Security Vulnerability reporting

Problem to solve

Customers want to be able to report vulnerabilities outside of the security dashboard. Use cases include:

1. Report critical vulnerabilities to executive leadership team. Show which group/project (app) and also whether an issue was created, if it was dismissed (with comments), and if the MR was approved (by whom/when). Since the exec team is responsible for security issues, they want to see critical vulns.
2. Report vulns by developer and by class of vulnerability to identify knowledge gaps for targeted training.
3. Report by class of vuln to identify common problems and root cause.

Intended users

Further details

Proposal

Perhaps this should be added to the security dashboard? a pdf report that can be emailed would be helpful. People who are not GitLab users would need to see the results.

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

This belongs in Ultimate, for users of Secure capabilities.

Links / references

Not sure who should own this. I've tagged several potential assignees. I have 2 customers that want this and it could be a blocker to ultimate deals.