Vulnerability API - Different Information in Vulnerabilities
Summary
Hello folks,
For this Issue I'm using the same project for all cases that I have. I'm having a problem related to Gitlab API that I'm not able to understand and I need to check if it's a bug:
- My GET requisition to "Vulnerability finding API" (https://docs.gitlab.com/ee/api/vulnerability_findings.html):
- Take a look at "Severity" and "ID" field
- The vulnerability in "Security Dashboard"
- The result of the scanner
(Dependency scanner) - Take a look at "Severity"
4 . The result of "Vulnerabilities API" (https://git.xxx.com/api/v4/projects/ID/vulnerabilities)
- Take a look at "Severity" and "ID"
As you can see, I'm having different information for the same vulnerability.
For your Information I'm creating a script that:
- A. Grab all the vulnerabilities from all projects
- B. Checks the ones with "High" and "Critical" severities
- C. Populate this vulnerability in a internal spreadsheet
- D. Put the vulnerability as "Dismissed" with the comment: "Already in Vulnerability Management spreadsheet"
But as you can see I'm not able to do this because I'm having different informations for the same vulnerability.
Steps to reproduce
I think that I made myself clear in the first topic
Example Project
It's internal, Enterprise plan.
What is the current bug behavior?
I'm having different information for the same vulnerability
What is the expected correct behavior?
I need to have the same information for the same vulnerability, mainly: Severity and ID
Relevant logs and/or screenshots
Already in Summarize