**\*\* Closing as ~"won't do" \*\*** We'll consider customer demand for this capability, but do not currently see this as a high value opportunity compared to other features. If you are interested, please comment and share your use case! ### Problem to solve As ~"group::threat insights" works to implement https://gitlab.com/groups/gitlab-org/-/epics/5708+, they would contribute to our codebase and introduce a policy type that will allow users to auto-resolve vulnerabilities that are no longer detected. This will introduce a new attribute for auto-resolved vulnerabilities that can be included in merge request policy filters. This is an extension of the work completed in https://gitlab.com/groups/gitlab-org/-/epics/6826+, however there appears to still be a missing requirement. Vulnerabilities should be updated when auto-resolved with an `activity` value: "Has been auto-resolved" or "Has not been auto-resolved". This indicator helps users in the report to filter and understand when an automation has been applied to a vulnerability. This state in the API is what may be leveraged in a policy filter. {width="440" height="209"} ### Proposal Add "auto-resolved" as an attribute type alongside "Fix available" and "False positive". For vulnerabilities that have been auto-resolved, [they will have this additional status applied](https://gitlab.com/gitlab-org/gitlab/-/issues/233846/designs/design_1660094880459.png#note_2119838621). ### Designs **For the complete theme design, please see the** [**design issue**](https://gitlab.com/gitlab-org/gitlab/-/issues/368074/) ### Permissions and Security <!--What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)? Consider adding checkboxes and expectations of users with certain levels of membership https://docs.gitlab.com/ee/user/permissions.html ### Documentation <!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/workflow.html#for-a-product-change * Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements * If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html--> ### Availability & Testing <!--This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier. What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing? Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance. * Unit test changes * Integration test changes * End-to-end test change See the test engineering planning process and reach out to your counterpart Software Engineer in Test for assistance: https://about.gitlab.com/handbook/engineering/quality/test-engineering/#test-planning--> ### What does success look like, and how can we measure that? <!--Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. Create tracking issue using the the Snowplow event tracking template. See https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Snowplow%20event%20tracking.md--> ### What is the type of buyer? <!--What is the buyer persona for this feature? See https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/buyer-persona/ In which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#four-tiers--> ~"GitLab Ultimate" ### Is this a cross-stage feature? <!--Communicate if this change will affect multiple Stage Groups or product areas. We recommend always start with the assumption that a feature request will have an impact into another Group. Loop in the most relevant PM and Product Designer from that Group to provide strategic support to help align the Group's broader plan and vision, as well as to avoid UX and technical debt. https://about.gitlab.com/handbook/product/#cross-stage-features--> ### Links / references <!--triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION--> _This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc._ <!--triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION-->