►
From YouTube: Threat Insights - Custom Scanner Filter - Demo
Description
Issue - https://gitlab.com/gitlab-org/gitlab/-/issues/229661
A
This
is
alexander
torrinsky,
with
the
threat
insights
team
here
to
discuss
a
new
feature
coming
down
the
pipeline,
which
is
filtering
being
able
to
filter
vulnerabilities
via
custom
scanner.
So,
right
now
we
have
a
custom
scanner
with
here
and
if
we
go
into
the
scanner
filter,
we
don't
see
any
separation
between
git,
lab
vulnerabilities
or
vulnerabilities
found
from
gitlab
scanners
or
vulnerabilities
found
from
custom
scanners
is
simply
by
this
work,
this
scanner
type.
So
if
I
filter
for
dash,
we
get
report
type
das
in
the
url
and
these
show
up
still.
A
But
if
we
had
get
or
vulnerabilities
found
by
a
gitlab
das
scanner,
then
those
would
show
up
as
well
and
we
want
to
make
this
filtering
more
granular.
So
what
I
have
added
is
exactly
that
now
in
this
skill
scanner
filter,
we
see
that
there
are
different
sections,
there's
the
all
at
the
top,
but
then
there's
get
lab
filters
and
there
are
the
custom
filter
and
so
for
every
custom,
fil
scanner
or
custom
scanner
filter
for
every
custom
scanner
you
have.
This
will
be,
there
will
be
a
new
section
below
so
I
have
there.
A
This
is
sam
custom
scanner,
if
I
add
another
one
called
alexander
custom
scanner
that
would
show
up
under
a
new
header
and
new
filters
and
our
new
options
and
under
there
is
das
and
then
the
name
of
the
the
scanner
and
click
on
that,
and
you
get
what
you
expect
another
added
feature.
You
might
have
noticed
that
there's
some
now
contrast
these
are
grayed
out,
and
these
are
these
are
all
disabled.
A
You
can't
click
on
any
of
these,
I'm
clicking
on
them
right
now,
because
in
the
they
wouldn't
yield
any
vulnerabilities.
So
in
the
past,
if
I
go
here,
I
search
for
das.
If
I
go
all
and
I
choose
secret
detection,
we
get
this
empty
page.
Sorry,
your
filter
produces
no
results.
Well.
Why
we
now
get
that
information
on
whether
a
filter
will
produce
results
up
front,
and
so
we
are
using
that
new
information
to
disable
all
these
scanners.
That
would
not
produce
any
results.
So
these
are
all
disabled
here,
which
is
very
excellent.
A
Now
you
can
only
click
on
either
all
or
das,
and
that
is
great.
This
works
on
the
in
the
url.
That's
going
to
change
it!
A
little
bit
before,
if
I
go
over
here,
if
I
choose
dast,
we
were
just
searching
by
report
type
das,
which
again
did
not
discriminate
between
scanners,
gitlab
or
third
party.
Now
the
url
is
a
little
bit
longer
because
we
need
a
little
bit
of
extra
information
to
discern
between
git
lab
and
third-party
scanners,
and
if
I
refresh
this.
A
It
should
choose
the
right
one.
It
did
not
in
this
instance
that
is
a
bug,
and
I
will
work
on
that,
but
it
should
choose
the
correct
one.
There
is
expected
to
be
a
little
bit
of
delay,
because
these
custom
scanners
are
retrieved
from
the
back
end,
so
they
take
a
little
bit
of
time.
So
when
the
page
first
loads-
and
we
don't
see
any
vulnerabilities,
the
scanner
may
show
up
incorrectly.
It
may
show
git
lab
one
because
we
create
that
by
default,
but
it
should
update
appropriately.
A
I
will
work
on
that
as
you'd
expect.
This
is
on
the
project
level
dashboard,
but
also
the
group
and
instance,
level
dashboard.
So
here's
the
group,
I
have
the
scanner,
it's
again,
it's
separated
by
vendors.
So
there's
the
gitlab
section,
there's
the
custom
scanner
section
or
sam
customer
scanner
section
again.
If
you
had
another
custom
scanner,
it
would
show
up
down
here
as
another
section.
These
are
all
disabled.
A
And
it
works
as
one
would
expect
and
then
we're
here.
We
are
at
the
instance
level.
I
moved
the
scanner
filter
first,
because
the
group
and
instance
level
have
this
project
extra
project
scanner,
but
which
I
wanted
at
the
same
spot,
and
I
want
the
scanner
filter
the
same
spot.
So
now
it's
first,
so
it's
always
first
that
ordering
is
correct
on
all
of
them
and
then
here
we're
at
the
instance.
You
see
there's
a
few
more
options
here
and,
as
you
want,
one
would
expect
you
get
all
the
appropriate
there.