Security Dashboard (Chart 2) - Add GraphQL Support for SecurityMetrics to Project type

Why are we doing this work

This issue will add SecurityMetricsType to project and update SecurityMetricsResolver as needed. This should live behind the feature flag

Implementation plan

Add SecurityMetricsType field to ProjectType
Update SecurityMetricsResolver as needed
Make sure project_security_dashboard_new this is also added with group level FF checking
Add new specs for project level

Query Example

Context/Copied from &17076 (comment 2579355184)

Query Example

query getProjectVulnerabilitiesOverTime(
  $fullPath: ID!,
  $startDate: ISO8601Date!,
  $endDate: ISO8601Date!,
  $interval: VulnerabilityTimeInterval = DAILY,
  # Page-level inherited filters
  $reportType: [VulnerabilityReportType!],
  $scanner: [String!]
) {
  project(fullPath: $fullPath) {
    id
    name
    fullPath
    securityMetrics(
      reportType: $reportType,
      scanner: $scanner,
    ) {
      vulnerabilitiesOverTime(
        startDate: $startDate,
        endDate: $endDate
      ) {
        nodes {
          date
          totalCount
          bySeverity {
            severity
            count
          }
        }
      }
    }
  }
}

Edited Jul 30, 2025 by Subashis Chakraborty