From 0dcdb771d928302c536fda8104156c3ed156ec1f Mon Sep 17 00:00:00 2001 From: Alan Paruszewski Date: Tue, 31 Mar 2020 13:17:31 +0200 Subject: [PATCH 01/16] Add documentation for Vulnerability Export API --- doc/api/api_resources.md | 1 + doc/api/vulnerability_exports.md | 138 +++++++++++++++++++++++++++++++ 2 files changed, 139 insertions(+) create mode 100644 doc/api/vulnerability_exports.md diff --git a/doc/api/api_resources.md b/doc/api/api_resources.md index fea30a2721a691..a275aa61f7d014 100644 --- a/doc/api/api_resources.md +++ b/doc/api/api_resources.md @@ -72,6 +72,7 @@ The following API resources are available in the project context: | [Tags](tags.md) | `/projects/:id/repository/tags` | | [Visual Review discussions](visual_review_discussions.md) **(STARTER**) | `/projects/:id/merge_requests/:merge_request_id/visual_review_discussions` | | [Vulnerabilities](vulnerabilities.md) **(ULTIMATE)** | `/projects/:id/vulnerabilities` | +| [Vulnerability Exports](vulnerability_exports.md) **(ULTIMATE)** | `/projects/:id/vulnerabilities` | | [Vulnerability Findings](vulnerability_findings.md) **(ULTIMATE)** | `/projects/:id/vulnerability_findings` | | [Wikis](wikis.md) | `/projects/:id/wikis` | diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md new file mode 100644 index 00000000000000..d20980d84f7550 --- /dev/null +++ b/doc/api/vulnerability_exports.md @@ -0,0 +1,138 @@ +# Project Vulnerabilities API **(ULTIMATE)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/197494) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10. + +CAUTION: **Caution:** +This API is currently in development and is protected by a **disabled** +[feature flag](../development/feature_flags/index.md). +On a self-managed GitLab instance, an administrator can enable it by starting the Rails console +(`sudo gitlab-rails console`) and then running the following command: `Feature.enable(:first_class_vulnerabilities)`. +To test if the Vulnerability Exports API was successfully enabled, run the following command: +`Feature.enabled?(:first_class_vulnerabilities)`. + +CAUTION: **Caution:** +This API is in an alpha stage and considered unstable. +The response payload may be subject to change or breakage +across GitLab releases. + +Every API call to vulnerability exports must be [authenticated](README.md#authentication). + +Vulnerability export permissions inherit permissions from their project. If a project is +private, and a user isn't a member of the project to which the vulnerability +belongs, requests to that project will return a `404 Not Found` status code. +Vulnerability exports can be only accessed by the author of the export. + +## New vulnerability export + +Creates a new vulnerability export. + +If an authenticated user does not have permission to +[create a new vulnerability](../user/permissions_stub_first_class_vulnerabilities.md#project-members-permissions), +this request will result in a `403` status code. + +```plaintext +POST /projects/:id/vulnerability_exports +``` + +| Attribute | Type | Required | Description | +| ------------------- | ----------------- | ---------- | -----------------------------------------------------------------------------------------------------------------------------| +| `id` | integer or string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) which the authenticated user is a member of | + +```shell +curl --header POST "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports +``` + +Created vulnerability export will be automatically deleted after 1 hour from the system. + +Example response: + +```json +{ + "id": 2, + "created_at": "2020-03-30T09:35:38.746Z", + "project_id": 1, + "format": "csv", + "status": "created", + "started_at": null, + "finished_at": null, + "_links": { + "self": "https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2", + "download": "https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2/download" + } +} +``` + +## Single vulnerability export + +Gets a single vulnerability export + +```plaintext +POST /projects/:id/vulnerability_exports/:vulnerability_export_id +``` + +| Attribute | Type | Required | Description | +| --------- | ---- | -------- | ----------- | +| `id` | integer or string | yes | The ID of a Vulnerability to get | +| `vulnerability_export_id` | integer or string | yes | The ID of a Vulnerability Export to get | + +```shell +curl --header "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2 +``` + +The response will be `202 Accepted` if the vulnerability export is not finished yet. + +Example response: + +```json +{ + "id": 2, + "created_at": "2020-03-30T09:35:38.746Z", + "project_id": 