What can I do with this skill?

You can list vulnerabilities, view details, confirm/dismiss/resolve vulnerabilities, and view vulnerability findings using glab api.

What API token scopes and permissions are required?

Requires read_api or api scopes; read vulnerabilities requires Developer+ and full management requires Developer+. Ultimate may be needed for full features.

Are there any caveats or prerequisites?

Ensure you have the necessary GitLab plan and project permissions; actions modify vulnerabilities and require appropriate tokens.

gitlab-vulnerability

npx machina-cli add skill grandcamel/GitLab-Assistant-Skills/gitlab-vulnerability --openclaw

Files (1)

SKILL.md

10.0 KB

Vulnerability Skill

Security vulnerability management for GitLab using glab api raw endpoint calls.

Quick Reference

Operation	Command Pattern	Risk
List vulnerabilities	`glab api projects/:id/vulnerabilities`	-
Get vulnerability	`glab api projects/:id/vulnerabilities/:vuln_id`	-
Confirm vulnerability	`glab api projects/:id/vulnerabilities/:vuln_id/confirm -X POST`	⚠️
Dismiss vulnerability	`glab api projects/:id/vulnerabilities/:vuln_id/dismiss -X POST -f ...`	⚠️
Resolve vulnerability	`glab api projects/:id/vulnerabilities/:vuln_id/resolve -X POST`	⚠️
Revert to detected	`glab api projects/:id/vulnerabilities/:vuln_id/revert -X POST`	⚠️
List findings	`glab api projects/:id/vulnerability_findings`	-

Risk Legend: - Safe | ⚠️ Caution | ⚠️⚠️ Warning | ⚠️⚠️⚠️ Danger

When to Use This Skill

ALWAYS use when:

User mentions "vulnerability", "security issue", "CVE"
User wants to view security scan results
User mentions "SAST", "DAST", "dependency scanning", "container scanning"
User wants to dismiss or resolve security findings
User asks about security dashboard

NEVER use when:

User wants to run security scans (use gitlab-ci)
User wants to configure security settings (use project settings)
User wants general issue tracking (use gitlab-issue)

API Prerequisites

Required Token Scopes: read_api or api

Permissions:

Read vulnerabilities: Developer+
Manage vulnerabilities: Developer+

GitLab Tier: Ultimate required for full vulnerability management features

Vulnerability States

State	Description
`detected`	New, unreviewed vulnerability
`confirmed`	Verified as real vulnerability
`dismissed`	Marked as false positive or won't fix
`resolved`	Fixed and no longer present

Severity Levels

Severity	Description
`critical`	Highest severity, immediate action needed
`high`	Significant risk
`medium`	Moderate risk
`low`	Minor risk
`info`	Informational finding
`unknown`	Severity not determined

Available Commands

List Project Vulnerabilities

# List all vulnerabilities
glab api projects/123/vulnerabilities --method GET

# Filter by state
glab api "projects/123/vulnerabilities?state=detected" --method GET

# Filter by severity
glab api "projects/123/vulnerabilities?severity=critical,high" --method GET

# Filter by multiple criteria
glab api "projects/123/vulnerabilities?state=detected&severity=critical,high" --method GET

# With pagination
glab api projects/123/vulnerabilities --paginate

# Using project path
glab api "projects/$(echo 'mygroup/myproject' | jq -Rr @uri)/vulnerabilities"

Get Vulnerability Details

# Get specific vulnerability
glab api projects/123/vulnerabilities/456 --method GET

Confirm Vulnerability

Marks a detected vulnerability as confirmed (real security issue).

# Confirm vulnerability
glab api projects/123/vulnerabilities/456/confirm --method POST

Dismiss Vulnerability

Marks a vulnerability as dismissed (false positive or accepted risk).

