python-gitlab
Vulnerabilities and vulnerability exports API
Description of the problem, including code/CLI snippet
Need modules for https://docs.gitlab.com/ee/api/vulnerabilities.html and https://docs.gitlab.com/ee/api/vulnerability_exports.html
Expected Behavior
Option to use Vulerabilities and vulnerability_export api.
Actual Behavior
No option to use Vulerabilities and vulnerability_export api.
Specifications
- python-gitlab version:
- API version you are using (v3/v4):
- Gitlab server version (or gitlab.com): 15.x
Hi @srisaravananwt, thanks for the report. I've added the help wanted label here as this is an Ultimate plan feature.
@nejch Thanks. Could you please point me to the similar MR for any other features like this? I will try to contribute.
Awesome! Since vulnerabilities is mostly an instance-level endpoint, (e.g. you will likely do vuln = gl.vulnerabilities.get(vuln_id), I think the closest might be the Topics API, see this commit here: https://github.com/python-gitlab/python-gitlab/pull/1740/commits/91cd74de9a7f1c65c5a9779e1b48cb26904d60d8. This should give you a basic idea.
Now I see it has a lot of custom endpoints for confirm, dismiss, etc. These will be methods on the object itself, not the manager (e.g. vuln.dismiss()). For these, I'd maybe take a look at https://github.com/python-gitlab/python-gitlab/pull/2064.
Also keep in mind I just noticed they are deprecating this REST endpoint in favor of GraphQL. But that will probably take years, so if you need it now it probably makes sense still :)
Hey @srisaravananwt , any work on this? I need this as well and can help out on the fork.
@Rewdog I have used GraphQL to export the vulnerability report.
I think this is the only way forward, the REST APIs (Vulnerabilities and Vulnerability Findings) are deprecated and have issues (i.e., pagination doesn't currently work).
That said, pagination is also currently broken in the GraphQL securityReportFindings connection. I'm currently working with their tech support to figure it out.
