Skip to content
GitLab Next
Open
Created by Fabio Busatto@bikebillyContributor

Get feedback about false positive results in application security testing features (Signal to Noise)

Description

When running security scans, false positives give you noise that lower the value of the report. We need some way to get this filtered out, getting better signal to noise. For that, we can allow users to "rate" the security warnings they are seeing in the MR widget (and in the future also in other places), and use this information to automatically recognize similar false positives in the future.

Proposal

Create two feedback elements (buttons, links, ...) near to each element in the security reports entries in the MR widget:

  1. create an issue
  2. false positive

Users can click the right one after a manual analysis of the warning, and this choice will increment or decrement the rating. Vulns with a lot of - will be considered less accurate than entries with many +.