Add `ClusterImageScanningType` to `VulnerabilitiesResolver`
What does this MR do and why?
Describe in detail what your merge request does and why.
This merge request adds a new ClusterImageScanningType
to the VulnerabilitiesResolver
GraphQL query. This allows the GraphQL query to begin returning location data for Cluster Image Scanning Vulnerabilities.
Issue: #347081 (closed)
This supports the displaying of Operational Vulnerabilities in the GitLab UI, being implemented as part of &6345 (closed).
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
-
Setup GitLab Runner in Docker mode and make sure a runner is registered to your group.
-
Commit a
.gitlab-ci.yml
file to your project with the following content:cluster_image_scanning: image: alpine:latest script: - apk add --update curl - curl -O https://gitlab.com/-/snippets/2218294/raw/main/gl-cluster-image-scanning-report.json artifacts: reports: cluster_image_scanning: gl-cluster-image-scanning-report.json paths: [gl-cluster-image-scanning-report.json]
-
Paste the following query:
query vulnerabilities($fullPath: ID!) { project(fullPath: $fullPath) { vulnerabilities { nodes { id title description location { __typename ... on VulnerabilityLocationClusterImageScanning { image operatingSystem dependency { version package { name } } kubernetesResource { namespace kind name containerName agent { id name webPath } } } } } } } }
-
In the query variables set:
{ "fullPath": "path/to/your/project" }
-
Run the query
-
Query returns Cluster Image Scanning location data
{ "data": { "project": { "vulnerabilities": { "nodes": [ { "id": "gid://gitlab/Vulnerability/689", "title": "CVE-2020-36331 in libwebp6", "description": "libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c", "location": { "__typename": "VulnerabilityLocationClusterImageScanning", "image": "index.docker.io/library/nginx:1.14.2", "operatingSystem": null, "dependency": { "version": "0.5.2-1", "package": { "name": "libwebp6" } }, "kubernetesResource": { "namespace": "default", "kind": "ReplicaSet", "name": "nginx-deployment-66b6c48dd5", "containerName": "nginx", "agent": { "id": "gid://gitlab/Clusters::Agent/1", "name": "test-agent", "webPath": "/root/starboard-vuln/-/cluster_agents/test-agent" } } } } ] } } } }
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.