Feature Request: Vulnerability Resolution Verification in Merge Requests
Description:
Background and Problem:
In our organization, we have recently upgraded to GitLab Ultimate and integrated GitLab's security scans into our pipeline templates. The current process involves the ingestion of scan results from a pipeline only after all jobs in that pipeline are completed. This approach provides an accurate Vulnerability Report for our production environment. However, it presents a challenge during the development phase, particularly in verifying the resolution of vulnerabilities in Merge Requests (MRs).
Feature Request
We propose a feature enhancement in GitLab that allows developers to verify if a Merge Request resolves identified vulnerabilities before these changes are deployed to production. This feature would enable a merge check against the Vulnerability Report, specifically showing which vulnerabilities will be addressed once the MR is deployed to prod.
Use Case and Benefits:
- Early Resolution Verification: Developers can ensure that their code changes effectively resolve specific vulnerabilities before merging into the main codebase/deploying to prod
- Efficient Workflow: This feature streamlines the development process by reducing the need for post-deployment verification of vulnerability fixes.
- Increased Security Confidence: By providing visibility into the effectiveness of vulnerability fixes at the MR stage, the overall confidence in the security of the codebase is enhanced.
Current Workarounds and Limitations:
Currently, to verify the resolution of specific vulnerabilities, we must compare the vulnerabilities in the pipeline against the Vulnerability Report manually. This process is time-consuming and prone to errors, impacting our day-to-day use of GitLab.
Impact of the Feature
Implementing this feature will significantly improve our workflow by allowing our development teams to efficiently and confidently address security concerns in the early stages of the development cycle.