[OLD Draft - IGNORE] Security Insights 17.8 Planning Issue

Link to https://gitlab.com/gitlab-org/gitlab/-/issues/509089+

Summary

Areas of focus	DRI	Delivery Scope for current milestone	Completion Milestone	Status (mid-milestone checkpoint)

Team member focuses

Name		Focus Areas	Notes
@bwill	backend
@charlieeekroon	backend
@subashis	backend
@wandering_person	backend
@dpisek	frontend
@lorenzvanherwaarden	frontend
@svedova	frontend
@sming-gitlab	frontend

Details

Auto-resolve vulnerabilities when not found in subsequent scans

1. UAT tests for 'Auto-resolve vulnerabilities whe... (#503983 - closed)

CVSS / EPSS / KEV in vulnerability report and vulnerability details

OKR: https://gitlab.com/gitlab-com/gitlab-OKRs/-/work_items/9901+

frontend scope

1. [FE] - Add EPSS/KEV/CVSS scores to vulnerabilit... (#497388 - closed) • Savas Vedova • 17.8
2. [FE] - Add EPSS/KEV/CSVV score to single vulner... (#499407 - closed) • Savas Vedova • 17.9

backend scope

1. Knowledge transfer and understanding how these new datapoints are being integrated.

Filter by Identifier on the Vulnerability Report (&13340)

1. [Frontend] Add Identifier filter to the filtere... (#452492 - closed) • Savas Vedova • 17.7 • On track

Filter/Search Dependency List (Project / Group ... (&15305)

1. Filter by package name AND specific version

AI

Duo Vulnerability Resolution GA (&14847)

• UAT for Vulnerability Resolution in the Merge R... (#500101 - closed) • Unassigned • 17.8
• Implement /explain on vulnerability page [GitLab] (#471242) • Unassigned • Backlog frontend

typefeature focus (non-Project)

1. Consider defaulting Operational Vulnerabilities... (#501119) • Unassigned • Backlog frontend (blocked by &15948 (closed) planned in typemaintenance )
2. Vulnerability Report: Update "Solution availabl... (#504502) • Becka Lippert frontend Stretch
3. Add commit link that removed vulnerability (#372799 - closed) • Brian Williams • 17.9 • On track

typemaintenance focus

1. https://gitlab.com/groups/gitlab-org/-/epics/15372+
   1. https://gitlab.com/gitlab-org/gitlab/-/issues/496524+s
   2. https://gitlab.com/gitlab-org/gitlab/-/issues/497823+s
   3. https://gitlab.com/gitlab-org/gitlab/-/issues/497826+s
   4. https://gitlab.com/gitlab-org/gitlab/-/issues/497828+s
   5. https://gitlab.com/gitlab-org/gitlab/-/issues/496537+s
   6. https://gitlab.com/gitlab-org/gitlab/-/issues/497825+s
   7. https://gitlab.com/gitlab-org/gitlab/-/issues/497822+s
2. Start using only the `Security::Finding` instea... (#393394 - closed) • Adrien Narinesingh • On track
3. https://gitlab.com/gitlab-org/gitlab/-/issues/497093+s backend
4. Centralize vulnerability report query string sy... (&15948 - closed) frontend Stretch

typebug focus

1. Split the "Tool" filter into separate filters f... (#503371 - closed) • Charlie Kroon • 17.11 • On track / investigate if #498293 (closed) is a duplicate
2. Add Vulnerabilities Detected Headline to Depend... (#502335 - closed) • Michael Becker, Charlie Kroon • 17.7
3. Require a comment when dismissing vulnerabiliti... (#451480 - closed) • Lorenz van Herwaarden • 17.9
4. push change to MR branch -> go from Overview to... (#458219) • Lucas Charles • 18.11 frontend

Unplanned bugs. Can be pulled in as capacity allows.

1. Expose report status for security_reports endpoint (#502384) • Unassigned • Backlog
2. Misleading message when pipeline is complete (#468867 - closed) • Unassigned • Backlog
3. 'Create Jira Issue' button in Merge Request wid... (#441954 - closed) • Lorenz van Herwaarden • 18.6
4. Create a GraphQL mutation to create Jira issues... (#452002 - closed) • Lorenz van Herwaarden • 18.5
5. Stop requesting data from Jira when rendering t... (#497199) • Unassigned • Backlog
6. GraphQL errors with partial data on the vulnera... (#498711) • Unassigned • Backlog
7. Unable to filter group level vulnerability repo... (#471613 - closed) • Subashis Chakraborty • 18.1
8. Security scans improperly require a "successful... (#500171)
9. Inconsistent display of vulnerability comment w... (#438342 - closed)

Scope being worked on by other teams

1. Add vulnerabilities as supported webhook events (#366770 - closed) • Ash McKenzie • 17.8 • Needs attention

What's on the horizon?

typefeature

1. https://gitlab.com/gitlab-org/gitlab/-/issues/425327+ - limited BE resources, focus on design.
2. Design: End-user Static Reachability UX/UI (#480356 - closed) - design only
3. Enhanced Bulk Actions for the Vulnerability Report (&13216 - closed) - design only

typemaintenance

Team OKRs

OKR List

Planning Boards

• Delivery Board - columns are workflow labels
• Planning Board - columns are milestones
• Who's Working on What? - columns are individual team members
• Bug board - columns are severity and priority

---

• Set the Milestone (current Milestone)
• Update the Milestone link for the Delivery Board
• Set the Due Date for the end of the current Milestone