Security Activity feed
Problem to solve
Security Teams (AppSec) using the Security Dashboard have difficulties to follow changes around vulnerabilities because there's also no audit trail of activity.
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
Further details
The Security Dashboard is a great place to start triaging vulnerabilities and keep an eye on the current security posture of projects. Nevertheless, this overview doesn't give any idea of the evolution of this posture, apart from the trends in the Group Dashboard. It's hard to figure out what's new, what has changed, etc.
Proposal
The Dashboards should provide a chronological feed of events related to Security, especially to vulnerabilities. Entries could be:
- New findings
- Change of state for vulnerabilities (Confirmed, Resolved, etc.)
- Dismissals + reason
- Remediations (+ location, commit or MR)(+type auto-remediation/manual)
- Security Releases?
To be discussed and updated.
The entries should be grouped if possible (like someone is dismissing 100 vulnerabilities, we don't want to flood the feed). The goal of this feed is also to spot anomalous activities, people dismissing too many vulnerabilities, etc.
An Atom/RSS feed as a first iteration would be enough to get started.
Permissions and Security
Same access level as the Security Dashboard(s).
Documentation
Update https://docs.gitlab.com/ee/user/application_security/security_dashboard/
Availability & Testing
TBD.
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
- &5629 (closed) will record state changes to vulnerabilities (who, when, what). Making this easy to query for audit purposes is not in scope for the epic.