Category Direction - GitLab Advisory Database

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.

Description
- Overview
- Goal
- Roadmap
What's Next & Why
Maturity Plan
Competitive Landscape
Analyst Landscape
Top Customer Success/Sales Issue(s)
Top user issue(s)
Top internal customer issue(s)
Top Vision Item(s)

Description

GitLab integrates access to proprietary and open-source application security scanning tools. In order to maintain the efficacy of those scans, we strive to keep their underlying vulnerability databases up-to-date.

GitLab was recently named as a Challenger in the 2022 Magic Quadrant for Application Security Testing.

Overview

GitLab's contribution to vulnerability databases coincides with improving the standard scanners that ship as part of the default GitLab software. The scanners used are compiled by scan type:

Our advisory database team strives to update the above references scanning tools (both the open-sourced and proprietary ones) to ensure they can identify the latest vulnerabilities.

Goal

The goal of the GitLab Advisory Database category is to maintain a rapidly updated corpus of vulnerability information that our own scanners and customers can reference.

Rapid updates will ensure that our users are always able to test and mitigate the latest vulnerabilities that have been identified.

Roadmap

The roadmap for GitLab Advisory Database will focus on keeping our signatures up-to-date, improving on how we communicate that to users, and meeting our obligations as a CVE Numbering Authority.

What's Next & Why

Our upcoming work focuses on several types of automation:

Improve our automation of rapidly ingesting new vulnerabilities into our database.
Improve and streamline the workflow required for issuing CVE ID numbers.

Maturity Plan

As a non-marketing category, GitLab Advisory Database does not have a maturity plan.

Competitive Landscape

TBD

Analyst Landscape

TBD

Top Customer Success/Sales Issue(s)

As this is a non-marketing category, GitLab Advisory Database generally will not have directly customer-facing issues but rather be involved indirectly as part of other categories.

Full list

Top user issue(s)

As this is a non-marketing category, GitLab Advisory Database generally will not have directly user-facing issues but rather be involved indirectly as part of other categories.