1, + "format": "csv", + "status": "finished", + "started_at": "2020-03-30T09:36:54.469Z", + "finished_at": "2020-03-30T09:36:55.008Z", + "_links": { + "self": "https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2", + "download": "https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2/download" + } +} +``` + +## Download vulnerability export + +Downloads a single vulnerability export + +```plaintext +POST /projects/:id/vulnerability_exports/:vulnerability_export_id/download +``` + +| Attribute | Type | Required | Description | +| --------- | ---- | -------- | ----------- | +| `id` | integer or string | yes | The ID of a Vulnerability to get | +| `vulnerability_export_id` | integer or string | yes | The ID of a Vulnerability Export to download | + +```shell +curl --header "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2/download +``` + +The response will be `404 Not Found` if the vulnerability export is not finished yet or was not found. + +Example response: + +```csv +Scanner Type,Scanner Name,Status,Vulnerability,Details,Additional Info,Severity,CVE +container_scanning,Clair,confirmed,CVE-2017-16997 in glibc,,CVE-2017-16997 in glibc,critical,CVE-2017-16997 +container_scanning,Clair,detected,CVE-2017-18269 in glibc,,CVE-2017-18269 in glibc,critical,CVE-2017-18269 +container_scanning,Clair,detected,CVE-2018-1000001 in glibc,,CVE-2018-1000001 in glibc,high,CVE-2018-1000001 +container_scanning,Clair,detected,CVE-2016-10228 in glibc,,CVE-2016-10228 in glibc,medium,CVE-2016-10228 +container_scanning,Clair,confirmed,CVE-2010-4052 in glibc,,CVE-2010-4052 in glibc,low,CVE-2010-4052 +container_scanning,Clair,detected,CVE-2018-18520 in elfutils,,CVE-2018-18520 in elfutils,low,CVE-2018-18520 +container_scanning,Clair,detected,CVE-2018-16869 in nettle,,CVE-2018-16869 in nettle,unknown,CVE-2018-16869 +dependency_scanning,Gemnasium,detected,Regular Expression Denial of Service in debug,,Regular Expression Denial of Service in debug,unknown,yarn.lock:debug:gemnasium:37283ed4-0380-40d7-ada7-2d994afcc62a +dependency_scanning,Gemnasium,detected,Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js,,Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js,unknown,yarn.lock:saml2-js:gemnasium:9952e574-7b5b-46fa-a270-aeb694198a98 +sast,Find Security Bugs,detected,Predictable pseudorandom number generator,,Predictable pseudorandom number generator,medium,818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM:src/main/java/com/gitlab/security_products/tests/App.java:47 +sast,Find Security Bugs,detected,Cipher with no integrity,,Cipher with no integrity,medium,e6449b89335daf53c0db4c0219bc1634:CIPHER_INTEGRITY:src/main/java/com/gitlab/security_products/tests/App.java:29 +sast,Find Security Bugs,detected,Predictable pseudorandom number generator,,Predictable pseudorandom number generator,medium,e8ff1d01f74cd372f78da8f5247d3e73:PREDICTABLE_RANDOM:src/main/java/com/gitlab/security_products/tests/App.java:41 +sast,Find Security Bugs,confirmed,ECB mode is insecure 2,,ECB mode is insecure,medium,ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:src/main/java/com/gitlab/security_products/tests/App.java:29 +``` -- GitLab From ff84f58a3306a491d571e085bb43e590b636c1ff Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Wed, 1 Apr 2020 13:29:15 +0000 Subject: [PATCH 02/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index d20980d84f7550..64e1bde54bd5ce 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -101,7 +101,7 @@ Example response: ## Download vulnerability export -Downloads a single vulnerability export +Downloads a single vulnerability export. ```plaintext POST /projects/:id/vulnerability_exports/:vulnerability_export_id/download -- GitLab From 95f3edc0c5e9be119db4466e2f9746706c520c9e Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Wed, 1 Apr 2020 13:29:18 +0000 Subject: [PATCH 03/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index 64e1bde54bd5ce..bb78d03daf11fb 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -62,7 +62,7 @@ Example response: } ``` -## Single vulnerability export +## Get single vulnerability export Gets a single vulnerability export @@ -101,7 +101,7 @@ Example response: ## Download vulnerability export -Downloads a single vulnerability export. +Downloads a single vulnerability export ```plaintext POST /projects/:id/vulnerability_exports/:vulnerability_export_id/download -- GitLab From 4e29017c0cccb707add07c4ddc43e2f87a753643 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Wed, 1 Apr 2020 13:29:28 +0000 Subject: [PATCH 04/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index bb78d03daf11fb..f987acdf44d78b 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -64,7 +64,7 @@ Example response: ## Get