Skip to content

Draft: Adds CVE ID Request button details to security/cve

James Johnson requested to merge add_cve_id_request_btn_details into master

Why is this change being made?

This MR adds additional instruction for submitting CVE ID Requests via the new CVE ID Request button. This MR should be paired with the gitlab-org/gitlab MR: Adds Request CVE ID button to issue sidebar.

This feature's documentation is not added into gitlab-org/gitlab's documentation because it:

  • is exclusive to GitLab.com
  • only applies to maintainers, on public projects, in confidential issues
  • is integrated with the Vulnerability-Research team's workflow automation for triaging CVE ID requests
  • no method exists to limit documentation's visibility to only appear on GitLab.com (TODO: need to confirm this)

Author Checklist

  • Provided a concise title for the MR
  • Added a description to this MR explaining the reasons for the proposed change, per [say-why-not-just-what][transparency]
  • Assign this change to the correct DRI
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to your manager.
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in [#mr-buddies][mr-buddies-slack].
    • If the changes relate to any part of the project other than updates to content and/or data files please make sure to ping @gl-static-site-editor in a comment for a review and merge. For example changes to .gitlab-ci.yml, JavaScript/CSS/Ruby code or the layout files.

Merge request reports

Loading