Add severity overrides data to pipeline security tab

Background

Add severity override metadata to the Pipeline Security Tab calls in the Vulnerability Details Modal. This issue addresses the discrepancy and ensures that severity override metadata is correctly incorporated into the relevant API calls.

Pipeline Security Tab

Vulnerabilities List:

• Uses pipelineFindings GraphQL query
• Resolver: FindingsFinder
• Data sources:
  • security_findings
  • vulnerabilities (if a record exists)
  • vulnerability_occurrences (if a record exists)
• For non-default branches:
  • Severity comes from security_findings only
  • State comes from vulnerability_occurrences.

Vulnerability Details Modal

• Uses getSecurityReportFinding GraphQL query
• Resolver: FindingsFinder
• Data sources:
  • security_findings
  • vulnerabilities (if a record exists)
  • vulnerability_occurrences (if a record exists)
• For non-default branches:
  • Severity comes from security_findings only
  • State comes from vulnerability_occurrences.

Proposed Solution

We need to add severity override metadata to the Pipeline Security Tab calls to ensure consistent and accurate representation of vulnerability information across all branches. This should include:

1. Updating the pipelineFindings and getSecurityReportFinding GraphQL queries to include severity override metadata.
2. Modifying the FindingsFinder resolver to handle and prioritize severity properly override information.
3. Ensuring that severity and state information are consistently sourced and displayed for all branches, including non-default ones.

Expected Outcome

After implementing these changes, the Pipeline Security Tab and Vulnerability Details Modal should:

• Consistently display accurate severity information, including any overrides, for all branches.
• Maintain consistency between the vulnerabilities list and the detailed view.
• Provide users with a clear and accurate representation of vulnerability severity and state across the project.