Skip to content

Vulnerabilities and vulnerability exports API #2316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
srisaravananwt opened this issue Oct 16, 2022 · 6 comments
Open

Vulnerabilities and vulnerability exports API #2316

srisaravananwt opened this issue Oct 16, 2022 · 6 comments
Labels
EE Issues related to the enterprise version of GitLab feature help wanted

Comments

@srisaravananwt
Copy link

Description of the problem, including code/CLI snippet

Need modules for https://docs.gitlab.com/ee/api/vulnerabilities.html and https://docs.gitlab.com/ee/api/vulnerability_exports.html

Expected Behavior

Option to use Vulerabilities and vulnerability_export api.

Actual Behavior

No option to use Vulerabilities and vulnerability_export api.

Specifications

  • python-gitlab version:
  • API version you are using (v3/v4):
  • Gitlab server version (or gitlab.com): 15.x
@nejch nejch added feature EE Issues related to the enterprise version of GitLab help wanted labels Oct 16, 2022
@nejch
Copy link
Member

nejch commented Oct 16, 2022

Hi @srisaravananwt, thanks for the report. I've added the help wanted label here as this is an Ultimate plan feature.

@nejch nejch changed the title [Feature Request] Vulnerabilities and vulnerability exports API Oct 16, 2022
@srisaravananwt
Copy link
Author

@nejch Thanks. Could you please point me to the similar MR for any other features like this? I will try to contribute.

@nejch
Copy link
Member

nejch commented Oct 16, 2022

Awesome! Since vulnerabilities is mostly an instance-level endpoint, (e.g. you will likely do vuln = gl.vulnerabilities.get(vuln_id), I think the closest might be the Topics API, see this commit here: 91cd74d. This should give you a basic idea.

Now I see it has a lot of custom endpoints for confirm, dismiss, etc. These will be methods on the object itself, not the manager (e.g. vuln.dismiss()). For these, I'd maybe take a look at #2064.

Also keep in mind I just noticed they are deprecating this REST endpoint in favor of GraphQL. But that will probably take years, so if you need it now it probably makes sense still :)

@Rewdog
Copy link

Rewdog commented Jan 19, 2023

Hey @srisaravananwt , any work on this? I need this as well and can help out on the fork.

@srisaravananwt
Copy link
Author

srisaravananwt commented Jan 20, 2023
edited
Loading

@Rewdog I have used GraphQL to export the vulnerability report.

@irishismyname
Copy link

@Rewdog I have used GraphQL to export the vulnerability report.

I think this is the only way forward, the REST APIs (Vulnerabilities and Vulnerability Findings) are deprecated and have issues (i.e., pagination doesn't currently work).

That said, pagination is also currently broken in the GraphQL securityReportFindings connection. I'm currently working with their tech support to figure it out.

@irishismyname irishismyname mentioned this issue Jan 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
EE Issues related to the enterprise version of GitLab feature help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@srisaravananwt @Rewdog @nejch @irishismyname