Add vulnerabilityFindingDismiss GraphQL mutation (!77372) · Merge requests · GitLab.org / GitLab

Michał Zając requested to merge 332066-be-bulk-status-change-for-findings-in-the-pipeline-security-dashboard into master Dec 28, 2021

What does this MR do and why?

Add vulnerabilityFindingDismiss GraphQL mutation so we can use GraphQL for the entire Pipeline Security widget

Related to #332066 (closed)

How to set up and validate locally

Fork a repository (such as https://gitlab.com/gitlab-examples/security/security-reports/)
Run the pipeline
You can get the Finding ids via Vulnerabilities::Finding.where(project_id: <your project id>).pluck(:id)
Invoke the mutation with one of the ids (see below for sample), state should be DISMISSED
Go to Project > CI/CD > Pipelines > Your Pipeline > Security Tab and see if it's dismissed, you may need to uncheck Hide dismissed in the top right

GraphQL mutation

mutation dismissFinding($input: VulnerabilityFindingDismissInput!) {
  vulnerabilityFindingDismiss(input: $input) {
    errors
    clientMutationId
    finding {
      state
    }
  }
}

{
  "input": {
    "id": "gid://gitlab/Vulnerabilities::Finding/158",
    "comment": "some comment here",
    "dismissalReason": "USED_IN_TESTS"
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 28, 2021 by Michał Zając

Add vulnerabilityFindingDismiss GraphQL mutation

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports