Fixed api returning every VexRule on request

[Dboy0ZDev]

Fixes Issue: #1870
Fixed the error that all all VexRules are returned on request to a specific Vuln.

The issue was that there was a mismatch in query parameters. While the frontend was using the query param dependencyVulnId, the backend API expected the parameter vulnId. It therefore defaulted back into a case where the database would return every VexRule in the organisation for every vuln.

This issue is solved now, but VexRules which contain direct dependencies are still not being displayed. This is discussed in Issue: #1872

[Copilot]

Pull request overview

Fixes the VEX rules listing endpoint to correctly filter by a specific dependency vulnerability by aligning the backend query parameter with what the frontend sends, preventing unrelated rules from being returned.

Changes:

• Updated VEXRuleController.List to read dependencyVulnId from the query string instead of vulnId.

Comments suppressed due to low confidence (1)

controllers/vex_rule_controller.go:84

• Changing the query parameter from vulnId to dependencyVulnId is a breaking API change for any existing clients still sending vulnId. Consider supporting both params for a transition period (e.g., read dependencyVulnId first and fall back to vulnId, and/or return 400 when both are provided but differ), and update the OpenAPI annotations to document the new param and deprecate the old one.

	vulnID := ctx.QueryParam("dependencyVulnId")
	if vulnID != "" {
		vulnIDParsed, err := uuid.Parse(vulnID)
		if err != nil {
			return echo.NewHTTPError(400, "could not parse vuln ID to uuid").WithInternal(err)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.