Adjust Mutations::Vulnerabilities::Create to respect security scanner schema
requested to merge 339507-determine-if-manual-vulnerability-creation-mutation-should-respect-security-scanners-schema into master
What does this MR do and why?
As discussed in #339507 (closed) our GraphQL mutation for manual Vulnerability creating deviated from our security scanner schema. This MR aims to unify them as much as possible to make sure we require the same set of information from each source.
This GraphQL mutation is behind a feature flag so there's not need to deprecate anything.
How to setup and validate locally (strongly suggested)
- Enable the invite modal
Feature.enable(:create_vulnerabilities_via_api) - Go to GraphQL Explorer
http://127.0.0.1:3000/-/graphql-explorer - Execute the following mutation
mutation vulnerabilityCreate($input: VulnerabilityCreateInput!) {
vulnerabilityCreate(input: $input) {
errors
clientMutationId
vulnerability: vulnerability {
id
vulnerabilityPath
project {
id
fullPath
}
}
}
}{
"input": {
"project": "gid://gitlab/Project/23",
"name": "A manual vulnerability number 3",
"description": "A descriptive description",
"scanner": {
"name": "My Custom Scanner",
"id": "my-custom-scanner",
"url": "https://test.pl",
"version": "13.37",
"vendor": {
"name": "My Vendor"
}
},
"state": "CONFIRMED",
"identifiers": [
{
"name": "CVE-4",
"url": "http://localhost"
}
]
}
}MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #339507 (closed)
Edited by Michał Zając