Notify sec pros whenever there are vulns they might want to review
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Actionable Insights
Actionable insights always have a follow-up action that needs to take place as a result of the research observation or data, and a clear recommendation or action associated with it. An actionable insight both defines the insight and clearly calls out the next step. These insights are tracked over time.
| PLEASE COMPLETE THE BELOW | |
|---|---|
| Dovetail link: | Step 0: Trigger for reviewing vulns |
| Details: | This insight shows that on-demand scans are very prevalent, and this of course is true for GitLab where scans are primarily developer-driven. As a result of scans typically not happening on a regular schedule, sec pros may not know at any given moment whether there’s anything for them to review. This could potentially result in wasted time, where sec pros log into the dashboard only to discover there’s nothing there that’s of interest for them at the moment. |
| Action to take: | Notify sec pros whenever there are vulns they might want to review (e.g. as a daily digest presenting all scans which took place in the last 24 hour period). |
Edited by 🤖 GitLab Bot 🤖