vulnerabilities

package
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package vulnerabilities implements MCP tool handlers for GitLab vulnerability management using the GraphQL API. It covers listing project vulnerabilities, retrieving individual vulnerability details, and state mutations (dismiss, confirm, resolve, revert).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FormatGetMarkdown 

func FormatGetMarkdown(out GetOutput) string

FormatGetMarkdown renders a single vulnerability detail as Markdown.

func FormatListMarkdown 

func FormatListMarkdown(out ListOutput) string

FormatListMarkdown renders a paginated list of vulnerabilities as Markdown.

func FormatMutationMarkdown 

func FormatMutationMarkdown(out MutationOutput, action string) string

FormatMutationMarkdown renders a vulnerability state mutation result as Markdown.

func FormatPipelineSecuritySummaryMarkdown 

func FormatPipelineSecuritySummaryMarkdown(out PipelineSecuritySummaryOutput) string

FormatPipelineSecuritySummaryMarkdown renders a pipeline security summary as Markdown.

func FormatSeverityCountMarkdown 

func FormatSeverityCountMarkdown(out SeverityCountOutput) string

FormatSeverityCountMarkdown renders vulnerability severity counts as Markdown.

func RegisterTools 

func RegisterTools(server *mcp.Server, client *gitlabclient.Client)

RegisterTools registers vulnerability management tools on the MCP server.

Types

type ConfirmInput 

type ConfirmInput struct {
	ID string `json:"id" jsonschema:"Vulnerability GID (e.g. gid://gitlab/Vulnerability/42),required"`
}

ConfirmInput is the input for confirming a vulnerability.

type DismissInput 

type DismissInput struct {
	ID              string `json:"id" jsonschema:"Vulnerability GID (e.g. gid://gitlab/Vulnerability/42),required"`
	Comment         string `json:"comment,omitempty" jsonschema:"Reason for dismissal"`
	DismissalReason string `` /* 147-byte string literal not displayed */
}

DismissInput is the input for dismissing a vulnerability.

type GetInput 

type GetInput struct {
	ID string `json:"id" jsonschema:"Vulnerability GID (e.g. gid://gitlab/Vulnerability/42),required"`
}

GetInput is the input for getting a single vulnerability.

type GetOutput 

type GetOutput struct {
	toolutil.HintableOutput
	Vulnerability Item `json:"vulnerability"`
}

GetOutput is the output for getting a single vulnerability.

func Get 

func Get(ctx context.Context, client *gitlabclient.Client, input GetInput) (GetOutput, error)

Get retrieves a single vulnerability by GID via the GitLab GraphQL API.

type IdentifierItem 

type IdentifierItem struct {
	Name         string `json:"name"`
	ExternalType string `json:"external_type,omitempty"`
	ExternalID   string `json:"external_id,omitempty"`
	URL          string `json:"url,omitempty"`
}

IdentifierItem represents a vulnerability identifier (CVE, CWE, etc.).

type Item 

type Item struct {
	ID              string           `json:"id"`
	Title           string           `json:"title"`
	Severity        string           `json:"severity"`
	State           string           `json:"state"`
	Description     string           `json:"description,omitempty"`
	ReportType      string           `json:"report_type,omitempty"`
	Scanner         *ScannerItem     `json:"scanner,omitempty"`
	Location        *LocationItem    `json:"location,omitempty"`
	Identifiers     []IdentifierItem `json:"identifiers,omitempty"`
	DetectedAt      string           `json:"detected_at,omitempty"`
	DismissedAt     string           `json:"dismissed_at,omitempty"`
	ResolvedAt      string           `json:"resolved_at,omitempty"`
	ConfirmedAt     string           `json:"confirmed_at,omitempty"`
	Project         *ProjectItem     `json:"project,omitempty"`
	WebURL          string           `json:"web_url,omitempty"`
	PrimaryID       *IdentifierItem  `json:"primary_identifier,omitempty"`
	Solution        string           `json:"solution,omitempty"`
	HasSolutions    bool             `json:"has_solutions,omitempty"`
	HasIssues       bool             `json:"has_issues,omitempty"`
	HasMR           bool             `json:"has_merge_request,omitempty"`
	DismissalReason string           `json:"dismissal_reason,omitempty"`
}

Item is a summary of a vulnerability.

type ListInput 

type ListInput struct {
	ProjectPath   string   `json:"project_path" jsonschema:"Full path of the project (e.g. my-group/my-project),required"`
	Severity      []string `json:"severity,omitempty" jsonschema:"Filter by severity: CRITICAL, HIGH, MEDIUM, LOW, INFO, UNKNOWN"`
	State         []string `json:"state,omitempty" jsonschema:"Filter by state: DETECTED, CONFIRMED, DISMISSED, RESOLVED"`
	Scanner       []string `json:"scanner,omitempty" jsonschema:"Filter by scanner external IDs"`
	ReportType    []string `` /* 189-byte string literal not displayed */
	HasIssues     *bool    `json:"has_issues,omitempty" jsonschema:"Filter by whether a linked issue exists"`
	HasResolution *bool    `json:"has_resolution,omitempty" jsonschema:"Filter by whether a resolution exists"`
	Sort          string   `json:"sort,omitempty" jsonschema:"Sort order: severity_desc, severity_asc, detected_desc, detected_asc"`
	toolutil.GraphQLPaginationInput
}

ListInput is the input for listing project vulnerabilities.

type ListOutput 

type ListOutput struct {
	toolutil.HintableOutput
	Vulnerabilities []Item                           `json:"vulnerabilities"`
	Pagination      toolutil.GraphQLPaginationOutput `json:"pagination"`
}

