## Motivation It's more efficient—and less frustrating—to learn of a security finding early in the development process. Ideally, this information is available as soon as the mistake is made or the vulnerability is introduced. ## Summary of this initiative We are adding security findings to GitLab editor extensions so that developers can see security findings earlier in the development proecss, in the same place they're already working. ## Details ### What is released There are two types of existing integration in the IDE. _(As of 2025-01-21)_ #### View CI/CD-based findings GitLab security findings are shown in the VS Code IDE as part of the GitLab Workflow extension. For details, see the announcements: - [Initial integration](https://about.gitlab.com/releases/2023/08/22/gitlab-16-3-released/#security-findings-in-vs-code), released in GitLab %16.3 - [Usability improvements](https://about.gitlab.com/releases/2024/02/15/gitlab-16-9-released/#more-detailed-security-findings-in-vs-code), released in GitLab %16.9 Short-term improvements to the CI/CD findings integration are tracked in https://gitlab.com/groups/gitlab-org/-/epics/9004+. #### Real-time SAST See https://about.gitlab.com/releases/2025/01/16/gitlab-17-8-released/#sast-scanning-in-vs-code ### Future plans We are also planning to: - Expand scans that run in real time (before a branch or MR is pushed), including: - https://gitlab.com/groups/gitlab-org/-/epics/10283+ - Similar features for Secret Detection, including both inside the IDE and outside the IDE; https://gitlab.com/groups/gitlab-org/-/epics/10323+ - Integrate results more deeply into the IDE (specifically in the editor view). ## Related links - Planning results [1](https://gitlab.com/gitlab-com/gitlab-OKRs/-/work_items/60?iid_path=true), [2](https://gitlab.com/gitlab-com/gitlab-OKRs/-/work_items/767?iid_path=true) The Product Management DRI for this feature area is @connorgilbert. <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->