Managing Vulnerabilities #
GitLab offers several Dashboards and Management tools in order to triage and track vulnerabilities. In this lesson, we will go over the Security Dashboard and Vulnerability Management Console.
Step 1: Accessing the Security Dashboard #
At the project level, the Security Dashboard displays a chart with the number of vulnerabilities introduced to the master branch over time.
- Access the Security Dashboard by going to Security & Compliance left navigation menu and selecting Security Dashboard
Note This Dashboard can also be seen at the group level.
Step 2: Viewing Vulnerability Reports #
Each vulnerability report contains vulnerabilities from the scans of the most recent branch merged into the default branch.
The vulnerability reports display the total number of vulnerabilities by severity (for example, Critical, High, Medium, Low, Info, Unknown). Below this, a table shows each vulnerabilities detected date, status, severity, description, identifier, the scanner where it was detected, and activity (including related issues or available solutions). By default, the vulnerability report is filtered to display all detected and confirmed vulnerabilities.
In order to access vulnerability reports, navigate to Security & Compliance left navigation menu and selecting Vulnerability Reports
Filter by Scanner and select SAST
Click on the Possible binding to all interfaces description
Select the Status box
Press Change Status
This allows for better filtering, enabling the security team to better triage security issues.
- Now scroll to the bottom of the page, and add a comment in the text box and press the Save comment button
This will save the comment in the Vulnerability page to enable collaboration between different members of the AppSec team.
Congratulations, you are now able to use some of GitLab’s Security Tools within your AppSec Workflow and to better collaborate with others.