Add additional fields to Vulnerability Issue template (!81268) · Merge requests · GitLab.org / GitLab

Dheeraj Joshi requested to merge djadmin-issue-template-evidence-fields into master Feb 22, 2022

What does this MR do and why?

This adds a new section evidence (which is specific to DAST) to the vulnerability issue template as well the jira issue template.

This template is used for creating issues from the reported vulnerabilities via security scanners.

Evidence templates will include the:

Method
URL
Request headers
Response headers

Screenshots or screen recordings

With all the fields

With only method & url

Without evidence

How to set up and validate locally

Setup vulnerability report in a local project
Create an issue from one of the vulnerabilities

http://gdk.test:3000/root/security-reports/-/issues/new?vulnerability_id=151

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 28, 2022 by Dheeraj Joshi

Add additional fields to Vulnerability Issue template