►
From YouTube: Standalone Vulnerabilities - Entire Feature
Description
An outline of the entire standalone vulnerability feature
Docs:
- https://docs.gitlab.com/ee/user/application_security/security_dashboard/
- https://docs.gitlab.com/ee/user/application_security/vulnerabilities/#standalone-vulnerability-pages
A
Hello,
this
is
Alexandra
whiskey,
I'm,
a
front-end
engineer
for
the
dissenting
here.
I
get
lab,
I
was
part
of
the
team
that
worked
on
the
standalone
vulnerabilities
feature
and
I
will
be
demoing
it
in
its
entirety
to
you
today.
So,
let's
start
here
on
a
project,
a
project
I
have
kicked
off
several
merge
requests
for
and
during
the
merge
request,
that
is
when
vulnerabilities
in
the
code
will
be
identified
and
those
will
be
compiled
and
listed
in
the
security
dashboard
feature
or
page
that
you
can
access
here
on
this
sidebar
under
security
and
compliance.
A
A
We
will
not
read
that
here
and
today,
because
I
will
be
talking
to
you
about.
So,
if
you,
if
you
exit
out
it,
will
never
show
up
again.
Basically,
what
we
have
here
under
standalone
form
of
the
page
is
we
have
first,
a
counter
for
the
number
of
vulnerabilities
that
have
not
been
dismissed,
vulnerabilities,
have
different
levels
of
security
impact
and
so
critical,
high
medium
low,
also
unknown
you'll
notice
that
these
counters.
This
is
this
critical
one
is
zero,
but
yet
you
see
two
here:
that's
because
both
of
these
are
dismissed.
A
You
see
zero
high,
because
the
only
one
hundo
so
on
and
so
forth.
There
are
a
couple
of
statuses
the
vulnerabilities
can
be
in.
They
can
be
detected,
so
this
vulnerability
has
been
detected,
but
no
action
has
been
taking
it
been
taken
on
it.
There
is
confirmed
that
means
someone
has
physically
gone
in
here
middle.
Yes,
we
know
this
is
the
thing
there's
also
resolved,
which
I
don't
see,
but
we
can
make
one
using
the
multi
dismissed
here.
A
Like
so
and
then
the
stat
has
changed
to
dismiss,
and
then
there's
also
a
filtering
here,
so
you
can
filter
by
vulnerabilities
by
just
going
to
say
you
only
once
to
dismiss
one.
So
you
only
want
to
see
that
the
detected
ones
and
they'll
filter
this
for
you,
you
can
also
filter
by
severity
of
all
sorts
and
then
report
type
so
which
which
scanner
found
these
this
vulnerability.
So
we
I
showed
you
one
way
to
dismiss
a
vulnerability,
saying:
hey
we're
not
gonna
work
on
this,
or
this
is
a
false,
positive,
there's.
A
So
this
is
the
standalone
vulnerability
page.
It
gives
more
in-depth
information
on
the
vulnerability
where
it
was
found.
If
there's
a
solution
and
allistic
here,
it
also
allows
you
to
change
the
status
of
the
wallet
really
so
say
we
have
detected
this
and
like
yes,
I
or
if
I
have
confirmed
that
this
is
an
issue
and
we
can
change
this
they'll
change
to
confirm.
Also,
we
will
change
it
to
confirm
on
the
previous
list.
A
We
can
create
an
issue
from
the
vulnerability
here
which
will
open
up
a
new
merge
request
or
not
not
a
new,
much
new
issue
here
with
all
the
same
information,
and
if
we
go
back
that
create
issue
button
will
now
this
will
have
disappeared
and
we
will
have
this
information
here
on.
Oh
I
created
this
an
issue
off
of
this
here.
Twelve
seconds
say
we
resolve
this.
We
can
change
the
status
here
again,
so
we
can
change
fast
here
as
many
times
as
we
want.
If
we
go
back
to
the
phone
room
build
the
list.
A
Another
thing
we
can
see
is:
let's
click
on
this
one.
There
is
also
some
history,
that's
so
here's
the
solution
I
mentioned
if
there's
a
known
solution
for
vulnerability,
ill
list
here.
The
issue
there's
also
history
for
a
status
change,
and
so
it
looks
like
Daniel
one
day
ago.
Change
this
to
confirmed
and
then
Lindsey
did
some
changes.
When
did
some
changes,
you
can
see.
We've
we've
tested
this
a
little
bit
and
I
can
say.
Oh
I
looks
like
a
change
the
change
this
to
dismiss
60
min
ago.
This
was
a
mistake.
A
Sorry
and
I
can
save
the
comment
and
that
will
be
viewable
by
everyone
else
and
if
I
will
change
this
back
to
confirmed
cool.
So
that
is
the
symbol
of
vulnerability
page.
That
is
the
vulnerability
security
dashboard
for
a
project
we
have.
There
are
three:
there
are
three
security
dashboards
that
we
have
added
and
so
there's
for
vulnerabilities
there's
one
on
the
project
level,
there's
one
for
the
group
level.
A
A
You
can
see
here
there's
many
more
security
vulnerabilities
listed
here,
and
that
is
because
this
is
from
all
the
projects
of
all
the
group.
You
can
filter
by
status.
There's
no
dismissal
here
like
the
project
dashboard,
but
in
theirs
scrolling,
so
it
just
keeps
listing
more
and
more
and
then
the
third
and
final
security
dashboard
is
the
instant
security
dashboard.
So
not
so
that
means
every
it
has
access
to
every
project
and
every
group
the
there
are
no
list
of
vulnerabilities
here
initially.
A
That
is
because
we
have
not
selected
any
projects
that
have
volubility
so
and
the
incidents
can
be
very
large.
We
want
you
to
be
able
to
choose
which
projects
are
showing
here
so
I'm,
going
to
clear
those
I'm
going
to
add
security
reports.
Well,
I
know
there
are
some
vulnerabilities
I'm
going
to
add
this
project
here
and
when
I
return
to
dashboard.
There
are
those
vulnerabilities
showing
up
here,
and
so
this
is
where
you
get
to
choose,
which
vulnerabilities
appear
all
right,
so
that
is
the
Stangl
of
only
really
feature.