Migrate the Vulnerability REST API request to GraphQL
Since the REST API endpoint for vulnerabilities is going to be removed, and we rely on it, we need to migrate the code to use the GraphQL resource instead.
Items to be careful about:
-
created_at
doesn't exist anymore, seems to bedetectedAt
in GraphQL -
report_type
(notreportType
) is in caps in GraphQL - There's no
total-pages
in GraphQL, so we can't download data concurrently anymore. This will significantly increase the time to fetch all the records, as the queries have to be sequential to get the next cursor of each page.
GraphQL Query
Example:
query {
project(fullPath: "gitlab-org/gitlab") {
vulnerabilities(after:"eyJzZXZlcml0eSI6ImNyaXRpY2FsIiwiaWQiOiIxNTQ1NzIyNCJ9") {
pageInfo{
endCursor
}
nodes {
id
detectedAt
project {
id
}
reportType
confirmedAt
confirmedBy {
...user
}
dismissedAt
dismissedBy {
...user
}
resolvedAt
resolvedBy {
...user
}
resolvedOnDefaultBranch
severity
falsePositive
state
title
}
}
}
}
fragment user on User{
id
username
webUrl
}
Edited by Philippe Lafoucrière