Rename Vulnerabilities API to Vulnerability Findings API
What does this MR do?
Addresses the "Rename existing Vulnerabilities API to Vulnerability Findings API" step of First-class vulnerabilities backend MVC implementation.
Important: the new Vulnerability Findings API comes behind the feature flag, disabled by default. The vulnerability_findings API endpoint is always present to be able to react to the feature flag enablement without reloading
the app (Grape API is evaluated once and preloaded upon app start).
When the feature flag is disabled (default), vulnerability_findings API just responds with 404 Not Found for any request. vulnerabilities API returns Vulnerability::Occurrences.
When the feature flag is enabled, vulnerability_findings API behaves just like old vulnerabilities API, returning Vulnerability::Occurrences. And the new vulnerabilities endpoint will return project's Vulnerabilities list, paginated. This will be done in subsequent MRs, currently stubbed as 404 Not Found.
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
-
Documentation created/updated or follow-up review issue created -
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
-
Separation of EE specific content
Performance and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team