gitlab-vulnerability

GitLab vulnerability operations via API. ALWAYS use this skill when user wants to: (1) list security vulnerabilities, (2) view vulnerability details, (3) confirm/dismiss/resolve vulnerabilities, (4) view vulnerability findings.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "gitlab-vulnerability" with this command: npx skills add grandcamel/gitlab-assistant-skills/grandcamel-gitlab-assistant-skills-gitlab-vulnerability

Vulnerability Skill

Security vulnerability management for GitLab using glab api raw endpoint calls.

Quick Reference

OperationCommand PatternRisk
List vulnerabilitiesglab api projects/:id/vulnerabilities-
Get vulnerabilityglab api projects/:id/vulnerabilities/:vuln_id-
Confirm vulnerabilityglab api projects/:id/vulnerabilities/:vuln_id/confirm -X POST⚠️
Dismiss vulnerabilityglab api projects/:id/vulnerabilities/:vuln_id/dismiss -X POST -f ...⚠️
Resolve vulnerabilityglab api projects/:id/vulnerabilities/:vuln_id/resolve -X POST⚠️
Revert to detectedglab api projects/:id/vulnerabilities/:vuln_id/revert -X POST⚠️
List findingsglab api projects/:id/vulnerability_findings-

Risk Legend: - Safe | ⚠️ Caution | ⚠️⚠️ Warning | ⚠️⚠️⚠️ Danger

When to Use This Skill

ALWAYS use when:

  • User mentions "vulnerability", "security issue", "CVE"
  • User wants to view security scan results
  • User mentions "SAST", "DAST", "dependency scanning", "container scanning"
  • User wants to dismiss or resolve security findings
  • User asks about security dashboard

NEVER use when:

  • User wants to run security scans (use gitlab-ci)
  • User wants to configure security settings (use project settings)
  • User wants general issue tracking (use gitlab-issue)

API Prerequisites

Required Token Scopes: read_api or api

Permissions:

  • Read vulnerabilities: Developer+
  • Manage vulnerabilities: Developer+

GitLab Tier: Ultimate required for full vulnerability management features

Vulnerability States

StateDescription
detectedNew, unreviewed vulnerability
confirmedVerified as real vulnerability
dismissedMarked as false positive or won't fix
resolvedFixed and no longer present

Severity Levels

SeverityDescription
criticalHighest severity, immediate action needed
highSignificant risk
mediumModerate risk
lowMinor risk
infoInformational finding
unknownSeverity not determined

Available Commands

List Project Vulnerabilities

# List all vulnerabilities
glab api projects/123/vulnerabilities --method GET

# Filter by state
glab api "projects/123/vulnerabilities?state=detected" --method GET

# Filter by severity
glab api "projects/123/vulnerabilities?severity=critical,high" --method GET

# Filter by multiple criteria
glab api "projects/123/vulnerabilities?state=detected&severity=critical,high" --method GET

# With pagination
glab api projects/123/vulnerabilities --paginate

# Using project path
glab api "projects/$(echo 'mygroup/myproject' | jq -Rr @uri)/vulnerabilities"

Get Vulnerability Details

# Get specific vulnerability
glab api projects/123/vulnerabilities/456 --method GET

Confirm Vulnerability

Marks a detected vulnerability as confirmed (real security issue).

# Confirm vulnerability
glab api projects/123/vulnerabilities/456/confirm --method POST

Dismiss Vulnerability

Marks a vulnerability as dismissed (false positive or accepted risk).

# Dismiss as false positive
glab api projects/123/vulnerabilities/456/dismiss --method POST \
  -f comment="False positive - this code path is not reachable"

# Dismiss as acceptable risk
glab api projects/123/vulnerabilities/456/dismiss --method POST \
  -f comment="Accepted risk - mitigated by network controls"

# Dismiss with dismissal reason (if available)
glab api projects/123/vulnerabilities/456/dismiss --method POST \
  -f comment="Not applicable to our use case" \
  -f dismissal_reason="used_in_tests"

Resolve Vulnerability

Marks a vulnerability as resolved (fixed).

# Resolve vulnerability
glab api projects/123/vulnerabilities/456/resolve --method POST

Revert to Detected State

Reverts a vulnerability back to detected state.

# Revert to detected
glab api projects/123/vulnerabilities/456/revert --method POST

List Vulnerability Findings

Findings are the raw results from security scanners.

