Update `Mutations::Vulnerabilities::Create` to accept a Vulnerability location
Why are we doing this work?
When working on changes required for #10272 (closed) the merge request grew very quickly and I had to "stub" out Types::VulnerabilityLocation::GenericType
which is going to return an empty description
for all Vulnerabilities created via Mutations::Vulnerabiliites::Create
.
Currently we have the following location types in our GraphQL API:
- VulnerabilityLocation::ContainerScanningType,
- VulnerabilityLocation::DependencyScanningType,
- VulnerabilityLocation::DastType,
- VulnerabilityLocation::SastType,
- VulnerabilityLocation::SecretDetectionType,
- VulnerabilityLocation::CoverageFuzzingType,
- VulnerabilityLocation::GenericType
We should update the mutation to allow users to provide different location types for Vulnerabilities they create via their APIs
Problems
GraphQL still has no InputUnion type
- RFC: https://github.com/graphql/graphql-wg/blob/main/rfcs/InputUnion.md
- Possible solution: https://github.com/graphql/graphql-spec/pull/733
- Another possible solution: https://github.com/graphql/graphql-spec/pull/825
Implementation plan
Edited by Michał Zając