Skip to content

Rename Vulnerabilities API to Vulnerability Findings API

What does this MR do?

Addresses the "Rename existing Vulnerabilities API to Vulnerability Findings API" step of First-class vulnerabilities backend MVC implementation.

Important: the new Vulnerability Findings API comes behind the feature flag, disabled by default. The vulnerability_findings API endpoint is always present to be able to react to the feature flag enablement without reloading the app (Grape API is evaluated once and preloaded upon app start).

When the feature flag is disabled (default), vulnerability_findings API just responds with 404 Not Found for any request. vulnerabilities API returns Vulnerability::Occurrences.

When the feature flag is enabled, vulnerability_findings API behaves just like old vulnerabilities API, returning Vulnerability::Occurrences. And the new vulnerabilities endpoint will return project's Vulnerabilities list, paginated. This will be done in subsequent MRs, currently stubbed as 404 Not Found.

Does this MR meet the acceptance criteria?


Performance and Testing


If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Victor Zagorodny

Merge request reports