Add all fields that are needed to render the Vulnerability Details page to the GraphQL schema
In order to fully migrate the Vulnerability Details page to GraphQL, we need to add the following fields to the Vulnerability type's schema.
Below is a list of the data-fields that we currently use to render a Vulnerability, matched against the current Vulnerability schema (
Used fields on vulnerability
- Header
id✅ state✅ hasMr(🛑 but could get viamergeRequestfield): needed for patch-download conditionremediations(missing): needed for patch-downloadmergeRequestFeedback(.mergeRequestPath)🛑 : needed for MR-creationcreateMrUrl🛑 : needed for MR-creationresolvedOnDefaultBranch✅ reportType✅ pipeline.sourceBranch🛑 : needed for MR-creationprojectFingerPrint🛑 : needed for MR creationprojectDefaultBranch🛑 : needed for resolution alertcreatedById/dismissedById...🛑 : needed to fetch status description's user- Status Description
pipeline.id🛑 pipeline.createdAt🛑 pipeline.url🛑 detectedAt✅ confirmedAt✅ resolvedAt✅ dismissedAt✅
- Status Description
- Details:
location✅ file✅ blobPath✅ startLine✅ endLine✅ crashType🛑 stackTraceSnippet🛑 file✅ image✅ operatingSystem✅ class✅ (NOTE:vulnerableClass)method✅ (NOTE:vulnerableMethod)crashAddress🛑
stacktraceSnippet🛑 scanner(type:VulnerabilityScanner)url🛑 name✅ version🛑
evidenceSource🛑 name
supportingMessages[]🛑 nameresponse
request🛑 bodymethodurlheaders[]namevalue
response🛑 bodystatusCodereasponPhraseheaders[]namevalue
recordedMessage🛑 bodystatusCodereasonPhraseheaders[]namevalue
title✅ description✅ severity✅ evidence🛑 links[]✅ url✅
identifiers[]✅ url✅ name✅
assets[]🛑 urlname
- Footer
id✅ project✅ fullPath✅ fullName(NOTE:nameWithNamespace
solution🛑 hasMr(NOTE: viamergeRequest)remediations[]🛑 diff
state✅ pipeline🛑 idurlcreatedAt
details✅ mergeRequestFeedbackauthor(viamergeRequest.author)createdAt(viamergeRequest.createdAt)mergeRequestPath(viamergeRequest.webUrl)mergeRequestIid(viamergeRequest.iid)
canModifyRelatedIssues🛑 relatedIssuesHelpPath🛑