Skip to content
GitLab Next
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 43,818
    • Issues 43,818
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,448
    • Merge requests 1,448
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.org
  • GitLabGitLab
  • Issues
  • #4783
Closed
Open
Created Feb 01, 2018 by Fabio Busatto@bikebillyContributor

Get feedback about false positive results in application security testing features (Signal to Noise)

Description

When running security scans, false positives give you noise that lower the value of the report. We need some way to get this filtered out, getting better signal to noise. For that, we can allow users to "rate" the security warnings they are seeing in the MR widget (and in the future also in other places), and use this information to automatically recognize similar false positives in the future.

Proposal

Create two feedback elements (buttons, links, ...) near to each element in the security reports entries in the MR widget:

  1. create an issue
  2. false positive

Users can click the right one after a manual analysis of the warning, and this choice will increment or decrement the rating. Vulns with a lot of - will be considered less accurate than entries with many +.

Assignee
Assign to
Time tracking