BE: Integrate with vulnerability reporting and add policy metadata
Why are we doing this work
This backend implementation integrates policy violation and dismissal metadata with the vulnerability reporting system. When policies are in warn mode, vulnerabilities that trigger policy violations need to be easily discoverable for security teams to assess policy impact and effectiveness. This also includes performance optimizations for policy-filtered vulnerability queries.
This is a backend dependency for the frontend issue: #549786
Relevant links
Implementation
- Add policy violation metadata to security findings and vulnerabilities
- Add policy dismissal metadata to vulnerability API responses
- Optimize vulnerability report queries with policy metadata joins
- Extend vulnerability filtering to include policy violation and dismissal status
- Add database indexes for efficient dismissal and violation queries
Technical notes
- Extend vulnerability report API to support filtering by policy violations and dismissals
- Add query parameters to filter vulnerabilities that have associated policy violation metadata
- Include metadata about which specific policy was violated and any dismissal information
- Implement database queries to efficiently filter vulnerabilities with policy violations
- Add proper indexing for performance with policy violation and dismissal queries
- Compatible with warn mode functionality where policies generate violations without blocking merges
- Maintain compatibility with existing vulnerability report API functionality
Validation Steps
- API accepts new policy violation and dismissal filter parameters
- API returns only vulnerabilities that violate policies when filter is applied
- API response includes policy violation metadata (policy name, violation details, dismissal status)
- Performance remains acceptable with policy violation filtering
- Database indexes are properly utilized for efficient queries
- Existing API functionality remains unaffected
Edited by Alan (Maciej) Paruszewski