Create a security vulnerability from Slack

Problem to solve

Security vulnerabilities can be created in many different ways. No matter which is the source, they should be available and managed in a similar way once reported.

For example, manually reported vulnerabilities and findings from automated scanning tools should share the same triage and resolution process.

Users should be able to report vulnerabilities via Slack commands, once the integration is set up correctly.

Target audience

• Devon, DevOps Engineer, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#devon-devops-engineer

• Sam, Security Analyst, https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas#sam-security-analyst

Proposal

Introduce a Slack command to report vulnerabilities into GitLab. This leverages first-class vulnerabilities.

What does success look like, and how can we measure that?

Number of Slack commands executed.

Links / references

Similar to incident management: &349