Track changes to existing vulnerabilities when scanners update definitions

Release notes

Problem to solve

Some of our Secure scanners regularly pull in updates to their vulnerability definitions. Today, if a scanner updates its definition for an already-identified vulnerability, the next time a scan runs, the existing vulnerability object will be updated to reflect this most recent definition. This can include changing values such as severity or description. While it is good that the most up to date information always appears in vulnerability objects, the change is not tracked, making it impossible to see how a vulnerability's details have been modified over time. We need to provide a way to see all previous states of a given vulnerability object so security teams can easily tell how it has changed.

Intended users

User experience goal

Proposal

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references