Skip to content

Add date filtering parameters to GraphQL vulnerabilities query

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Problem to solve

Currently, the main GraphQL vulnerabilities query lacks date filtering capabilities, making it difficult to perform temporal analysis of vulnerabilities. While date filtering exists in specialized queries like vulnerabilitiesOverTime and vulnerabilitiesCountByDay, the primary vulnerabilities endpoint doesn't support filtering by creation or update dates.

This limitation impacts users who need to:

  • Analyze vulnerabilities discovered within specific time ranges
  • Generate reports for compliance or security reviews covering specific periods
  • Track vulnerability trends over time
  • Filter vulnerabilities by when they were last updated

Proposal

Add date filtering parameters to the main GraphQL vulnerabilities query endpoints:

For Project vulnerabilities:

  • createdAfter: ISO8601Date - Return vulnerabilities created on or after this date
  • createdBefore: ISO8601Date - Return vulnerabilities created on or before this date
  • updatedAfter: ISO8601Date - Return vulnerabilities updated on or after this date
  • updatedBefore: ISO8601Date - Return vulnerabilities updated on or before this date

For Group vulnerabilities:

  • Same parameters as above

Benefits

  • Low implementation effort: Similar date parameters already exist in other GraphQL queries (vulnerabilitiesOverTime, vulnerabilitiesCountByDay)
  • High user impact: Enables temporal vulnerability analysis and reporting
  • Consistency: Aligns with existing GraphQL API patterns in GitLab
  • Performance: Allows users to limit result sets to specific time ranges

Implementation notes

This follows the established pattern used in:

  • SecurityMetrics.vulnerabilitiesOverTime (has startDate/endDate)
  • Group.vulnerabilitiesCountByDay (has date-based filtering)
  • Other GitLab GraphQL APIs that use ISO8601Date type for date filtering

Related issues

  • #554682 - Enhance ListVulnerabilities tool (date filtering was removed from scope)
Edited by 🤖 GitLab Bot 🤖