►
Description
Demos of one of the features prepared for https://gitlab.com/gitlab-org/gitlab/-/issues/213598
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29140
In this demo we are presenting new fields added to GraphQL API: findings (id, projectFingerprint), createVulnerabilityFeedbackDismissalPath and userPermissions.
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29150
In this demo we are presenting new mutation added to GraphQL API to Dismiss Vulnerabilities.
A
You
hello
everyone.
My
name
is
Alan
/
chef,
ski
I
am
a
senior
beckoned
engineer
for
the
defense
stage
at
Keith's,
lab
and
I
would
like
to
they
talk
about
multi,
dismissed
underworld,
vulnerabilities
and
features
that
we've
been
adding
to
support
it.
So
first
feature
would
be
to
agree
to
add
new
fields
that
will
allow
you
to
use
REST
API
or
to
create
vulnerability,
feedback,
dismissal
and
as
well
looking
at
user
permissions,
forgiving
vulnerability
and
being
able
to
list
findings,
because
these
are
the
things
that
you
need
to
create
a
ver
nobility
feedback.
A
Ok,
let's
jump
to
craft
QL
and,
let's
take
a
look.
I
already
have
a
query
that
will
get
me
all
for
a
single
project
also
learned
abilities.
We've
given
18,
so
I
would
like
now
to
add
the
create
multiple
to
feedback
dismissal
path.
That's
the
first
thing.
I
want
to
see
the
second
thing
I
want
to
see.
A
If
I
have
certain
permissions,
we've
added
all
permissions
or
you
can
list
all
permissions
related
illness
year,
I'm
little
interested
only
in
trading
on
feedback
for
a
given
Vern
ability
and
the
last
thing
would
be
to
view
all
findings
and
actually
hold
only
findings
IDs
and
project
fingerprints.
So
I
would
like
to
get
ID
plus
project
fingerprint
and
now
I'm
ready
to
do
the
call.
A
So,
as
you
can
see,
we
have
information
about
a
given
project,
of
course,
for
abilities
and
for
each
builder
ability
we
have.
We
have
a
path
we
have.
The
permissions
all
are
set
to
true.
We
have
findings
with
ID
for
it
finding
and
project
fingerprint,
so
actually
we're
good
to
go.
We
can
take
a
look
at
and
take
those
values
and
simply
use
them
in
REST
API.
That
is
provided
here
to
create
a
vulnerability
feedback
for
dismissal.
Now,
let
me
let
me
switch
to
another
another
quick
and
small
change.
A
We've
been,
we
add
its
new
mutation
to
dismiss
vulnerability
mutation
added
to
graphical
API,
so
using
the
graphical
API
you'll
be
able
to
dismiss
single
vulnerability
as
well
as
all
related
findings
for
for
it
and
also
supply
a
message
so
also
supply
a
comment
that
you'd
like
to
notify
about
the
reason
why
given
a
vulnerability,
was
dismissed?
Okay,
so
let
me
go
to
graph
QL
and,
let's
start
with
new
dismissal
vulnerability.
Okay,
so
here
I
need
to
provide
the
ID.
A
So
maybe,
let's
start
with
query
I'll
just
quickly
go
to
the
query,
might
be
I'll
copy.
The
query
that
I
had
here,
okay,
because
I'm
interested
in
vulnerabilities
only
and
I
would
like
to
have
the
ID
of
them,
because
this
is
the
ID
I
need
to
use
okay
Mina,
let's
also
list
state,
because
I
would
like
to
dismiss
only
things
that
are
already
in
detected
State.
So,
let's
see
at
the
states,
we
should
have
at
least
one
neighbor.
So
let's
quickly
take
a
look
here.
A
Okay,
we
have
a
state,
so
let's
take
this
one
52
now
I
can
I'm
good
to
go
with
the
mutation,
so
vintagy
is
called
dismiss,
permeability
and
I
need
to
supply
that
18,
so
I'm,
adding
it.
This
is
the
ID
and,
let's
also
add
a
like
comment
for
it.
I'll
just
add
that
this
is
no
fix
all
right
now,
I'm
interested
in
Earth's,
if
any,
if
there
might
be
a
possibility
that
something
bad
could
happen,
but
also
I'm
interested
if
the
state
was
changed.
A
A
Previously
it
wasn't
detected
State
now
I'll
do
the
same
all
to
try
to
dismiss
it.
So
let
me
start.
Editors
was
dismissed
Oh.
So
let's
take
a
look.
If
that
is
true,
I'll
again
list
all
vulnerabilities
and
take
a
look
at
the
one
with
52
yeah
it
is
dismissed,
so
that
was
it
for
moles
of
this
muscle,
I
stayed
on
vulnerabilities.
Thank
you.
Everyone,
bye-bye.