Import Vulnerability Disclosure Reports from other platforms
Problem to solve
To enhance operational efficiency and support smoother transitions, the addition of a feature to GitLab Ultimate is recommended. This feature would enable the importation of Vulnerability Disclosure Reports (VDRs) from external security tools like Snyk and SonarCloud, fostering centralized security management and facilitating the adoption of GitLab Ultimate DevSecOps solution.
Proposal
The imported VDR should be in the recommended format (CycloneDX or JSON) and should include:
- List of accepted or prohibited licenses for projects.
- List of dismissed vulnerabilities and reasons for dismissal.
This would allow teams to consolidate vulnerability management into GitLab, while retaining their existing disclosure reports and compliance artifacts from previous tools.
Requirement
-
Import VDR documents from other platforms or security tools using API. -
Store accepted licenses and dismissed vulnerabilities lists. -
Ability to integrate imported licenses in License approval policies. -
Display imported VDR data in relevant areas of GitLab UI.
Benefits
Seamless Transition for Customers: For organizations transitioning from other security tools to GitLab Ultimate, this feature simplifies the migration process by allowing them to import existing VDRs, ensuring continuity in vulnerability management practices and ease in implementation.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.