Add vulnerabilities as part of graphql dependency_type
Why are we doing this work
As discussed here, the following is an overview of the plan for adding vulnerabilities into both project and group levels:
- Add
vulnerabilities
into sbom_occurrences. - Update sbom_occurrences ingestion in order to fill
vulnerabilities
. - Add
vulnerabilities
as part of graphql dependency_type. - Update dependency entity to support
vulnerabilities
for group level controller. - Update dependencies_table.vue to include
vulnerabilities
for group level. - Add support to sorting (two levels) based on the existing dependency list service.
- Add support for filtering based on the existing dependency list service.
note A new FF is recommended for the set of changes proposed above.
Link to the PoC MR to keep this comment self-contained.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
backend Update dependency_type.rb to include
vulnerabilities
. -
backend Create a new type to expose
id
,name
,severity
andurl
in order to keep it aligned with the existing dependency_list.rb.
Verification steps
Edited by Zamir Martins