Add "Dismissed vulnerability" to the activity feed.
Problem to solve
Today the only way to know who dismissed a vulnerability is in the More Info modal. If you want to know who dismissed a vulnerability and when you have to open every vulnerability and even then, we only tell you who made the dismissal.
CISO, Security team manager/leader, and Security Analyists
To further support Security professionals, and enhance monitoring of security actions, I think it would be useful to see the Dismiss vulnerability action appear in the activity dashboard and the user's personal activity feed.
- Instance level activity dashboard
- Group level activity dashboard
- Project level activity dashboard
- Personal activity feed
Data to show: On dismiss we can create an activity event detailing:
- who dismissed the vulnerability
- when the vulnerability was dismissed
- what vulnerability was dismissed
- what project the vulnerability belonged to
- it would be desirable to link directly to the project level security dashboard; however, I am not sure of the limitations to accomplish this.
What does success look like, and how can we measure that?
Metrics will be tough depending on the usage of the activity dashboards. Measure: clicks from the activity feed to the project security dashboard
Links / references
Standalone vulnerabilities - #13561