Backend: Add hasMergeRequest filter to VulnerabilityReport
Why are we doing this work
This is the backend issue to add support for a hasMergeRequest:boolean parameter
query {
project(fullPath: "gitlab-org/gitlab") {
vulnerabilities(reportType:DEPENDENCY_SCANNING, hasMergeRequest: true) {
nodes {
...
}
}
}
}
Relevant links
Non-functional requirements
-
Documentation: Update GraphQL docs -
Performance: Need to see how this would affect the performance of vulnerability_reads
-
Testing: New tests will need to be added -
E2E testing: Make sure e2e: package-and-test is run and govern specs are green
Implementation plan
This issue is going to require multiple MRs (pending some discussion with the backend team on vulnerabiity_reads
usage):
database implementations are tracked in #420613 (closed) and #421736 (closed)
-
backend MR 4: Add has_merge_request
relation toVulnerabilities::Read
model -
backend MR 5: Add has_merge_request
filter toVulnerabilityReadsFinder
-
backend MR 6: Add hasMergeRequest
field and argument tovulnerabilities
query
backend implementations are tracked in this issue.
Once MR 1 is completed, MR groups 2/3 and 4/5/6 can be done in parallel
Verification steps
- Import project https://gitlab.com/gitlab-org/govern/threat-insights-demos/verify-390076 into your group on gitlab.com which has EE features enabled.
- After import goto build -> pipelines -> Run pipeline. Start a pipeline and wait for the job to complete.
- After pipeline job completion on the pipeline job page open the secure tab, click on the first vulnerability and in the popup, click resolve with merge request button.
- This should create a MR. Now goto GraphiQL and run the following query. Example full path where we verified the query is
gitlab-org/govern/threat-insights-demos/personal-test-projects/verify-371313-bala
query {
project(fullPath: "gitlab-org/govern/threat-insights-demos/personal-test-projects/verify-371313-bala") {
name
vulnerabilities(hasMergeRequest: true) {
nodes {
id
title
description
mergeRequest {
id
}
}
}
}
}
and the query should the return the vulnerability which has merge request present and with its details like below
{
"data": {
"project": {
"name": "Verify 371313 Bala",
"vulnerabilities": {
"nodes": [
{
"id": "gid://gitlab/Vulnerability/94854340",
"title": "Test CVE identifier in README.md",
"description": "Test vulnerability description",
"mergeRequest": {
"id": "gid://gitlab/MergeRequest/252323054"
}
}
]
}
}
}
}
Edited by Bala Kumar