Add `source_id` to compliance framework GraphQL type (!195713) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This adds the sourceId to the GraphQl type so that when we query a given group and list the frameworks, we also receive the source back which will help us determine if the framework belongs to a CSP Group.

How to set up and validate locally

An existing Compliance Framework can simply be updated with framework.update(source_id: YOUR_SOURCE_ID), or alternatively you can use a console to create a new one:

ComplianceManagement::Frameworks::CreateService.new(
  namespace: Group.find(YOUR_GROUP_ID), 
  params: {name: "Testing123", description: "Description", color: "#000000"}, 
  current_user: YOUR_USER).execute

Until this MR is merged the source cannot be passed in, so you still need to update the source of your newly created framework.

Then you can navigate to http://gitlab.localdev:3000/-/graphql-explorer and query your group e.g. gitlab-org:

query {
  group(fullPath: "gitlab-org") {
    id
    name
    complianceFrameworks {
      edges {
        node {
          id
          name
          description
          color
          sourceId
          pipelineConfigurationFullPath
          default
        }
      }
    }
  }
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #551507 (closed)

Edited Jul 03, 2025 by Jean van der Walt

Add source_id to compliance framework GraphQL type

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports

Add `source_id` to compliance framework GraphQL type