Infrastructure security scanning (Vision)
Problem to solve
We can control the security of our app, but the app actually can be affected by the security status of the infrastructure where it is deployed. In order to keep the app secure, we need to ensure the infrastructure is also secure.
This kind of scan can also detect other services running in the same infrastructure and analyze them.
Proposal
Allow the ability to perform a full vulnerability assessment on the infrastructure where the app is running.
We can use tools like OpenVAS (http://www.openvas.org/) to make it automated. This scan can be offered as a standalone feature and executed via the Security Control Panel (https://gitlab.com/gitlab-org/gitlab-ee/issues/7207).
What does success look like, and how can we measure that?
People perform regular infrastructure vulnerability assessment.