Improving Vulnerability Tracking
This brownbag will cover technical details of how we are improving vulnerability tracking.
Rough Outline
Perhaps we could talk about these items:
- High level problem statement & solution
- maybe start with these slides https://docs.google.com/presentation/d/1cQe0XoPoR2b19HP6WtSelPvi0SBVrac7XvedZibXwxw/edit
- Edge cases
- Examples from https://gitlab.com/gitlab-org/security-products/taggr/-/issues/2 would be interesting
- Benchmarking
- Secure time traveler
- Implementation
- feature flag gitlab-org/gitlab#322044 (closed)
- architecture
- report schema addition
- multiple fingerprints per finding
- technical details (probably brief overview)
- cscope, treesitter, taggr
- multiple fingerprints
- report schema changes, post-analyzer (tracking-calculator), GitLab backend changes
- Future improvements?
- New algorithms?
Edited by James Johnson