Merge branch '230380_expose_detected_at_information_on_graphql_api' into 'master'

Expose `detectedAt` information for vulnerabilities on GraphQL

See merge request gitlab-org/gitlab!41000

doc/api/graphql/reference/gitlab_schema.graphql

@@ -17410,6 +17410,11 @@ type Vulnerability {
   """
   description: String
 
+  """
+  Timestamp of when the vulnerability was first detected
+  """
+  detectedAt: Time!
+
   """
   GraphQL ID of the vulnerability
   """

doc/api/graphql/reference/gitlab_schema.json

@@ -51106,6 +51106,24 @@
               "isDeprecated": false,
               "deprecationReason": null
             },
+            {
+              "name": "detectedAt",
+              "description": "Timestamp of when the vulnerability was first detected",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "NON_NULL",
+                "name": null,
+                "ofType": {
+                  "kind": "SCALAR",
+                  "name": "Time",
+                  "ofType": null
+                }
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "id",
               "description": "GraphQL ID of the vulnerability",

doc/api/graphql/reference/index.md

@@ -2580,6 +2580,7 @@ Represents a vulnerability.
 | Name  | Type  | Description |
 | ---   |  ---- | ----------  |
 | `description` | String | Description of the vulnerability |
+| `detectedAt` | Time! | Timestamp of when the vulnerability was first detected |
 | `id` | ID! | GraphQL ID of the vulnerability |
 | `identifiers` | VulnerabilityIdentifier! => Array | Identifiers of the vulnerability. |
 | `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability |

ee/app/graphql/types/vulnerability_type.rb

@@ -66,5 +66,9 @@ module Types
           description: 'The project on which the vulnerability was found',
           authorize: :read_project,
           resolve: -> (obj, args, context) { Gitlab::Graphql::Loaders::BatchModelLoader.new(Project, obj.project_id).find }
+
+    field :detected_at, Types::TimeType, null: false,
+          description: 'Timestamp of when the vulnerability was first detected',
+          method: :created_at
   end
 end

ee/changelogs/unreleased/230380_expose_detected_at_information_on_graphql_api.yml

+---
+title: Introduce `detectedAt` field for VulnerabilityType on GraphQL API
+merge_request: 41000
+author:
+type: added

ee/spec/graphql/types/vulnerability_type_spec.rb

@@ -6,9 +6,24 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
   let_it_be(:project) { create(:project) }
   let_it_be(:user) { create(:user) }
   let_it_be(:vulnerability) { create(:vulnerability, project: project) }
-
-  let(:fields) do
-    %i[userPermissions id title description user_notes_count state severity report_type resolved_on_default_branch vulnerability_path location scanner primary_identifier identifiers project issueLinks]
+  let_it_be(:fields) do
+    %i[userPermissions
+       id
+       title
+       description
+       user_notes_count
+       state
+       severity
+       report_type
+       resolved_on_default_branch
+       vulnerability_path
+       location
+       scanner
+       primary_identifier
+       identifiers
+       project
+       issueLinks
+       detected_at]
   end
 
   before do