Add GraphQL fields to support migration for Vulnerability Details

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Why are we doing this work

As a result of Technical Spike: Define GraphQL schema to suppo... (#343312 - closed), to support Convert the pipeline security tab to use GraphQ... (&4969 - closed).

Relevant links

Non-functional requirements

Documentation:
Feature flag:
Performance:
Testing:

Implementation plan

As part of refinement, break these down into implementation tasks and, if necessary, separate issues

 # Enums
  enum VulnerabilityEvidenceSupportingMessageName {
    RECORDED
  }
  # Types

  ## Evidence
  type VulnerabilityEvidence {
    summary: String
    supportingMessages: [VulnerabilityEvidenceSupportingMessage!]
    source: VulnerabilityEvidenceSource
    request: [VulnerabilityRequest!]
    response: [VulnerabilityResponse!]
  }

  type VulnerabilityEvidenceSupportingMessage {
    name: VulnerabilityEvidenceSupportingMessageName!
    request: [VulnerabilityRequest!]
    response: [VulnerabilityResponse!]
  }

  type VulnerabilityEvidenceSource {
    id: ID!
    name: String
    url: String
  }

  ## Evidence -- end

  type VulnerabilityRequestResponseHeader {
    name: String
    value: String
  }

  type VulnerabilityRequest {
    body: String
    method: String
    url: String
    headers: [VulnerabilityRequestResponseHeader!]
  }

  type VulnerabilityResponse {
    body: String
    statusCode: String
    reasonPhrase: String
    headers: [VulnerabilityRequestResponseHeader!]
  }

  type VulnerabilityAsset {
    name: String
    url: String
  }

  type VulnerabilityRemediation {
    diff: [String!]
  }

  ## Extensions

  # Check /ee/lib/ee/gitlab/ci/parsers/security/validators/schemas/coverage_fuzzing.json
  # for more details
  extend type VulnerabilityLocationCoverageFuzzing {
    crashType: String
    crashAddress: String
    stacktraceSnippet: String
  }

  extend type VulnerabilityScanner {
    url: String
    version: String
  }

  extend type Vulnerability {
    assets: [VulnerabilityAsset!]
    canModifyRelatedIssues: Boolean!
    createdAt: Time
    evidence: VulnerabilityEvidence
    pipeline: Pipeline
    relatedIssuesHelpPath: String
    remediations: [VulnerabilityRemediation!]
    solution: String
  }

Edited Aug 27, 2025 by 🤖 GitLab Bot 🤖