Skip to content

Add generic security report to GraphQL finding modal

David Pisek requested to merge 386149-migrate-generic-vulnerability-report-to-graphql-2 into master

What does this MR do and why?

It adds a GraphQL version of the generic report section to the findings modal and a query that will fetch and render "url" report items.

Screenshots or screen recordings

finding with generic report items
Screenshot_2023-01-11_at_10.40.56_am

How to set up and validate locally

  1. Enable the related feature flag: echo "Feature.enable(:pipeline_security_dashboard_graphql)" | rails c
  2. Import https://gitlab.com/gitlab-examples/security/security-reports
  3. Run a new pipeline
  4. Navigate to the pipeline's security tab
  5. Change the "tool" filter to "DAST"
  6. Click on the "X-Frame-Options Header Not Set" finding to open the modal
  7. Verify that the modal renders as the one in the screenshot in the description
  8. Click on another finding and make sure that the "Evidence" section does not render

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #386149 (closed)

Edited by David Pisek

Merge request reports