Feature Request: Treat vulnerabilities as issues with editable fields

Summary

Currently, vulnerabilities in GitLab have limited management capabilities compared to regular issues. While you can create issues from vulnerabilities or link vulnerabilities to existing issues, the vulnerabilities themselves cannot be managed with the same rich set of fields and workflows that issues provide.

Customer feedback:

• "we want to keep updating the metadata about the vulnerability, aka the file and line of code where it's detected"

Proposal

Enhance vulnerabilities to support the same editable fields and management capabilities as regular GitLab issues, including:

Core Issue Fields

• Assignees - Assign security team members or developers to specific vulnerabilities
• Labels - Categorize vulnerabilities (e.g., security::critical, team::backend, priority::high)
• Milestones - Track vulnerabilities against release milestones
• Due dates - Set deadlines for vulnerability remediation
• Descriptions - Add detailed remediation notes and context
• Comments/Notes - Enable team collaboration and status updates
• State management - Beyond dismiss/confirm, allow custom workflow states

Advanced Features

• Epic linking - Associate vulnerabilities with security epics
• Time tracking - Track effort spent on vulnerability remediation
• Custom fields - Support organization-specific vulnerability metadata
• Notifications - Subscribe to vulnerability updates
• Boards integration - Manage vulnerabilities on issue boards

Benefits

1. Unified workflow - Security teams can manage vulnerabilities using familiar issue management patterns
2. Better tracking - Full project management capabilities for vulnerability remediation
3. Improved collaboration - Rich commenting and assignment features
4. Enhanced reporting - Leverage existing issue analytics for security metrics
5. Reduced context switching - No need to create separate tracking issues

Current Workarounds

• Creating separate issues from vulnerabilities (creates duplication)
• Linking vulnerabilities to tracking issues (adds complexity)
• Using external tools for vulnerability project management

Implementation Considerations

• Maintain backward compatibility with existing vulnerability workflows
• Consider security/privacy implications of expanded vulnerability metadata
• Integration with existing security scanning and reporting features
• Performance impact of treating vulnerabilities as full work items

This enhancement would significantly improve GitLab's security workflow capabilities and provide a more integrated approach to vulnerability management.