## Overview GitLab Duo Agentic Chat now includes comprehensive vulnerability management capabilities, enabling security teams to efficiently triage, manage, and remediate vulnerabilities through natural language commands. These tools transform tedious security workflows through AI-powered automation and intelligent analysis. ## Available Tools ### Vulnerability Information & Analysis **List Vulnerabilities** - View all vulnerabilities in a project with filtering capabilities - Filter by severity levels (CRITICAL, HIGH, MEDIUM, LOW, INFO, UNKNOWN) - Filter by report types (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, etc.) **Get Vulnerability Details** - Access comprehensive vulnerability information including: - CVE enrichment data with EPSS scores - Known exploit information (KEV status) - Vulnerability location and detection details - Code flow and taint flow analysis - Reachability analysis results ### Vulnerability Management Actions **Confirm Vulnerabilities** - Mark vulnerabilities as confirmed when verified as genuine security issues - Add comments explaining confirmation reasoning **Dismiss Vulnerabilities** - Dismiss false positives or acceptable risks - Support for dismissal reasons: ACCEPTABLE_RISK, FALSE_POSITIVE, MITIGATING_CONTROL, USED_IN_TESTS, NOT_APPLICABLE - Required comments for audit trail **Update Vulnerability Severity** - Override severity levels based on security review - Support for all severity levels: CRITICAL, HIGH, MEDIUM, LOW, INFO, UNKNOWN - Bulk operations for multiple vulnerabilities **Revert Vulnerability Status** - Revert vulnerabilities back to 'detected' status for re-assessment - Useful when code changes affect vulnerability context ### Issue Management Integration **Create Vulnerability Issues** - Automatically create GitLab issues linked to vulnerabilities - Streamline vulnerability tracking and remediation workflows **Link Vulnerabilities to Issues** - Connect existing issues to vulnerabilities - Support for linking multiple vulnerabilities to a single issue ## Example Use Cases - "Show me all critical vulnerabilities in my project" - "Dismiss all vulnerabilities marked as false positives with reachability analysis showing unreachable code" - "Create issues for all confirmed high-severity vulnerabilities and assign them to recent committers" - "Update severity to HIGH for all dependency scanning vulnerabilities with EPSS scores above 0.7" - "Show me vulnerabilities dismissed in the past week with their reasoning" - "Confirm all SAST vulnerabilities that cross trust boundaries" ## Availability These vulnerability management tools are available for: - **Tier**: Ultimate - **Add-on**: Requires GitLab Duo subscription - **Deployment**: GitLab.com and GitLab Dedicated ## Getting Started To use these tools, simply interact with Duo Agentic Chat using natural language commands related to vulnerability management. The AI will automatically determine which tools to use based on your request and execute the appropriate actions. ## Feedback and Support We're continuously improving these tools based on user feedback. Please share your experiences, suggestions, and feature requests to help us enhance the vulnerability management capabilities in Duo Agentic Chat.