Add vulnerabilities as supported webhook events
Release notes
Problem to solve
Many users have external monitoring and analytics platforms they wish to incorporate GitLab data into. A common need is for a webhook to alert that new data of a certain type is ready to be consumed. We have a number of webhooks but there are currently none for vulnerabilities, making ingest of this security data less convenient.
Proposal
Add new webhook events for:
- new vulnerabilities records created for a project (Aiming for %17.8)
- vulnerabilities changing status (e.g. to Dismissed, Resolved, etc) (Delivered in %17.7)
Users would need to able to configure the webhook for:
- Slack1
- Microsoft Teams1
- We have integrations with these vendors that already require a webhook. This may require an additional webhook for vulnerability specific events outside of the standard integration.
Users would be able to:
- Filter by status, severity, vulnerability type
- Group multiple vulnerabilities created at the same time
Information in the response should include:
- Vulnerability creation timestamp
- Status
- Severity
- Vulnerability type (operational vs. development)
- Identifiers
Intended users
Feature Usage Metrics
Track how many projects enable these new webhooks. Also track number of events of each type at a project level.
Edited by Ash McKenzie