Create a security vulnerability from Slack
Problem to solve
Security vulnerabilities can be created in many different ways. No matter which is the source, they should be available and managed in a similar way once reported.
For example, manually reported vulnerabilities and findings from automated scanning tools should share the same triage and resolution process.
Users should be able to report vulnerabilities via Slack commands, once the integration is set up correctly.
Target audience
-
Devon, DevOps Engineer, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#devon-devops-engineer
-
Sam, Security Analyst, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sam-security-analyst
Proposal
Introduce a Slack command to report vulnerabilities into GitLab. This leverages first-class vulnerabilities.
What does success look like, and how can we measure that?
Number of Slack commands executed.
Links / references
Similar to incident management: &349