single vulnerability export -Gets a single vulnerability export +Gets a single vulnerability export. ```plaintext POST /projects/:id/vulnerability_exports/:vulnerability_export_id -- GitLab From c8b35eb0da8a2a7ee8caf069777866d170e2d572 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Wed, 1 Apr 2020 13:29:39 +0000 Subject: [PATCH 05/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index f987acdf44d78b..326ee3b0c809df 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -22,7 +22,7 @@ private, and a user isn't a member of the project to which the vulnerability belongs, requests to that project will return a `404 Not Found` status code. Vulnerability exports can be only accessed by the author of the export. -## New vulnerability export +## Create vulnerability export Creates a new vulnerability export. -- GitLab From 65f03e1519142fbb1fb064323b7edd9204d63f0f Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Wed, 1 Apr 2020 13:29:50 +0000 Subject: [PATCH 06/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index 326ee3b0c809df..535e5236d8db58 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -42,7 +42,7 @@ POST /projects/:id/vulnerability_exports curl --header POST "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports ``` -Created vulnerability export will be automatically deleted after 1 hour from the system. +The created vulnerability export will be automatically deleted after 1 hour. Example response: -- GitLab From 1dcbc0d2d82ca692f2f15ce36a85bffde97806a1 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:24:12 +0000 Subject: [PATCH 07/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index 535e5236d8db58..d00155b2c3b2ca 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -18,9 +18,9 @@ across GitLab releases. Every API call to vulnerability exports must be [authenticated](README.md#authentication). Vulnerability export permissions inherit permissions from their project. If a project is -private, and a user isn't a member of the project to which the vulnerability -belongs, requests to that project will return a `404 Not Found` status code. -Vulnerability exports can be only accessed by the author of the export. +private and a user isn't a member of the project to which the vulnerability +belongs, requests to that project return a `404 Not Found` status code. +Vulnerability exports can be only accessed by the export's author. ## Create vulnerability export -- GitLab From 59e1efb06c99e46e225ae8ce4990628255228564 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:24:22 +0000 Subject: [PATCH 08/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index d00155b2c3b2ca..ced9e2ef0963f3 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -79,7 +79,7 @@ POST /projects/:id/vulnerability_exports/:vulnerability_export_id curl --header "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2 ``` -The response will be `202 Accepted` if the vulnerability export is not finished yet. +If the vulnerability export isn't finished, the response is `202 Accepted`. Example response: -- GitLab From 7b7cbb46054672a36488688cac54642df1202f1d Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:24:33 +0000 Subject: [PATCH 09/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index ced9e2ef0963f3..585e2fd8222737 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -116,7 +116,7 @@ POST /projects/:id/vulnerability_exports/:vulnerability_export_id/download curl --header "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2/download ``` -The response will be `404 Not Found` if the vulnerability export is not finished yet or was not found. +If the vulnerability export isn't finished or couldn't be found, the response is `404 Not Found`. Example response: -- GitLab From 58dbbf238142bfd2b4ebca151cdc4bdeb64886c6 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:24:37 +0000 Subject: [PATCH 10/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index 585e2fd8222737..c42071e31b53a4 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -109,14 +109,14 @@ POST /projects/:id/vulnerability_exports/:vulnerability_export_id/download | Attribute | Type | Required | Description | | --------- | ---- | -------- | ----------- | -| `id` | integer or string | yes | The ID of a Vulnerability to get | -| `vulnerability_export_id` | integer or string | yes | The ID of a Vulnerability Export to download | +| `id` | integer or string | yes | The vulnerability's ID | +| `vulnerability_export_id` | integer or string | yes | The vulnerability export's ID | ```shell curl --header "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2/download ``` -If the vulnerability export isn't finished or couldn't be found, the