Results from GitLab's scans are accessible in external systems

Problem to solve

At current maturity level, GitLab's security dashboard is a good start but it is not holistic enough to replace dedicated security analysis and monitoring tools for most organizations. We need to expose scan results in such a way that they are accessible to or can be consumed by external tools.

he more boring solution is to integrate, the more interesting one is to make GitLab the security control plane for any/all security tools the firm uses (but that is far from a boring solution...).

Intended users

• Sasha (Software Developer)
• Sam (Security Analyst)

Further details

Genesis of issue: https://gitlab.com/gitlab-com/customer-success/sa-triage-boards/emea-triage/issues/257

Proposal

First phase is likely providing API endpoints and webhooks for triggering and pulling data into external integration. A more aspirational, long-term goal is to make GitLab the security control plane for any/all security tools a firm uses.

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references