Description

GitLab integrates access to proprietary and open-source application security scanning tools. In order to maintain the efficacy of those scans, we strive to keep their underlying vulnerability databases up-to-date.

概要

GitLab's contribution to vulnerability databases coincides with improving the standard scanners that ship as part of the default GitLab software. The scanners used are compiled by scan type:

Our vulnerability database team strives to update the above references scanning tools (both the open-sourced and proprietary ones) to ensure they can identify the latest vulnerabilities.

Goal

The goal of the Vulnerability Database category is to maintain a rapidly updated corpus of vulnerability information that our own scanners and customers can reference.

Rapid updates will ensure that our users are always able to test and mitigate the latest vulnerabilities that have been identified.

Roadmap

The roadmap for Vulnerability Database will focus on keeping our signatures up-to-date, improving on how we communicate that to users, and meeting our obligations as a CVE Numbering Authority.

What's Next & Why

Our upcoming work focuses on several types of automation:

Improve our automation of rapidly ingesting new vulnerabilities into our database.
Improve and streamline the workflow required for issuing CVE ID numbers.

Maturity Plan

As a non-marketing category, Vulnerability Database does not have a maturity plan.

Competitive Landscape

TBD

Analyst Landscape

TBD

Top Customer Success/Sales Issue(s)

As this is a non-marketing category, Vulnerability Database generally will not have directly customer-facing issues but rather be involved indirectly as part of other categories.

Full list

Top user issue(s)

As this is a non-marketing category, Vulnerability Database generally will not have directly user-facing issues but rather be involved indirectly as part of other categories.