Explore vulnerability + issue workflow for Vulnerability Management
Problem
Today there is no defined workflow for resolving/remediating vulnerabilities in GitLab. We know there is a desire to link related issues to a vulnerability from: #9424 (closed) but we are unsure if this is the ultimate solution for the Vulnerability Management workflow.
Problem statement
How might we envision a workflow that is easily understood by users and generates the requisite system hooks for remediation & vulnerability tracking?
User
Persona
JTBD
When I am managing vulnerabilities for my organization, I want to maintain a single source of truth with all the contextual information, actions and decisions for a particular vulnerability in one place, so I can easily stay informed and spend my time on proactive activities, not hunting down information from different areas.
Solution
[TBD]
Proposal
Explore the vulnerability <--> issue workflow relationship and create a testable ideal state to gather feedback from users (internal or external)
Requirements
[TBD]