techlist.io
KR EN
gitlab

Track vulnerability remediation with the updated GitLab Security Dashboard (opens in new tab)

gitlabdevsecopsdata-visualizationapplication-securityvulnerability-managementrisk-scoringsecurity-dashboard

The updated GitLab Security Dashboard addresses the challenge of vulnerability overload by shifting the focus from simple detection to contextual remediation and risk management. By providing integrated trend tracking and sophisticated risk scoring, the platform enables security and development teams to prioritize high-risk projects and measure the actual progress of their security programs. This update transforms raw security data into actionable insights that are tracked directly within the existing DevSecOps workflow.

Transitioning from Detection to Remediation Context

  • Consolidates vulnerability data into a single view that spans across projects, groups, and entire business units to eliminate data silos.
  • Introduced initial time-based tracking in version 18.6, with version 18.9 adding expanded filters for severity, status, scanner type, and project.
  • Provides visualizations for remediation velocity and vulnerability age distribution, moving beyond static raw counts to show how quickly threats are being addressed.

Data-Driven Prioritization with Risk Scoring

  • Utilizes a dynamic risk score calculated from multiple factors, including vulnerability age and repository security postures.
  • Integrates external threat intelligence such as the Exploit Prediction Scoring System (EPSS) and Known Exploited Vulnerability (KEV) scores to identify the most critical threats.
  • Allows teams to monitor risk scores over time to pinpoint specific areas of the infrastructure that require additional resources or immediate intervention.

Strategic Impact for Security and Development Teams

  • Enables security leaders to prove program effectiveness to executives by showing downward trends in Common Weakness Enumeration (CWE) types and shrinking backlogs.
  • Streamlines the developer experience by highlighting critical vulnerabilities within active projects, removing the need for external spreadsheets or manual reporting tools.
  • Identifies specific teams or departments that may require additional remediation training based on their ability to meet company security policies.

Organizations should leverage these updated dashboard features to transition from manual, reactive security tracking to an automated, risk-based posture. By integrating EPSS and KEV data into daily workflows, teams can ensure they are solving the most dangerous vulnerabilities first while maintaining a clear, measurable record of their security improvements.