Automate the tagging and labeling of issues created from security vulnerabilities
Release notes
Problem to solve
As a security analyst I need to be able to quickly search and filter on security issues that affect the security of our applications and IP. As a large enterprise working on many initiatives in many different areas of the business, I find it very difficult and time consuming to identify, out of a large list of stories, issues, bugs, etc, the issues that are specific to security vulnerabilities requiring immediate attention. For example: when an issue is created from a security vulnerability, it is created as a confidential issue where an "eye-slash" icon is added to the issue just above the title. This is great, however, confidential issues can also be created for non-security related issues, which makes it more difficult to identify out of a list of confidential issues, which ones are for security vulnerabilities. Additionally, when an issue is created from a security vulnerability, I could add a label to it to categorize it as a security vulnerability type issue, however this is a manual effort which has the potential of being missed. Lastly, I could also filter though a list of issues for a specific filter criteria such as "investigate vulnerability", but again this may not be evident to my security teams.
What I would like to have is that when an issue is created from a security vulnerability, that it is automatically tagged with some sort of security icon just above the title of the issue so that it is visually identifiable in a list of issues, and labeled for "security". These would provide me with a simple and easy way to very quickly and efficiently filter for just the security vulnerability issues requiring attention and reduce the amount of time taken to identify the security issues I need to focus on.
Intended users
User experience goal
The Security Analyst or Security Ops Eng should be able to go to the list of issues for their organization, and set a filter criteria based on label (security label automatically added when first creating the issue from the vulnerability) and/or a security type tag or icon (automatically added above the title of the issue) similar to how one can filter for only confidential issues.
Proposal
Further details
Permissions and Security
Documentation
Availability & Testing
Available Tier
- Ultimate/Gold