GitLab integrates access to proprietary and open-source application security scanning tools. In order to maintain the efficacy of those scans, we strive to keep their underlying vulnerability databases up-to-date.
GitLab's contribution to vulnerability databases coincides with improving the standard scanners that ship as part of the default GitLab software. The scanners used are compiled by scan type:
Our vulnerability database team strives to update the above references scanning tools (both the open-sourced and proprietary ones) to ensure they can identify the latest vulnerabilities.
The goal of the Vulnerability Database category is to maintain a rapidly updated corpus of vulnerability information that our own scanners and customers can reference.
Rapid updates will ensure that our users are always able to test and mitigate the latest vulnerabilities that have been identified.
The roadmap for Vulnerability Database will focus on keeping our signatures up-to-date, improving on how we communicate that to users, and meeting our obligations as a CVE Numbering Authority.
Our upcoming work focuses on several types of automation:
As a non-marketing category, Vulnerability Database does not have a maturity plan.
As this is a non-marketing category, Vulnerability Database generally will not have directly customer-facing issues but rather be involved indirectly as part of other categories.
As this is a non-marketing category, Vulnerability Database generally will not have directly user-facing issues but rather be involved indirectly as part of other categories.