response is `404 Not Found`. +The response will be `404 Not Found` if the vulnerability export is not finished yet or was not found. Example response: -- GitLab From db5738b73784d098b5434b5ea3a312f3f5b80933 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:24:46 +0000 Subject: [PATCH 11/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index c42071e31b53a4..a5aef86ad9c828 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -36,7 +36,7 @@ POST /projects/:id/vulnerability_exports | Attribute | Type | Required | Description | | ------------------- | ----------------- | ---------- | -----------------------------------------------------------------------------------------------------------------------------| -| `id` | integer or string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) which the authenticated user is a member of | +| `id` | integer or string | yes | The ID or [URL-encoded path](README.md#namespaced-path-encoding) of the project which the authenticated user is a member of | ```shell curl --header POST "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports -- GitLab From bee3b1d2fe377141f6ea33f1d441b0d03b98ee95 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:24:59 +0000 Subject: [PATCH 12/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index a5aef86ad9c828..a373d202e6ca4d 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -28,7 +28,7 @@ Creates a new vulnerability export. If an authenticated user does not have permission to [create a new vulnerability](../user/permissions_stub_first_class_vulnerabilities.md#project-members-permissions), -this request will result in a `403` status code. +this request results in a `403` status code. ```plaintext POST /projects/:id/vulnerability_exports -- GitLab From c6984c2eaef14832926a618ef51bb14b8e5f68db Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:25:13 +0000 Subject: [PATCH 13/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index a373d202e6ca4d..7fa227c2837401 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -26,7 +26,7 @@ Vulnerability exports can be only accessed by the export's author. Creates a new vulnerability export. -If an authenticated user does not have permission to +If an authenticated user doesn't have permission to [create a new vulnerability](../user/permissions_stub_first_class_vulnerabilities.md#project-members-permissions), this request results in a `403` status code. -- GitLab From 5c34dfc2c6fb7a82d7db25e07c422d8463e8d1c7 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:25:24 +0000 Subject: [PATCH 14/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index 7fa227c2837401..524b082d0ded0e 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -101,7 +101,7 @@ Example response: ## Download vulnerability export -Downloads a single vulnerability export +Downloads a single vulnerability export. ```plaintext POST /projects/:id/vulnerability_exports/:vulnerability_export_id/download -- GitLab From 3b01f3690d77869278cf17381928256353542b65 Mon Sep 17 00:00:00 2001 From: "Alan (Maciej) Paruszewski" Date: Fri, 3 Apr 2020 07:25:34 +0000 Subject: [PATCH 15/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index 524b082d0ded0e..6264a3d0a976d0 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -72,8 +72,8 @@ POST /projects/:id/vulnerability_exports/:vulnerability_export_id | Attribute | Type | Required | Description | | --------- | ---- | -------- | ----------- | -| `id` | integer or string | yes | The ID of a Vulnerability to get | -| `vulnerability_export_id` | integer or string | yes | The ID of a Vulnerability Export to get | +| `id` | integer or string | yes | The vulnerability's ID | +| `vulnerability_export_id` | integer or string | yes | The vulnerability export's ID | ```shell curl --header "PRIVATE-TOKEN: " https://gitlab.example.com/api/v4/projects/1/vulnerability_exports/2 -- GitLab From f8b4f21c11047b79d77e90dee38956294b936380 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Thu, 9 Apr 2020 17:42:59 +0000 Subject: [PATCH 16/16] Apply suggestion to doc/api/vulnerability_exports.md --- doc/api/vulnerability_exports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index 6264a3d0a976d0..f2666783087eac 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -27,7 +27,7 @@ Vulnerability exports can be only accessed by the export's author. Creates a new vulnerability export. If an authenticated user doesn't have permission to -[create a new vulnerability](../user/permissions_stub_first_class_vulnerabilities.md#project-members-permissions), +[create a new vulnerability](../user/permissions.md#project-members-permissions), this request results in a `403` status code. ```plaintext -- GitLab