Vulnerability ID in Archival Vulnerability Report CSV File
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.
What does this MR do and why?
This MR includes the vulnerability id in the archival vulnerability report csv file to be exported.
This is done by including the Vulnerability ID field in the csv_service mapping.
References
Screenshots or screen recordings
Query the archival exports:
gitlab % curl -X POST "http://127.0.0.1:3000/api/v4/security/projects/2/vulnerability_archive_exports" \
-H "Content-Type: application/json" \
-H "Private-Token: glpat-xxx" \
-d '{
"start_date": "2025-07-01",
"end_date": "2025-07-01",
"export_format": "csv"
}'Response:
Tool,Scanner Name,Status,Vulnerability,Details,Severity,CVE,CWE,Other Identifiers,Dismissed At,Dismissed By,Confirmed At,Confirmed By,Resolved At,Resolved By,Detected At,Location,Issues,Merge Requests,Activity,Comments,Full Path,CVSS Vectors,Dismissal Reason,Vulnerability ID
generic,Test Scanner,confirmed,test,testDescription,high,CVE-2025-6982,CWE-676,TEST-697,,,,,,,2025-03-12T13:25:01Z,"{""file""=>""test/example.rb"", ""class""=>""com.gitlab.security_products.tests.App"", ""method""=>""testMethod"", ""end_line""=>124, ""start_line""=>32}",,,false,Test vulnerability for export testing,gitlab-org/gitlab-test/test/example.rb,GitLab=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N,,541
sast,Test Scanner,confirmed,ECB mode is insecure,Description for vulnerability 545,medium,CVE-2025-2759,CWE-986,TEST-913,,,,,,,2025-03-13T14:34:57Z,"{""file""=>""test/example.rb"", ""class""=>""com.gitlab.security_products.tests.App"", ""method""=>""testMethod"", ""end_line""=>187, ""start_line""=>65}",,,false,Test vulnerability for export testing,gitlab-org/gitlab-test/test/example.rb,GitLab=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N,,545
sast,Test Scanner,confirmed,ECB mode is insecure,Description for vulnerability 546,medium,CVE-2025-3283,CWE-826,TEST-386,,,,,,,2025-03-13T14:34:57Z,"{""file""=>""test/example.rb"", ""class""=>""com.gitlab.security_products.tests.App"", ""method""=>""testMethod"", ""end_line""=>135, ""start_line""=>69}",,,false,Test vulnerability for export testing,gitlab-org/gitlab-test/test/example.rb,GitLab=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N,,546
generic,Test Scanner,confirmed,testtest,testing,critical,CVE-2025-2965,CWE-755,TEST-166,,,,,,,2025-04-07T19:18:40Z,"{""file""=>""test/example.rb"", ""class""=>""com.gitlab.security_products.tests.App"", ""method""=>""testMethod"", ""end_line""=>130, ""start_line""=>96}",,,false,Test vulnerability for export testing,gitlab-org/gitlab-test/test/example.rb,GitLab=CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N,,547How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #18033
Edited by Patrick He