### Release Post 1. Grouping data by OWASP 2021 categories in the vulnerability report for a project or group. 2. Filtering based on a vulnerability’s identifier in the vulnerability report for a project or group. 3. Filtering based on the reachability value in the vulnerability report for a project or group. 4. Filtering the panels and entire dashboard data in the [new security dashboard](https://docs.gitlab.com/user/application_security/security_dashboard/). 5. Filtering by policy violation by pass reason. ### Purpose Support Advanced vulnerability management and the new security dashboard for SelfManaged GitLab instances. Ongoing discussion and details in this [thread](https://gitlab.com/groups/gitlab-org/-/epics/13510#note_2322497646). This unblocks GA for new security dashboard and the filters and groupings mentioned under [advanced vulnerability management section](https://docs.gitlab.com/user/application_security/vulnerability_report/#advanced-vulnerability-management). ### Primary challenge: ES packaging for GitLab self-managed which is tracked in epic https://gitlab.com/groups/gitlab-org/-/epics/18396. Distributions like Omnibus does not come with ES, details [here](https://gitlab.com/gitlab-org/gitlab/-/issues/525484#note_2540919226). ### Other considerations: - Have a [config setting](https://docs.gitlab.com/integration/advanced_search/elasticsearch/#limit-the-amount-of-namespace-and-project-data-to-index) similar to global search to skip ES indexing for configured projects? Confirm with the product team. - Admin settings page and rake task for Index creation (this includes code changes where vulnerabilities have to be added to [INDEXED_PROJECT_ASSOCIATIONS](https://gitlab.com/gitlab-org/gitlab/-/blob/6286bcc5be19660ae12fbb55ee68be7554a3ca29/ee/app/services/elastic/process_initial_bookkeeping_service.rb#L11)), reindex etc similar to https://docs.gitlab.com/integration/advanced_search/elasticsearch/#enable-advanced-search - Revisit the initial ingestion logic disabled for Self-managed in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/197147 - Feature enabling check on the backend code [here](https://gitlab.com/gitlab-org/gitlab/-/blob/095db96823e99094d060bb6a0db7684dd3c29cf4/ee/lib/search/elastic/vulnerability_indexing_helper.rb#L6-9) for Self-managed. - Validate that ES index is correctly installed and backfilled during first time ES bootstrap. Related to https://gitlab.com/gitlab-org/gitlab/-/issues/543089 - Reintroduce the ES migrations especially the backfills which are skipped in code with conditional checks. - We can be fine with just performing a one time backfill and modifying code where the individual backfills are checked and this one time backfill will run only on self-managed. - Documentation for Self-managed instances on how to configure advanced vulnerability management using advanced search. - Show banner on security features UI that have advanced vulnerability management features but have not enabled advanced search. Tracked in https://gitlab.com/gitlab-org/gitlab/-/issues/557323/