Skip to content

Add all fields that are needed to render the Vulnerability Details page to the GraphQL schema

In order to fully migrate the Vulnerability Details page to GraphQL, we need to add the following fields to the Vulnerability type's schema.

Below is a list of the data-fields that we currently use to render a Vulnerability, matched against the current Vulnerability schema ( are fields that are already supported / 🛑 are fields that are missing):

Used fields on vulnerability

  • Header
    • id
    • state
    • hasMr (🛑 but could get via mergeRequest field): needed for patch-download condition
    • remediations (missing): needed for patch-download
    • mergeRequestFeedback(.mergeRequestPath) 🛑 : needed for MR-creation
    • createMrUrl 🛑 : needed for MR-creation
    • resolvedOnDefaultBranch
    • reportType
    • pipeline.sourceBranch 🛑 : needed for MR-creation
    • projectFingerPrint 🛑 : needed for MR creation
    • projectDefaultBranch 🛑 : needed for resolution alert
    • createdById / dismissedById ... 🛑 : needed to fetch status description's user
      • Status Description
        • pipeline.id 🛑
        • pipeline.createdAt 🛑
        • pipeline.url 🛑
        • detectedAt
        • confirmedAt
        • resolvedAt
        • dismissedAt
  • Details:
    • location
      • file
      • blobPath
      • startLine
      • endLine
      • crashType 🛑
      • stackTraceSnippet 🛑
      • file
      • image
      • operatingSystem
      • class (NOTE: vulnerableClass)
      • method (NOTE: vulnerableMethod)
      • crashAddress 🛑
    • stacktraceSnippet 🛑
    • scanner (type: VulnerabilityScanner)
      • url 🛑
      • name
      • version 🛑
    • evidenceSource 🛑
      • name
    • supportingMessages[] 🛑
      • name
      • response
    • request 🛑
      • body
      • method
      • url
      • headers[]
        • name
        • value
    • response 🛑
      • body
      • statusCode
      • reasponPhrase
      • headers[]
        • name
        • value
    • recordedMessage 🛑
      • body
      • statusCode
      • reasonPhrase
      • headers[]
        • name
        • value
    • title
    • description
    • severity
    • evidence 🛑
    • links[]
      • url
    • identifiers[]
      • url
      • name
    • assets[] 🛑
      • url
      • name
  • Footer
    • id
    • project
      • fullPath
      • fullName (NOTE: nameWithNamespace
    • solution 🛑
    • hasMr (NOTE: via mergeRequest)
    • remediations[] 🛑
      • diff
    • state
    • pipeline 🛑
      • id
      • url
      • createdAt
    • details
    • mergeRequestFeedback
      • author (via mergeRequest.author)
      • createdAt (via mergeRequest.createdAt)
      • mergeRequestPath (via mergeRequest.webUrl)
      • mergeRequestIid (via mergeRequest.iid)
    • canModifyRelatedIssues 🛑
    • relatedIssuesHelpPath 🛑