Capture Number of Developer-Resolved Vulnerabilities via MR to highlight Shift Left Security

Proposal

With GitLab, developers get to shift security left by learning about vulnerabilities in their code in their MR, allowing them to fix those vulnerabilities before they make it to production, which is great!

Unfortunately, all that work worth celebrating gets completely lost. We have no way to show developers, managers, leadership how much GitLab is helping improve their security. Moreover, as the number of old vulnerabilities go down in the default branch, and developers are fixing new vulnerabilities in the MR immediately, GitLab's perceived value becomes less and less.

I propose that we capture metrics on things that are caught in the MR and then provide customers some way to show how MRs in GitLab are helping improve their software development by making it more secure.