ListOutput is the output for listing project vulnerabilities.

func List 

func List(ctx context.Context, client *gitlabclient.Client, input ListInput) (ListOutput, error)

List retrieves project vulnerabilities via the GitLab GraphQL API.

type LocationItem 

type LocationItem struct {
	File      string `json:"file,omitempty"`
	StartLine int    `json:"start_line,omitempty"`
	EndLine   int    `json:"end_line,omitempty"`
	BlobPath  string `json:"blob_path,omitempty"`
}

LocationItem represents the location where the vulnerability was found.

type MutationOutput 

type MutationOutput struct {
	toolutil.HintableOutput
	Vulnerability Item `json:"vulnerability"`
}

MutationOutput is the output for vulnerability state mutations.

func Confirm 

func Confirm(ctx context.Context, client *gitlabclient.Client, input ConfirmInput) (MutationOutput, error)

Confirm confirms a vulnerability via the GitLab GraphQL API.

func Dismiss 

func Dismiss(ctx context.Context, client *gitlabclient.Client, input DismissInput) (MutationOutput, error)

Dismiss dismisses a vulnerability via the GitLab GraphQL API.

func Resolve 

func Resolve(ctx context.Context, client *gitlabclient.Client, input ResolveInput) (MutationOutput, error)

Resolve resolves a vulnerability via the GitLab GraphQL API.

func Revert 

func Revert(ctx context.Context, client *gitlabclient.Client, input RevertInput) (MutationOutput, error)

Revert reverts a vulnerability to detected state via the GitLab GraphQL API.

type PipelineSecuritySummaryInput 

type PipelineSecuritySummaryInput struct {
	ProjectPath string `json:"project_path" jsonschema:"Full path of the project (e.g. my-group/my-project),required"`
	PipelineIID string `json:"pipeline_iid" jsonschema:"Pipeline IID (internal ID within the project),required"`
}

PipelineSecuritySummaryInput is the input for retrieving a pipeline's security report summary.

type PipelineSecuritySummaryOutput 

type PipelineSecuritySummaryOutput struct {
	toolutil.HintableOutput
	Sast                 *ScannerSummaryItem `json:"sast,omitempty"`
	Dast                 *ScannerSummaryItem `json:"dast,omitempty"`
	DependencyScanning   *ScannerSummaryItem `json:"dependency_scanning,omitempty"`
	ContainerScanning    *ScannerSummaryItem `json:"container_scanning,omitempty"`
	SecretDetection      *ScannerSummaryItem `json:"secret_detection,omitempty"`
	CoverageFuzzing      *ScannerSummaryItem `json:"coverage_fuzzing,omitempty"`
	APIFuzzing           *ScannerSummaryItem `json:"api_fuzzing,omitempty"`
	ClusterImageScanning *ScannerSummaryItem `json:"cluster_image_scanning,omitempty"`
	TotalVulnerabilities int                 `json:"total_vulnerabilities"`
}

PipelineSecuritySummaryOutput contains scanner-level breakdown of a pipeline's security report.

func PipelineSecuritySummary 

func PipelineSecuritySummary(ctx context.Context, client *gitlabclient.Client, input PipelineSecuritySummaryInput) (PipelineSecuritySummaryOutput, error)

PipelineSecuritySummary retrieves a pipeline's security report summary via GraphQL.

type ProjectItem 

type ProjectItem struct {
	ID       string `json:"id"`
	Name     string `json:"name"`
	FullPath string `json:"full_path"`
}

ProjectItem represents a minimal project reference on a vulnerability.

type ResolveInput 

type ResolveInput struct {
	ID string `json:"id" jsonschema:"Vulnerability GID (e.g. gid://gitlab/Vulnerability/42),required"`
}

ResolveInput is the input for resolving a vulnerability.

type RevertInput 

type RevertInput struct {
	ID string `json:"id" jsonschema:"Vulnerability GID (e.g. gid://gitlab/Vulnerability/42),required"`
}

RevertInput is the input for reverting a vulnerability to detected state.

type ScannerItem 

type ScannerItem struct {
	Name      string `json:"name"`
	Vendor    string `json:"vendor,omitempty"`
	ScannerID string `json:"scanner_id,omitempty"`
}

ScannerItem represents the scanner that detected the vulnerability.

type ScannerSummaryItem 

type ScannerSummaryItem struct {
	VulnerabilitiesCount    int    `json:"vulnerabilities_count"`
	ScannedResourcesCount   int    `json:"scanned_resources_count"`
	ScannedResourcesCsvPath string `json:"scanned_resources_csv_path,omitempty"`
}

ScannerSummaryItem represents the security scan results from a single scanner type.

type SeverityCountInput 

type SeverityCountInput struct {
	ProjectPath string `json:"project_path" jsonschema:"Full path of the project (e.g. my-group/my-project),required"`
}

SeverityCountInput is the input for retrieving vulnerability severity counts.

type SeverityCountOutput 

type SeverityCountOutput struct {
	toolutil.HintableOutput
	Critical int `json:"critical"`
	High     int `json:"high"`
	Medium   int `json:"medium"`
	Low      int `json:"low"`
	Info     int `json:"info"`
	Unknown  int `json:"unknown"`
	Total    int `json:"total"`
}

SeverityCountOutput contains vulnerability counts grouped by severity level.

func SeverityCount 

func SeverityCount(ctx context.Context, client *gitlabclient.Client, input SeverityCountInput) (SeverityCountOutput, error)

SeverityCount retrieves vulnerability severity counts for a project via GraphQL.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.