Ingest vulnerabilities from CycloneDX SBOM report
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Release notes
Problem to solve
GitLab offers security scanner integration based on our own security report schemas.
The CycloneDX standard includes support for a vulnerabilities property, which provides a similar function to the format created by GitLab.
By supporting an industry standard, GitLab can increase the number of integrations available.
GitLab can also take advantage of the support itself, and replace functionality in its existing security analyzers to use CycloneDX for vulnerability reporting in addition to license and dependencies.
Proposal
Intended users
Feature Usage Metrics
Does this feature require an audit event?
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.