Filter vulnerabilities by default branch in GraphQL
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
Currently, the GraphQL API includes Query.vulnerabilities which can be used to retrieve vulnerabilities. This is particularly useful for customers with an external risk management or tracking system. Each vulnerability returned includes presentOnDefaultBranch (as part of the vulnerability object), a true/false flag that indicates if the vulnerability was found on a default branch. Customers might want to exclude anything on non-default branches from their third-party tools.
But, the query provides no way to filter by this field. Instead, you have to retrieve the complete vulnerability list and iterate over it to check what is in the default branch.
To facilitate this kind of integration with our security tools, we should provide at least filtering by default branch, and probably by branch name as well. This could be in either the GraphQL or REST API, but currently the GraphQL API seems more mature for vulnerability management.