Return vulnerabilities initial_detected_pipeline and latest_detected_pipeline in GraphQL API
What does this MR do and why?
This MR adds the following fields to the vulnerability_type type:
-
initial_detected_pipeline: The first pipeline that detected a given vulnerability. -
latest_detected_pipeline: The most recent pipeline that detected a given vulnerability.
It returns a Ci::PipelineType, where the id (e.g. gid://gitlab/Ci::Pipeline/599) and other fields can be queried.
References
Issue: #468913 (closed)
How to set up and validate locally
Push a vulnerability to your local project and run a pipeline to detect it. This can be done by uploading a gl-sast-report.json file:
{
"id": "1",
"category": "sast",
"name": "Predictable pseudorandom number generator",
...
},
{
"id": "2",
"category": "sast",
"name": "Predictable pseudorandom number generator",
...
},Re-running the pipeline will update the latest_detected_pipeline field but not the initial_detected_pipeline.
Query:
{
project(fullPath: "gitlab-org/gitlab-test") {
vulnerabilities {
edges {
node {
initialDetectedPipeline {
id
}
latestDetectedPipeline {
id
}
}
}
}
}
}Expected Response:
{
"data": {
"project": {
"vulnerabilities": {
"edges": [
{
"node": {
// Case where the same vulnerability is detected again
"initialDetectedPipeline": {
"id": "gid://gitlab/Ci::Pipeline/599"
},
"latestDetectedPipeline": {
"id": "gid://gitlab/Ci::Pipeline/600"
}
}
},
{
"node": {
// Case where the same vulnerability isn't detected again
"initialDetectedPipeline": {
"id": "gid://gitlab/Ci::Pipeline/599"
},
"latestDetectedPipeline": {
"id": "gid://gitlab/Ci::Pipeline/599"
}
}
},
{
"node": {
// Case where the vulnerability was not created through a pipeline (e.g. created manually)
"initialDetectedPipeline": null,
"latestDetectedPipeline": null
}
}
]
}
}
}
}MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #468913 (closed)
Edited by Patrick He