Include Vulnerabilities in Global Search results
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
Now that vulnerabilities are "first class" objects inside GitLab, they are persistent for each Project where vulnerability scanning is taking place. Vulnerabilities are not currently searchable via Global Search, making it more difficult to locate a specific vulnerability record or related vulnerabilities across projects or groups.
Intended users
User experience goal
Vulnerability records matching the global search query should appear alongside other searched objects (see mockup). Use the vulnerability name and description fields to populate the displayed search result text. The behavior should also be the same in that I can click on the vulnerability title or ID and be taken to the proper vulnerability record.
Proposal
Further details
Ideally, we can also include any identifiers for each vulnerability. That way, the user can see, for example, CWE or CVE information from this view as these are likely candidate search expressions. At a minimum, the identifiers information must all be searchable as a primary use case is using these to find all instance-wide occurrences of a vulnerability. For example, I might search for CWE-85 or CVE-2021-1234.
Permissions and Security
Vulnerability objects are only available to GitLab Ultimate customers so the proposed section/tab in the results should not appear to lower product licenses.
Any vulnerability results returned and displayed must match the user's permissions to those vulnerability records. If a user would not be able to view a vulnerability record, no result showing that vulnerability's information should be included nor should the result count include such records.