Skip to content
Snippets Groups Projects
Closed Standalone vulnerabilities
  • View options
  • Standalone vulnerabilities

  • View options
  • Standalone vulnerabilities

    Closed Epic created by Fabio Busatto

    Description

    Security features, like SAST and DAST, create reports where vulnerabilities found in projects are listed. This information is sent to GitLab, and shown in security reports and security dashboards.

    We want to track how the resolution process for those vulnerabilities is going. We need metrics to understand how long a vulnerability takes to be solved, so we can provide a mean-time to fix.

    We need to have first-class vulnerabilities linked to reports but also able to handle vulnerabilities reported manually by security researchers.

    This new first-class element will be the main entity to leverage in security dashboards.

    We need to figure out if we want to use custom fields (&235) and create dedicated issue types for vulnerabilities (https://gitlab.com/gitlab-org/gitlab-ee/issues/8767). Then we need to define how the user flow is, and how they interact with regular issues and vulnerabilities from the reports.

    Customers:


    Theme

    • Seamlessly integrate vulnerabilities into GitLab's workflow

    Objectives

    • Stage alignment on an approach for making vulnerabilities first-class objects.
    • Create a data model that can evolve with our future needs.
    • Identify JTBD, primary tasks, core user flows, and journeys.
    • Create requirements for MVC
    • Create validated deliverables for MVC
    • Implement MVC

    Value delivered

    • Users will be able to interact and resolve vulnerabilities while following the GitLab development workflow
    • Users will be able to see a historical record of vulnerabilities and resolution actions.
    • Users will be able to track and measure their team and organization's progress as it relates to security.
    • GitLab will be able to streamline development processes currently blocked by not having first-class objects.
    • Vulnerability management will move to Minimal from planned.
    Edited by Sam Kerr

    Linked items 0

  • Link items together to show that they're related or that one is blocking others.

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading