[CS For Registry] Add support for report type CONTAINER_SCANNING_FOR_REGISTRY to GraphQL
Description
Add support for report type CONTAINER_SCANNING_FOR_REGISTRY
to Project and Group GraphQL endpoints, and filter reports based on report_type container_scanning_for_registry
.
User Impact
No direct user impact as this is a backend implementation.
Non-functional requirements
-
Benchmarking: Assess the performance impact of using the newly introduced data for filtering. -
Testing: Add unit tests/specs.
Implementation plan
- In vulnerabilities_resolver add support for container_scanning_for_registry report type.
- In vulnerability_severities_count_resolver add support for container_scanning_for_registry report type.
- Add new VulnerabilityLocationType container_scanning_for_registry
- In model /models/vulnerabilities/finding.rb add scope for filtering based on container_scanning_for_registry.
- In vulnerabilities/read.rb add container_scanning_for_registry
Verification steps
- Ingest a SBOM report with
metadata.tools
as registry event set as a part of [CS For Registry] Set SBOM occurrence source to... (#443634 - closed) - Verify that db records are created as per the requirements.
- Run advisory scanner and report parser.
- Verify that the vulnerabilities are created with report_type: CONTAINER_SCANNING_FOR_REGISTRY
- Verify that the group and project GraphQL endpoints returns these vulnerabilities on applying the filter for report_type: CONTAINER_SCANNING_FOR_REGISTRY.
Edited by Aditya Tiwari