# List all findings
glab api projects/123/vulnerability_findings --method GET

# Filter by severity
glab api "projects/123/vulnerability_findings?severity=critical,high" --method GET

# Filter by scanner
glab api "projects/123/vulnerability_findings?scanner=sast" --method GET

# Filter by pipeline
glab api "projects/123/vulnerability_findings?pipeline_id=789" --method GET

# With pagination
glab api projects/123/vulnerability_findings --paginate

Security Dashboard (Group Level)

# Get security statistics for group
glab api groups/456/vulnerability_exports --method POST \
  -f export_format="csv"

# Get group vulnerability statistics
glab api "groups/456/vulnerability_statistics" --method GET

Common Workflows

Workflow 1: Triage New Vulnerabilities

project_id=123

# Get all detected (new) vulnerabilities
glab api "projects/$project_id/vulnerabilities?state=detected" --paginate | \
  jq -r '.[] | "[\(.severity)] \(.title) - \(.id)"'

# Review critical/high first
glab api "projects/$project_id/vulnerabilities?state=detected&severity=critical,high" | \
  jq -r '.[] | "ID: \(.id)\nTitle: \(.title)\nSeverity: \(.severity)\nScanner: \(.scanner.name)\nLocation: \(.location | @json)\n---"'

Workflow 2: Generate Security Report

project_id=123

# Summary by severity
echo "=== Vulnerability Summary ==="
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r 'group_by(.severity) | map({severity: .[0].severity, count: length}) | .[] | "\(.severity): \(.count)"'

# Summary by state
echo ""
echo "=== By State ==="
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r 'group_by(.state) | map({state: .[0].state, count: length}) | .[] | "\(.state): \(.count)"'

# Summary by scanner
echo ""
echo "=== By Scanner ==="
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r 'group_by(.scanner.name) | map({scanner: .[0].scanner.name, count: length}) | .[] | "\(.scanner): \(.count)"'

Workflow 3: Bulk Dismiss False Positives

project_id=123

# Dismiss all info-level findings from specific scanner
glab api "projects/$project_id/vulnerabilities?severity=info&state=detected" --paginate | \
  jq -r '.[].id' | while read vuln_id; do
    echo "Dismissing $vuln_id"
    glab api projects/$project_id/vulnerabilities/$vuln_id/dismiss --method POST \
      -f comment="Bulk dismissed - info level findings"
  done

Workflow 4: Track Critical Vulnerabilities

project_id=123

# List critical vulnerabilities with details
glab api "projects/$project_id/vulnerabilities?severity=critical" --paginate | \
  jq -r '.[] | {
    id: .id,
    title: .title,
    state: .state,
    detected_at: .detected_at,
    scanner: .scanner.name,
    identifiers: [.identifiers[]?.name] | join(", ")
  }'

Workflow 5: Check for CVEs

project_id=123
cve="CVE-2021-44228"

# Search for specific CVE
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r ".[] | select(.identifiers[]?.name == \"$cve\") | \"ID: \(.id), State: \(.state), Title: \(.title)\""

Workflow 6: Export Vulnerabilities

project_id=123

# Export to JSON
glab api "projects/$project_id/vulnerabilities" --paginate > vulnerabilities.json

# Export to CSV format
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r '["id","title","severity","state","scanner","detected_at"],
         (.[] | [.id, .title, .severity, .state, .scanner.name, .detected_at]) | @csv' > vulnerabilities.csv

Workflow 7: Compare Pipeline Results

project_id=123

# Get findings from specific pipeline
pipeline_id=789
glab api "projects/$project_id/vulnerability_findings?pipeline_id=$pipeline_id" | \
  jq -r '.[] | "\(.severity): \(.name)"'

Scanner Types

ScannerReport TypeDescription
sastSASTStatic Application Security Testing
dastDASTDynamic Application Security Testing
dependency_scanningDependency ScanningThird-party dependency vulnerabilities
container_scanningContainer ScanningContainer image vulnerabilities
secret_detectionSecret DetectionHardcoded secrets in code
coverage_fuzzingCoverage FuzzingFuzzing test results
api_fuzzingAPI FuzzingAPI fuzzing results

Troubleshooting

IssueCauseSolution
403 ForbiddenUltimate required or no accessCheck GitLab tier and permissions
Empty resultsNo scans runConfigure and run security scanners in CI
Old vulnerabilitiesNo recent pipelineRun new pipeline with security jobs
Can't dismissAlready dismissed or resolvedCheck current state
Missing scanner typeScanner not configuredAdd scanner to CI configuration

Best Practices

  1. Triage regularly: Review new vulnerabilities frequently
  2. Document dismissals: Always add comments explaining why
  3. Track critical issues: Monitor critical/high severity closely
  4. Integrate with issues: Create issues for confirmed vulnerabilities
  5. Automate where possible: Use CI to fail on new critical findings

Related Documentation

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

gitlab-mr

No summary provided by upstream source.

Repository SourceNeeds Review
15-grandcamel
General

gitlab-ci

No summary provided by upstream source.

Repository SourceNeeds Review
14-grandcamel
General

gitlab-repo

No summary provided by upstream source.

Repository SourceNeeds Review
13-grandcamel
General

gitlab-group

No summary provided by upstream source.

Repository SourceNeeds Review
11-grandcamel