Automatically Suppress Security Alerts for Archived Projects
Problem to solve
Projects are occasionally retired and their repositories are archived.
However, any security alerts displayed in the Security Dashboard remain until manually dismissed.
One such archived project has over 120 security alerts. I would like to avoid the tedious task of curating the dashboard of archived projects.
Intended users
Any personas tasked with the responsibility of monitoring overall organizational health.
Further details
I specifically mentioned suppressing the alerts, because, ideally, if the project was un-archived, I would hope the alerts would re-appear in the dashboard. That's another reason why I don't want to dismiss the alerts.
As for the risk to GitLab, perhaps this will effect the quality of the customer experience depending on how customers treat archived projects. Some businesses may still deploy products, while archiving their repositories, while others archive the repository after they've removed the product from production.
In the former case it's still advantageous to highlight the vulnerabilities that consumers of the deployed product are exposed to.
Proposal
Not sure.
Permissions and Security
N/A
Documentation
Not sure.
Testing
Not sure.
What does success look like, and how can we measure that?
Time taken to curate security dashboard for archived projects is re-claimed.
Less time is taken to discover actionable alerts (because the user does not need to scroll through archived projects).