--- layout: markdown_page title: "Category Direction - Vulnerability Database" --- - TOC {:toc} ## Description GitLab integrates access to proprietary and open-source application security scanning tools. In order to maintain the efficacy of those scans, we strive to keep their underlying vulnerability databases up-to-date. ### Overview GitLab's contribution to vulnerability databases coincides with improving the standard scanners that ship as part of the default GitLab software. The scanners used are compiled by scan type: * [SAST](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks) (Including [Secret Detection](https://docs.gitlab.com/ee/user/application_security/sast/#secret-detection)) * [DAST](https://docs.gitlab.com/ee/user/application_security/dast/#overview) * [Dependency Scanning](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#supported-languages-and-package-managers) * [License Compliance](https://docs.gitlab.com/ee/user/application_security/license_compliance/#supported-languages-and-package-managers) * [Container Scanning](https://docs.gitlab.com/ee/user/application_security/container_scanning/#overview) Our vulnerability database team strives to update the above references scanning tools (both the open-sourced and proprietary ones) to ensure they can identify the latest vulnerabilities. ### Goal The goal of the Vulnerability Database category is to maintain a rapidly updated corpus of vulnerability information that our own scanners and customers can reference. Rapid updates will ensure that our users are always able to test and mitigate the latest vulnerabilities that have been identified. ### Roadmap TBD ## What's Next & Why We will [create a webpage](https://gitlab.com/gitlab-org/gitlab/-/issues/212568) which describes the metrics of the Vulnerability Database, such as how many entries there are, mean time-to-merge, and allow users to search for specific vulnerability information. ## Maturity Plan - [Base Epic](https://gitlab.com/groups/gitlab-org/-/epics/1309) ## Competitive Landscape TBD ## Analyst Landscape TBD ## Top Customer Success/Sales Issue(s) TBD [Full list](https://gitlab.com/groups/gitlab-org/-/issues?state=opened&sort=milestone&label_name%5B%5D=customer&label_name%5B%5D=vulnerability%20database) ## Top user issue(s) TBD [Full list](https://gitlab.com/groups/gitlab-org/-/issues?state=opened&sort=popularity&label_name%5B%5D=vulnerability%20database) ## Top internal customer issue(s) TBD ## Top Vision Item(s)