Vulnerability List enhancements step 4: Create docs to explain how auto-grouping works
Background
As we add more 3rd-party security scanners as official integration partners, it will become more difficult for users to determine at a glance which scanner a detection came from. Additionally, after First Class Vulnerabilities released, scan results will be persistent across runs. This opens the potential for mixing same type (e.g. DAST) results from both the GitLab-provided scanners and one or more 3rd parties. We'll need a clean, clear way to let users easily manage potentially multiple scanners making the same detection.
We have done a research issue to provide insights into the proposed solution.
After that, the solution has been breakdown into several steps/issues:
- Step 1.1(#210327 (closed)): Adding the following info: Line of code, scanner name and identifier to the list view. It is a minimum step to help users understand the situation
- Step 1.2(#210327 (closed)): Update filters
- Step 2(#210333 (closed)): Enable group feature without suggestion. Grouping would be provided as a separate steps
- Step 3(#210357 (closed)): Auto-grouping with intro of features
- Step 4(#210360 (closed)): docs to explain how the bot(auto-grouping) works
- Step 5(#210361 (closed)): Enable/disable auto grouping
Problem
In the issue: Auto-grouping with intro of features, we have a feature for help user identify duplications and auto-group for them. When we introduce this, how can we tell user how the magic happens to help increase the confidence of trusting the auto grouping
Solution
- Create technical explanations in our doc
- Tell user there is such docs
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.