Render existing GraphQL fields in new details component

Summary

The new GraphQL-only component for rendering both vulnerability and pipeline findings needs to be able to render the existing GraphQL schema for a PipelineSecurityReportFinding (see https://gitlab.com/-/graphql-explorer for details on the schema):

• assets
• description
• identifiers
• links
• location
• project
• reportType
• scanner
• severity
• state
• title

Note: There is some backend WIP that is going to add more fields to the type mentioned above, but rendering those will be handled in a separate issue.

Visually it should be the same as the current vulnerability details component:

current vulnerability details

Also see the storybook page for a more interactive overview:

• Run yarn storybook:start
• Go to http://localhost:9002/?path=/story/ee-vulnerabilities-components-vulnerability-details--default

changed milestone to %15.4

added Category:Vulnerability Management devopssecure featureenhancement frontend groupthreat insights sectionsec typefeature workflowplanning breakdown labels

set weight to 3

assigned to @dpisek

marked this issue as related to #371314 (closed)

added to epic &8459 (closed)

removed the relation with #371314 (closed)

marked this issue as related to #371314 (closed)

set weight to 5

/cc @nmccorrison @jschafer

@dpisek thanks for the ping, let me know if you need me to prioritize anything specifically for this.

Awesome @jschafer , thanks!

FYI - This issue covers the existing schema fields and I think together with #371314 (closed) will be enough for %15.4.

That would give us this milestone to add more fields, and we can then put in the related frontend work to render the added data in %15.5. Sounds like a plan? 🙂

mentioned in merge request !96233 (merged)

added workflowin dev label and removed workflowplanning breakdown label

added #372102 (closed) as child task

added #372105 (closed) as child task

created branch 371722-pipeline-sec-graphql-migration-render-severity-field to address this issue

mentioned in merge request !96546 (merged)

added #372209 (closed) as child task

mentioned in merge request !97027 (closed)

mentioned in merge request !97028 (merged)

added devopsgovern label and removed devopssecure label

changed the description

added #373865 (closed) as child task

added #373866 (closed) as child task

added #373867 as child task

added #373868 as child task

added #373869 as child task

added #373870 (closed) as child task

added #373871 (closed) as child task

added #373872 (closed) as child task

added #373873 (closed) as child task

added #373874 (closed) as child task

added #373875 as child task

added #373876 (closed) as child task

added #373877 (closed) as child task

created branch 371722-pipeline-sec-graphql-migration-render-existing-graphql-location-to-new-details-component to address this issue

mentioned in merge request !97991 (merged)

marked the checklist item location as completed

marked the checklist item title as completed

changed milestone to %15.5

added missed:15.4 label

created branch 371722-pipeline-sec-graphql-migration-render-report-type-in-new-details-component to address this issue

mentioned in merge request !98668 (merged)

marked the checklist item reportType as completed

created branch 371722-pipeline-sec-graphql-migration-render-links-field-in-new-details-component to address this issue

mentioned in merge request !99140 (merged)

created branch 371722-pipeline-sec-graphql-migration-render-scanner-field-in-new-details-component to address this issue

changed the description

removed child task #373867

created branch 371722-pipeline-sec-graphql-migration-render-identifiers-field-in-new-details-component to address this issue

marked the checklist item links as completed

mentioned in epic &8910 (closed)

mentioned in merge request !100254 (merged)

changed epic to &8910 (closed)

removed the relation with #371314 (closed)

changed title from [Pipeline Sec - GraphQL migration]: Render existing GraphQL fields in new details component to Render existing GraphQL fields in new details component

marked the checklist item identifiers as completed

created branch 371722-render-state-in-new-details-component to address this issue

mentioned in merge request !100594 (merged)

changed milestone to %15.6

added missed:15.5 label

marked the checklist item state as completed

mentioned in issue gl-retrospectives/govern/threat-insights#27

mentioned in merge request !101912 (merged)

@dpisek it looks like this should now be workflowin review ?

@dpisek I added On Track for the health status. I think we should consider moving the remaining tasks to a new issue so we don't have multi-milestone issues. WDYT?

Thanks for the suggestion @nmccorrison - I agree that breaking out the remaining tasks and capture them in their own issues makes sense.

I've created the following issues:

• #382203 (closed): Render evidence fields within the new GraphQL vulnerability details component

• #382204 (closed): Render false-positive alert within the new GraphQL vulnerability details component

• #382205 (closed): Render solution card within the new GraphQL vulnerability details component

Given that, I'll close this issue 👍

Sweet. Thanks @dpisek. I put labels on them to appease the bot.

Thanks for that @nmccorrison ! I didn't get to finish refining them yesterday, hence the missing labels.

FYI - #382203 (closed) ended up on the bigger side, so I am leaning towards breaking it up even more.

Thanks @dpisek. It's good to hear this exercise may have uncovered another opportunity to break the work up.

added Track Health Status [DEPRECATED] label

changed health status to on track

marked the checklist item scanner as completed

created branch 371722-render-assets-in-new-details-component to address this issue

added Threat InsightsNavy label

mentioned in merge request !103592 (merged)

changed the description

marked the checklist item assets as completed

changed the description

removed child task #373875

removed child task #373868

removed child task #373869

closed

mentioned in issue gitlab-org/quality/triage-reports#9967 (closed)

added workflowproduction label and removed workflowin dev label