Vulnerabilities with GraphQL

copman · April 23, 2024, 7:35am

Hello,

requesting vulnerabilities with graphql does not return vulnerabilities!

Problem to solve

I have activated SAST in my project.
It does find one vulnerabilitiy and it shows up in the Vulnerability Report.
However when querying with GraphQL the returned json is:

{
“data”: {
“project”: {
“vulnerabilities”: {
“nodes”: ,
“pageInfo”: {
“endCursor”: null,
“hasNextPage”: false
}
}
}
}
}

Steps to reproduce

Access token is set.
This is the request json, the query:

query VulnerabilityFindings {
project(fullPath: “beat9202016/bluerave-gateway”) {
vulnerabilities(state:[DETECTED,DISMISSED,CONFIRMED,RESOLVED],reportType:SAST) {
nodes {
detectedAt
title
severity
primaryIdentifier {
name
}
scanner {
reportTypeHumanized
}
}
pageInfo {
endCursor
hasNextPage
}
}
}
}

Does anyone have an idea what i am doing wrong?

Thx in advance! Cheers!

gitlab-greg · April 23, 2024, 5:13pm

Looking at the documentation, it seems that Vulnerability Report features and functionality are only available in GitLab Ultimate: https://docs.gitlab.com/ee/user/application_security/vulnerability_report/

copman · April 23, 2024, 5:28pm

Yes I know, I am actually testing with ultimate, otherwise I would not see the vulnerability report at all!

Topic		Replies	Views
How to return all vulnerabilities using GraphQL How to Use GitLab api	12	2439	July 5, 2024
Get information from vulnerabilities findings GraphQL API How to Use GitLab api	1	413	June 1, 2023
Why aren't RESOLVED vulnerabilities returned in GraphQL Explorer query? How to Use GitLab	0	130	February 1, 2024
Adding Vulnerability Location to VulnerabilityCreateInput graphql mutation request Observability api	1	858	January 16, 2024
Retrieve Vulnerability Findings - Missing solution / remediation keys How to Use GitLab api , docs-feedback	0	306	August 4, 2023

Vulnerabilities with GraphQL

Problem to solve

Steps to reproduce

Related topics