Vulnerabilities with GraphQL

copman · April 23, 2024, 7:35am

Hello,

requesting vulnerabilities with graphql does not return vulnerabilities!

Problem to solve

I have activated SAST in my project.
It does find one vulnerabilitiy and it shows up in the Vulnerability Report.
However when querying with GraphQL the returned json is:

{
“data”: {
“project”: {
“vulnerabilities”: {
“nodes”: ,
“pageInfo”: {
“endCursor”: null,
“hasNextPage”: false
}
}
}
}
}

Steps to reproduce

Access token is set.
This is the request json, the query:

query VulnerabilityFindings {
project(fullPath: “beat9202016/bluerave-gateway”) {
vulnerabilities(state:[DETECTED,DISMISSED,CONFIRMED,RESOLVED],reportType:SAST) {
nodes {
detectedAt
title
severity
primaryIdentifier {
name
}
scanner {
reportTypeHumanized
}
}
pageInfo {
endCursor
hasNextPage
}
}
}
}

Does anyone have an idea what i am doing wrong?

Thx in advance! Cheers!

gitlab-greg · April 23, 2024, 5:13pm

Looking at the documentation, it seems that Vulnerability Report features and functionality are only available in GitLab Ultimate: https://docs.gitlab.com/ee/user/application_security/vulnerability_report/

copman · April 23, 2024, 5:28pm

Yes I know, I am actually testing with ultimate, otherwise I would not see the vulnerability report at all!