Show possible related vulnerabilities
Problem to solve
Help users to identify recurrent / similar vulnerabilities, and speed up remediation.
Target audience
(TODO: update when https://design.gitlab.com/getting-started/personas is not a 404 anymore) Persona: Security Analyst
Further details
We already suggest similar issues to users when creating a new one:
We can do something similar for vulnerabilities, once they will be 1st-class objects (#8493 (closed)). Let's take a real example, from the GitLab-EE security dashboard:
We know we already had a very similar vulnerability to investigate in the past. GitLab should remind us that, to save a lot of time and help the users to reuse maybe Proof of Concept code.
Remember that right now, suggestions are only shown on issues creation, which we skip to create the issue directly.
Proposal
The vulnerability view should show similar ones. We can match vulnerabilities on their type and location maybe. For dependency scanning, the location could be the name of the impacted package. For SAST, it could be a file or class, with the same type (message).
This feature needs polishing and UX, but we need to start somewhere.
What does success look like, and how can we measure that?
When a vulnerability affects a component that was investigated in the past already, we're one link away from that information.
Links / references
/cc @andyvolpe @bikebilly