Add vulnerabilities as supported webhook events
Release notes
Introducing webhook integration for generation of vulnerabilities creation and status change events, to allow automated and easier integration with external resources.
Problem to solve
Many users have external monitoring and analytics platforms they wish to incorporate GitLab data into. A common need is for a webhook to alert that new data of a certain type is ready to be consumed. We have a number of webhooks but there are currently none for vulnerabilities, making ingest of this security data less convenient.
Proposal
Add new webhook events for:
- new vulnerabilities records created for a project (Aiming for %17.8)
- vulnerabilities changing status (e.g. to Dismissed, Resolved, etc) (Delivered in %17.7)
Users would need to able to configure the webhook for:
- Slack1
- Microsoft Teams1
- We have integrations with these vendors that already require a webhook. This may require an additional webhook for vulnerability specific events outside of the standard integration.
Users would be able to:
- Filter by status, severity, vulnerability type
- Group multiple vulnerabilities created at the same time
Information in the response should include:
- Vulnerability creation timestamp
- Status
- Severity
- Vulnerability type (operational vs. development)
- Identifiers
Intended users
Feature Usage Metrics
Track how many projects enable these new webhooks. Also track number of events of each type at a project level.