[BE] Bulk status change for findings in the pipeline security dashboard
Why are we doing this work
Recently, with !61536 (merged) we started using the vulnerability_list.vue
component in the Pipeline Security Dashboard
. This list is backed by GraphQL and was already used in the Project
, Group
and Instance
. The bulk update works only for the vulnerabilities, we need to write a different query for the findings.
Steps to reproduce:
- Fork a repository (such as https://gitlab.com/gitlab-examples/security/security-reports/)
- Run the pipeline
- Enable the feature flag:
:pipeline_security_dashboard_graphql
- Go to Project > CI/CD > Pipelines > Your Pipeline > Security Tab
Relevant links
Implementation plan
-
backend Create new mutation vulnerabilityFindingDismiss
- Similar structure to ee/app/assets/javascripts/security_dashboard/graphql/mutations/vulnerability_dismiss.mutation.graphql and ee/app/graphql/mutations/vulnerabilities/dismiss.rb
- Needs to use
VulnerabilityFeedback::CreateService
to create the dismissal feedback
Edited by Thiago Figueiró