The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
| Stage | Govern |
| Maturity | Viable |
| Features & Demos | Our Youtube playlist |
| Content Last Reviewed | 2022-10-05 |
| Content Last Updated | 2023-02-24 |
Thanks for visiting this category strategy page on Vulnerability Management in GitLab. This category belongs to the Threat Insights group of the Govern stage and is maintained by Alana Bellucci (abellucci@gitlab.com).
At GitLab, we believe everyone can contribute. One of the simplest ways is by contributing your feedback! If you're a GitLab user or an interested security professional, we especially would love to hear from you. Check out all the ways you can engage with us and chose which one is right for you.
Note: At GitLab, we record most of our video calls and will post them to our Youtube channel unless there is sensitive information.
This is a new category so we'll have more details to share in the near future. Creating Dependency Management as its own category is an acknowledgement of the increased importance and visibility of understanding exactly what 3rd-party software organizations are using to create their own applications. We are starting with the existing Dependency list and the portion of License compliance page where you can view the dependency a given license was found in.
The vision is to create complete, near-real time, organization-wide visibility into all 3rd-party dependencies—and any risks present. We will leverage existing features of the GitLab platform to accelerate feature development. We will also bring consistency across security capabilities as we look to mirror functionality in our sibling category of Vulnerability Management.
Our current priority is to continue working with our Composition Analysis team in building Continuous Vulnerability Scanning. This will lay the groundwork for "scanless" dependency updates and vulnerability identification. The new database-backed models for dependencies and vulnerability advisory data are key enablers of planned Dependency Management features. One of the first such features is creating a Dependency List at the Group level. This will create broad, instance-wide views of all dependencies in your organization. We will also be able to build out features borrowed from Vulnerability Management like Filtering and Searching and Grouping. Eventually, we will Remove the License Compliance Page as the information is very similiar, just in a different presentation. This will create a single source of truth for both dependency and license information.
