Deprecate GraphQL field PipelineSecurityReportFinding.projectFingerprint (!89578) · Merge requests · GitLab.org / GitLab

Jonathan Schafer requested to merge 349013-remove-projectfingerprint-from-pipelinesecurityreportfinding-graphql into master Jun 08, 2022

What does this MR do and why?

We are in the process of deprecating the usage of the project_fingerprint attribute of the findings. By using uuid values to identify findings, we can easily associate any related entity with finding, as described in Remove `projectFingerprint` from `PipelineSecur... (#349013). This MR deprecates the project_fingerprint field from the GraphQL query.

Deprecation Notice MR

Screenshots or screen recordings

How to set up and validate locally

In the GraphiQL explorer, query a project that has a pipeline with security findings (https://gitlab.com/gitlab-examples/security/security-reports always works well).

query {
  project(fullPath:"<namespace/project>"){
    pipelines{
      nodes{
        iid
      }
    }
  }
}

When using the following query, both uuid and projectFingerprint should data, but projectFingerprint should not show up in the autocomplete (uuid should). There should also be a squiggly line with a tooltip indicating the deprecation.

query {
  project(fullPath:"<namespace/project>"){
    pipeline(iid:"<pipeline id>"){
      securityReportFindings(first:10){
        nodes{
          uuid
          projectFingerprint
        }
      }
    }
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #349013

Edited Jun 09, 2022 by Jonathan Schafer

Deprecate GraphQL field PipelineSecurityReportFinding.projectFingerprint

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports