Vulnerability Management - technical documentation & diagrams
The lifespan of a Vulnerability within GitLab is complex. The Defend engineering team is new to the organization. Given our lack of participation in conversations, planning, and technical decisions that took place prior to our onboarding, we have a number of areas where we could improve our understanding of Standalone Vulnerabilities, findings, and other related items.
In order to ensure that everyone has a thorough and comprehensive understanding of how Vulnerabilities progress through our system, we should improve our technical documentation and create supporting diagrams.
What success looks like
The entire team has reviewed the documentation and provided feedback. Previous contributors who are no longer involved in Defend have also been notified and their feedback considered. Documentation locations have been determined and shared.
- Create a diagram (mermaid preferred) of existing vulnerability state flows
- Update the entity relation diagram on https://dbdiagram.io/d/5e7b397c4495b02c3b88be82
- Create a desired end-state relationship diagram on dbdiagram