Vulnerabilities GraphQL query does not return vulnerabilities
Why are we doing this work
When querying vulnerabilities as the top level query, a filtered query returns no vulnerabilities unless they exist in the user security dashboard. We need this call to be more in line with what a user might expect. Just looking at the GraphQL doesn't indicate that the results would be filtered to the user security dashboard.
Steps to reproduce
Run the GraphQL query:
{
vulnerabilities(projectId: "gid://gitlab/Project/6102100") {
nodes {
title
}
}
}
The response will contain no vulnerabilities:
However, the equivalent query on project
does produce results:
Any project will exhibit this behavior, but https://gitlab.com/gitlab-examples/security/security-reports is a good one to test on.
Relevant links
Non-functional requirements
-
Documentation: Update GraphQL documentation and GitLab docs if necessary -
Testing: Add tests for error conditions and new filters
Implementation plan
-
backend Add security_center_dashboard
boolean flag tovulnerabilities
query to indicate the results should be restricted to the User Security Dashboard projects -
frontend Add user_security_dashboard
to call from the User Security Dashboard -
backend Add groups
filter to thevulnerabilities
query -
backend Update VulnerabilitiesBaseResolver vulnerable
method to check for groups and projects as arguments -
backend return an error if projects, groups, and user security dashboard are all not present. - "A filter must be provided through
projects
,groups
, oruser_security_dashboard
- "A filter must be provided through
Edited by Jonathan Schafer