GitLab Security Dashboard Overview
The GitLab Security Dashboard is a comprehensive tool designed to help users assess and manage the security posture of their applications within the GitLab ecosystem. This feature is available in the GitLab Ultimate tier and is accessible through various levels, including project, group, and the Security Center.
What the Product Does
The GitLab Security Dashboard provides a centralized platform for monitoring and managing security vulnerabilities across projects, groups, and pipelines. It integrates data from various security scanners to offer a holistic view of the security status, enabling users to identify, analyze, and address vulnerabilities effectively.
Key Features and Functionality
Security Scanners Integration
The Security Dashboard supports several types of security reports, including:
- Container Scanning
- Dynamic Application Security Testing (DAST)
- Dependency Scanning
- Static Application Security Testing (SAST)
To utilize the dashboard, users must configure at least one of these security scanners in their project.
Project Security Dashboard
- Displays the total number of vulnerabilities detected over time, with up to 365 days of historical data.
- Provides a historical view of open vulnerabilities in the default branch, excluding dismissed or resolved vulnerabilities.
- Allows filtering the chart by vulnerability severity and downloading the vulnerability chart as an image.
Group Security Dashboard
- Offers an overview of vulnerabilities found in the default branches of all projects within a group and its subgroups.
- Displays vulnerability trends over 30, 60, or 90-day time frames, with the option to view aggregated data beyond 90 days using the VulnerabilitiesCountByDay GraphQL API.
- Assigns a letter grade to each project based on its highest-severity open vulnerability (F for critical, D for high or unknown, C for medium, B for low, and A for zero vulnerabilities).
Security Center
- A personalized space for managing vulnerabilities across all configured projects.
- Includes features from the group security dashboard, a vulnerability report, and dedicated settings to configure which projects to display.
Vulnerability Management
- Users can drill down into specific vulnerabilities to view detailed information, such as the project and file involved, and various metadata to help analyze the risk.
- Actions can be taken on vulnerabilities, including confirming, dismissing, or resolving them, creating an issue, or generating a merge request to fix the vulnerability.
Filtering and Customization
- The dashboard includes filters for severity, confidence, report type, and project, allowing users to tailor the view to their needs.
- A “Hide dismissed” toggle button enables users to include or exclude dismissed vulnerabilities in the view.
Data Retention and Updates
- The dashboard is updated daily with the results of the most recent security scans on the default branch.
- Historical data is retained for up to 365 days, providing a long-term view of vulnerability trends.
The GitLab Security Dashboard is a powerful tool for enhancing application security by providing clear insights, actionable data, and streamlined management of vulnerabilities, making it an essential component for any organization committed to robust security practices.