### Release Notes The Group Level Inventory gives you visibility into your organization's security posture at the group-level. ## Problem to solve AppSec teams are focused on securing their company's assets, but today, it is challenging to understand the security posture of those assets. GitLab's current workflows focus primarily on vulnerabilities and begin at the project-level. Without asset inventories, customers cannot understand their coverage gaps or properly make efficient, risk-based prioritization decisions. --- ### Proposal Build an inventory view that displays: Groups, sub-groups, projects contained in those groups, and that also indicates which scanners have been applied to each project. ## Scope ### GA Requirements * Provide more clarity on enabled, failed, and not configured states (related: https://gitlab.com/gitlab-org/gitlab/-/issues/559048). * Catch edge cases where status may not be accurately reflected (including https://gitlab.com/gitlab-org/gitlab/-/issues/558762). To be further refined based on research and customer feedback during beta. Potential additions may include: * Sticky search/filters * Scanner configuration workflows * Dashboard-like summary widgets at the top of the page * Additional attributes * Associated scan execution policies that have been applied to projects * https://gitlab.com/gitlab-org/gitlab/-/issues/515932+ (customer-defined business risk/criticality score) * [Aggregated risk score](https://gitlab.com/gitlab-org/gitlab/-/issues/511940) (created by VR and/or insights team) * Environment (internal, external, on-prem, frontend, backend) * Lifecycle stage (development, production) * Handles sensitive data/PII * Programming languages * Repository freshness/staleness * Code owners, maintainers, and/or developers ### Out of scope for Inventory GA * Additional potential future inventories * Applications (customer-grouped projects) * APIs