerability, :coverage_fuzzing) }
+
+    describe 'asc' do
+      subject { described_class.order_report_type_asc }
+
+      it 'returns vulnerabilities ordered by report_type' do
+        is_expected.to eq([vulnerability_coverage_fuzzing, vulnerability_dast, vulnerability_sast, vulnerability_secret_detection])
+      end
+    end
+
+    describe 'desc' do
+      subject { described_class.order_report_type_desc }
+
+      it 'returns vulnerabilities ordered by report_type' do
+        is_expected.to eq([vulnerability_secret_detection, vulnerability_sast, vulnerability_dast, vulnerability_coverage_fuzzing])
+      end
+    end
+  end
+
   describe '.with_resolution' do
     let_it_be(:vulnerability_with_resolution) { create(:vulnerability, resolved_on_default_branch: true) }
     let_it_be(:vulnerability_without_resolution) { create(:vulnerability, resolved_on_default_branch: false) }