Reassess a dismissed vulnerability when its severity level is changed
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
Vulnerabilities can be updated after the fact based on title, severity, and confidence by the Advisories Database refresh.
Currently, a dismissed vulnerability will remain dismissed even when this occurs. This introduces a potential risk where a developer may dismiss a vulnerability as an acceptable risk, but an update to the severity level of the vulnerability later on may give a security team cause to reassess an earlier dismissal.
Proposal
Either set an option to or automatically move dismissed, updated vulnerabilities back to a status of "needs triage".
Benefits
This feature will empower developers to have more accurate visibility into their risk profile of vulnerabilities surfaced from their pipelines/scans.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.