Link vulnerability workflow session for SAST FP detection
What does this MR do and why?
This MR:
- creates entry in
vulnerability_triggered_workflowswhenever a SAST FP detection workflow is triggered for a vulnerability. - adds validation in
Vulnerabilities::TriggeredWorkflowmodel for checking if the vulnerability and workflow belongs to same project or not.
References
https://gitlab.com/gitlab-org/gitlab/-/issues/579634
Screenshots or screen recordings
How to set up and validate locally
- You need to have a group with Ultimate license.
- Create a project in the group and make sure the project has some vulnerabilities, you can clone the project https://gitlab.com/compliance-group-testing-and-demos/team-testing-subgroup/hraghuvanshi/sast-fp-demo.
- Pipeline for the project will start and once it finishes, it will start SAST FP workflows, which you can see in the agent sessions page of the project.
- Once the workflows have started or completed, run the following graphql query for each of the vulnerability of the project to check if the workflow got linked to it or not
query getVulnerability {
vulnerability(id: "gid://gitlab/Vulnerability/<vulnerability_id>") {
id
aiWorkflows {
nodes {
workflow {
id
status
workflowDefinition
}
workflowName
}
}
}
}- Response would be something like:
{
"data": {
"vulnerability": {
"id": "gid://gitlab/Vulnerability/2042",
"aiWorkflows": {
"nodes": [
{
"workflow": {
"id": "gid://gitlab/Ai::DuoWorkflows::Workflow/153",
"status": "RUNNING",
"workflowDefinition": "sast_fp_detection/v1"
},
"workflowName": "SAST_FP_DETECTION"
}
]
}
}
},
"correlationId": "01K9SD3DS2F4R9364MHNSQW2JN"
}MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Hitesh Raghuvanshi