Make issue created from vulnerability feedback confidential
What does this MR do?
This is the first step to ensure more privacy for vulnerability management. The vulnerability information should be confidential until a patch is released, so customers' applications are more protected against unauthorized access.
Proposal
When creating a new issue from a vulnerability, the issue is created as confidential.
This is applied to the following flows:
-
Group Security Dashboard
-
Project Security Dashboard
-
Merge Request Security Reports
-
Pipeline Security Reports
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
~~Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.~~ -
EE specific content should be in the top level /ee
folder -
For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan? -
Security reports checked/validated by reviewer
Closes #8725 (closed)
Edited by Kamil Trzciński (Back 2025-01-01)