Add request-URL to Vulnerability Details
What does this MR do and why?
This MR is part of the pipeline's security tab's migration to GraphQL.
Going forward the VulnerabilityDetails
component will be shared between the vulnerability detail's page (accessible via "Security & Compliance" -> "Vulnerability Report" -> Details for a given vulnerability) and the pipeline tab's vulnerability modal.
The modal currently renders request.url
or a URL constructed by location.hostname
and location.path
. This MR adds this to the VulnerabilityDetails
component.
Screenshots or screen recordings
before | after |
---|---|
![]() |
![]() |
How to set up and validate locally
- Import the following gitlab project 2022-06-03_05-04-949_gitlab-examples_security_secur_export.tar.gz
- Run the pipeline on master, wait for it to complete
- Within the imported project go to "Security & Compliance" -> "Vulnerability report" -> click on a DAST vulnerability (tip: use the "Tool" filter to find these)
- Verify that the
URL
shows up - Without the change that the patch introduces, it should not render
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #364790 (closed)
Edited by David Pisek