Skip to content

Archived projects show up in the group-level vulnerability report filters

Example GraphQL request

query groupProjects($fullPath: ID!, $ids: [ID!], $search: String, $pageSize: Int, $after: String) {
  group(fullPath: $fullPath) {
    id
    projects(
      includeSubgroups: true
      includeArchived: true
      ids: $ids
      search: $search
      first: $pageSize
      after: $after
    ) {
      edges {
        node {
          id
          name
          archived
        }
      }
      pageInfo {
        endCursor
        hasNextPage
      }
    }
  }
}

variables

{
  "fullPath": "gitlab-org",
  "search": " API Fuzzing POC Old"
}

To reproduce

  1. Import the webgoat project into your local gdk under a group

    1. the group I use in this example is http://gdk.test:3000/gitlab-org
    2. We will be archiving this project, so if you already have it imported maybe name it "Archived Webgoat.Net" to make it easy to distinguish in the project filter dropdown (this is the name I use in this example)

  2. Archive the project

    1. e.g. http://gdk.test:3000/gitlab-org/archived-webgoat.net/edit

  3. now view the group level vulnerability report for the group you imported this project under

    1. e.g. http://gdk.test:3000/groups/gitlab-org/-/security/vulnerabilities

  4. When you click the projects filter drop-down, you will see our archived project as an option

    1. this is the bug: archived projects should not be included in the group-level report view
    example
    image.png

Implementation Plan

I believe that since we have added the new filter to the finder and the resolver we just need to update the security_dashboard/graphql/queries/group_projects.query.graphql to use the new filter:

diff --git a/ee/app/assets/javascripts/security_dashboard/graphql/queries/group_projects.query.graphql b/ee/app/assets/javascripts/security_dashboard/graphql/queries/group_projects.query.graphql
index e33d06d0e9e4..50d158bea33e 100644
--- a/ee/app/assets/javascripts/security_dashboard/graphql/queries/group_projects.query.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/queries/group_projects.query.graphql
@@ -1,7 +1,7 @@
 query groupProjects($fullPath: ID!, $ids: [ID!], $search: String, $pageSize: Int, $after: String) {
   group(fullPath: $fullPath) {
     id
-    projects(includeSubgroups: true, ids: $ids, search: $search, first: $pageSize, after: $after) {
+    projects(includeSubgroups: true, includeArchived: false, ids: $ids, search: $search, first: $pageSize, after: $after) {
       edges {
         node {
           id
Edited by Michael Becker