Fix GPT Vulnerability Generation Script
The GPT generation script found here is spawning vulnerability records incorrectly, leading to data in the test environment which is not in an appropriate state.
This needs to be updated to ensure that the following fields are filled in according to the state that it samples:
resolved_by_id bigint,
resolved_at timestamp with time zone,
confirmed_by_id bigint,
confirmed_at timestamp with time zone,
dismissed_at timestamp with time zone,
dismissed_by_id bigint,
Additionally, an appropriate Vulnerability::StateTransition should be generated according to whichever state is samples, except for detected
.
Psuedocode for doing this in the console. This will need to generated with a GraphQL mutation:
vst_params = {
created_at: time,
vulnerability: vuln,
from_state: :detected,
to_state: state,
author_id: user,
state_changed_at_pipeline_id: pipeline
}
vst_params = vst_params.merge(dismissal_reason: DismissalReasonEnum.dismissal_reasons.sample) if state == :dismissed
Vulnerability::StateTransition.create(vst_params)
-
Update Generator to create all relevant data for Vulnerability
-
Restore vulnerabilities
section in 10k and regenerate the data
Edited by Nailia Iskhakova