Auto-closing remediated vulnerabilities

Release notes

Auto dismiss remediated vulnerabilities from the vulnerability dashboard.

Problem to solve

Currently remediated vulnerabilities are left behind in the vulnerability dashboard waiting for manual confirmation and dismissal. When the volume of the vulnerabilities in the dashboard is huge the triage focus will be on the detected vulnerabilities and the fixed ones that need verification and dismissal will get left behind. As a result, remediated vulnerabilities could get pilled up in the dashboard like in this project https://gitlab.com/gitlab-org/gitlab/-/security/vulnerability_report/?activity=NO_LONGER_DETECTED&state=all&severity=all.

It will be great to have a feature that will auto dismiss the remediated vulnerabilities with the reason no longer detected.

• Maybe this could be a configurable option like Auto dismiss remediated vulnerabilities after x days. The configuration option provides a flexible time limit for the user to check these vulnerabilities before getting auto dismissed.

Intended users

• Sam (Security Analyst)

User experience goal

The project admin should be able to enable Auto dismiss remediated vulnerabilities from the Security Configuration page. Once it is enabled, the vulnerabilities in the dashboard that are no longer detected will be auto dismissed with the reason no longer detected.

What does success look like, and how can we measure that?

The vulnerability dashboard won't be having stale remediated vulnerabilities.