Add vulnerability scanner ID filter in GraphQL

Filter added for scannerId

Changelog: changed
EE: true

doc/api/graphql/reference/index.md

@@ -9483,6 +9483,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="groupvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="groupvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="groupvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
+| <a id="groupvulnerabilityseveritiescountscannerid"></a>`scannerId` | [`[VulnerabilitiesScannerID!]`](#vulnerabilitiesscannerid) | Filter vulnerabilities by scanner ID. |
 | <a id="groupvulnerabilityseveritiescountseverity"></a>`severity` | [`[VulnerabilitySeverity!]`](#vulnerabilityseverity) | Filter vulnerabilities by severity. |
 | <a id="groupvulnerabilityseveritiescountstate"></a>`state` | [`[VulnerabilityState!]`](#vulnerabilitystate) | Filter vulnerabilities by state. |
 
@@ -9651,6 +9652,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
+| <a id="instancesecuritydashboardvulnerabilityseveritiescountscannerid"></a>`scannerId` | [`[VulnerabilitiesScannerID!]`](#vulnerabilitiesscannerid) | Filter vulnerabilities by scanner ID. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountseverity"></a>`severity` | [`[VulnerabilitySeverity!]`](#vulnerabilityseverity) | Filter vulnerabilities by severity. |
 | <a id="instancesecuritydashboardvulnerabilityseveritiescountstate"></a>`state` | [`[VulnerabilityState!]`](#vulnerabilitystate) | Filter vulnerabilities by state. |
 
@@ -11887,6 +11889,7 @@ Returns [`VulnerabilitySeveritiesCount`](#vulnerabilityseveritiescount).
 | <a id="projectvulnerabilityseveritiescountprojectid"></a>`projectId` | [`[ID!]`](#id) | Filter vulnerabilities by project. |
 | <a id="projectvulnerabilityseveritiescountreporttype"></a>`reportType` | [`[VulnerabilityReportType!]`](#vulnerabilityreporttype) | Filter vulnerabilities by report type. |
 | <a id="projectvulnerabilityseveritiescountscanner"></a>`scanner` | [`[String!]`](#string) | Filter vulnerabilities by scanner. |
+| <a id="projectvulnerabilityseveritiescountscannerid"></a>`scannerId` | [`[VulnerabilitiesScannerID!]`](#vulnerabilitiesscannerid) | Filter vulnerabilities by scanner ID. |
 | <a id="projectvulnerabilityseveritiescountseverity"></a>`severity` | [`[VulnerabilitySeverity!]`](#vulnerabilityseverity) | Filter vulnerabilities by severity. |
 | <a id="projectvulnerabilityseveritiescountstate"></a>`state` | [`[VulnerabilityState!]`](#vulnerabilitystate) | Filter vulnerabilities by state. |
 

ee/app/assets/javascripts/security_dashboard/graphql/queries/vulnerability_severities_count.query.graphql

@@ -7,6 +7,7 @@ query vulnerabilitySeveritiesCount(
   $reportType: [VulnerabilityReportType!]
   $scanner: [String!]
   $state: [VulnerabilityState!]
+  $scannerId: [VulnerabilitiesScannerID!]
   $isGroup: Boolean = false
   $isProject: Boolean = false
   $isInstance: Boolean = false
@@ -18,6 +19,7 @@ query vulnerabilitySeveritiesCount(
       reportType: $reportType
       scanner: $scanner
       state: $state
+      scannerId: $scannerId
     ) {
       ...VulnerabilitySeveritiesCount
     }
@@ -29,6 +31,7 @@ query vulnerabilitySeveritiesCount(
       reportType: $reportType
       scanner: $scanner
       state: $state
+      scannerId: $scannerId
     ) {
       ...VulnerabilitySeveritiesCount
     }
@@ -39,6 +42,7 @@ query vulnerabilitySeveritiesCount(
       reportType: $reportType
       scanner: $scanner
       state: $state
+      scannerId: $scannerId
     ) {
       ...VulnerabilitySeveritiesCount
     }

ee/app/graphql/resolvers/vulnerabilities_base_resolver.rb

@@ -35,5 +35,11 @@ module Resolvers
       # dashboard
       object.nil? && current_user.present?
     end
+
+    def resolve_gids(gids, gid_class)
+      gids.map do |gid|
+        Types::GlobalIDType[gid_class].coerce_isolated_input(gid).model_id
+      end
+    end
   end
 end

ee/app/graphql/resolvers/vulnerabilities_resolver.rb

@@ -55,12 +55,6 @@ module Resolvers
 
     private
 
-    def resolve_gids(gids, gid_class)
-      gids.map do |gid|
-        Types::GlobalIDType[gid_class].coerce_isolated_input(gid).model_id
-      end
-    end
-
     def vulnerabilities(params)
       Security::VulnerabilitiesFinder.new(vulnerable, params).execute
     end

ee/app/graphql/resolvers/vulnerability_severities_count_resolver.rb

@@ -29,9 +29,15 @@ module Resolvers
              required: false,
              description: 'Filter vulnerabilities by scanner.'
 
+    argument :scanner_id, [::Types::GlobalIDType[::Vulnerabilities::Scanner]],
+             required: false,
+             description: 'Filter vulnerabilities by scanner ID.'
+
     def resolve(**args)
       return Vulnerability.none unless vulnerable
 
+      args[:scanner_id] = resolve_gids(args[:scanner_id], ::Vulnerabilities::Scanner) if args[:scanner_id]
+
       Hash.new(0)
         .merge(vulnerabilities(args).grouped_by_severity.count)
     end

ee/spec/graphql/resolvers/vulnerability_severities_count_resolver_spec.rb

@@ -63,6 +63,14 @@ RSpec.describe Resolvers::VulnerabilitySeveritiesCountResolver do
         end
       end
 
+      context 'when given scanner ID' do
+        let(:filters) { { scanner_id: [GitlabSchema.id_from_object(high_vulnerability.finding.scanner)] } }
+
+        it 'only returns count for vulnerabilities with scanner ID' do
+          is_expected.to eq('high' => 1)
+        end
+      end
+
       context 'when given report types' do
         let(:filters) { { report_type: %i[dast sast] } }
 

ee/spec/requests/api/graphql/project/vulnerability_severities_count_spec.rb

@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe 'Query.project(fullPath).vulnerabilitySeveritiesCount' do
   let_it_be(:project) { create(:project) }
   let_it_be(:user) { create(:user) }
-  let_it_be(:vulnerability) { create(:vulnerability, :high, project: project) }
+  let_it_be(:vulnerability) { create(:vulnerability, :high, :with_finding, project: project) }
 
   let_it_be(:query) do
     %(
@@ -32,4 +32,24 @@ RSpec.describe 'Query.project(fullPath).vulnerabilitySeveritiesCount' do
 
     expect(high_count).to eq(1)
   end
+
+  context 'with scannerId filter' do
+    let(:query) do
+      %(
+        query {
+          project(fullPath: "#{project.full_path}") {
+            vulnerabilitySeveritiesCount(scannerId: "#{GitlabSchema.id_from_object(vulnerability.finding.scanner)}") {
+              high
+            }
+          }
+        }
+      )
+    end
+
+    it 'counts vulnerabilities with issues' do
+      high_count = subject.dig('data', 'project', 'vulnerabilitySeveritiesCount', 'high')
+
+      expect(high_count).to eq(1)
+    end
+  end
 end