GraphQL mutation to dismiss Security Finding

Why are we doing this work

Following Change vulnerabilityFindingDismiss mutation to ... (#360478 - closed), we are able to use the UUID of a vulnerability finding to dismiss it. However, this does not work for security findings. This is necessary to be able to dismiss vulnerabilities from the pipeline as we currently do, without the need for a vulnerability finding. The way this mutation currently works, is that is searches for a vulnerability finding by uuid or id (id to be deprecated in 16.0)

Relevant links

Related Issue

Non-functional requirements

Testing: Add tests for dismissing security findings with or without vulnerability findings

Implementation plan

backend Create a new mutation called dismissSecurityReportFinding based on vulnerabilityFindingDismiss
backend Deprecate vulnerabilityFindingDismiss

Verification steps

Get the uuid of a non-dismissed finding

query pipelineFindings {
  project(fullPath: "<project path>") {
    pipeline(iid:"<pipeline iid>") {
      securityReportFindings(first:1) {
        nodes {
          uuid
          state
        }
      }
    }
  }
}

Call the dismiss mutation

mutation {
  securityFindingDismiss(input:{uuid:"<uuid>"}) {
    uuid
  }
}

Check the finding state again

query pipelineFindings {
  project(fullPath: "<project path>") {
    pipeline(iid:"<pipeline iid>") {
      securityReportFindings(first:1) {
        nodes {
          uuid
          state
        }
      }
    }
  }
}

Edited Nov 09, 2022 by Jonathan Schafer