Skip to content

Add details to PipelineSecurityReportFindingType

What does this MR do and why?

This MR adds the details field to security findings, similar to the details field Vulnerabilities use.

Screenshots or screen recordings

The security finding details match the vulnerability details.

Screen_Shot_2022-10-05_at_3.22.44_PM

How to set up and validate locally

  1. Run the following GraphQL query on the security reports test project.
project(fullPath:"<project path>") {
    pipeline(iid:"<pipeline iid>") {
      securityReportFindings(scanner:"zaproxy") {
        nodes {
          uuid
          details {
            ... on  VulnerabilityDetailDiff {
              before
              after
            }
          }
        }
      }
    }
  }
  1. Run the following query on the corresponding Vulnerability (should be the X-Frame-Options Header Not Set DAST vulnerability)
vulnerability(id:"gid://gitlab/Vulnerability/<Vulnerability ID>") {
    details {
      ... on VulnerabilityDetailDiff {
        before
        after
      }
    }
  }
  1. The details should match

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #371261 (closed)

Edited by Jonathan Schafer

Merge request reports