# Dismiss as false positive
glab api projects/123/vulnerabilities/456/dismiss --method POST \
  -f comment="False positive - this code path is not reachable"

# Dismiss as acceptable risk
glab api projects/123/vulnerabilities/456/dismiss --method POST \
  -f comment="Accepted risk - mitigated by network controls"

# Dismiss with dismissal reason (if available)
glab api projects/123/vulnerabilities/456/dismiss --method POST \
  -f comment="Not applicable to our use case" \
  -f dismissal_reason="used_in_tests"

Resolve Vulnerability

Marks a vulnerability as resolved (fixed).

# Resolve vulnerability
glab api projects/123/vulnerabilities/456/resolve --method POST

Revert to Detected State

Reverts a vulnerability back to detected state.

# Revert to detected
glab api projects/123/vulnerabilities/456/revert --method POST

List Vulnerability Findings

Findings are the raw results from security scanners.

# List all findings
glab api projects/123/vulnerability_findings --method GET

# Filter by severity
glab api "projects/123/vulnerability_findings?severity=critical,high" --method GET

# Filter by scanner
glab api "projects/123/vulnerability_findings?scanner=sast" --method GET

# Filter by pipeline
glab api "projects/123/vulnerability_findings?pipeline_id=789" --method GET

# With pagination
glab api projects/123/vulnerability_findings --paginate

Security Dashboard (Group Level)

# Get security statistics for group
glab api groups/456/vulnerability_exports --method POST \
  -f export_format="csv"

# Get group vulnerability statistics
glab api "groups/456/vulnerability_statistics" --method GET

Common Workflows

Workflow 1: Triage New Vulnerabilities

project_id=123

# Get all detected (new) vulnerabilities
glab api "projects/$project_id/vulnerabilities?state=detected" --paginate | \
  jq -r '.[] | "[\(.severity)] \(.title) - \(.id)"'

# Review critical/high first
glab api "projects/$project_id/vulnerabilities?state=detected&severity=critical,high" | \
  jq -r '.[] | "ID: \(.id)\nTitle: \(.title)\nSeverity: \(.severity)\nScanner: \(.scanner.name)\nLocation: \(.location | @json)\n---"'

Workflow 2: Generate Security Report

project_id=123

# Summary by severity
echo "=== Vulnerability Summary ==="
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r 'group_by(.severity) | map({severity: .[0].severity, count: length}) | .[] | "\(.severity): \(.count)"'

# Summary by state
echo ""
echo "=== By State ==="
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r 'group_by(.state) | map({state: .[0].state, count: length}) | .[] | "\(.state): \(.count)"'

# Summary by scanner
echo ""
echo "=== By Scanner ==="
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r 'group_by(.scanner.name) | map({scanner: .[0].scanner.name, count: length}) | .[] | "\(.scanner): \(.count)"'

Workflow 3: Bulk Dismiss False Positives

project_id=123

# Dismiss all info-level findings from specific scanner
glab api "projects/$project_id/vulnerabilities?severity=info&state=detected" --paginate | \
  jq -r '.[].id' | while read vuln_id; do
    echo "Dismissing $vuln_id"
    glab api projects/$project_id/vulnerabilities/$vuln_id/dismiss --method POST \
      -f comment="Bulk dismissed - info level findings"
  done

Workflow 4: Track Critical Vulnerabilities

project_id=123

# List critical vulnerabilities with details
glab api "projects/$project_id/vulnerabilities?severity=critical" --paginate | \
  jq -r '.[] | {
    id: .id,
    title: .title,
    state: .state,
    detected_at: .detected_at,
    scanner: .scanner.name,
    identifiers: [.identifiers[]?.name] | join(", ")
  }'

Workflow 5: Check for CVEs

project_id=123
cve="CVE-2021-44228"

# Search for specific CVE
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r ".[] | select(.identifiers[]?.name == \"$cve\") | \"ID: \(.id), State: \(.state), Title: \(.title)\""

Workflow 6: Export Vulnerabilities

project_id=123

# Export to JSON
glab api "projects/$project_id/vulnerabilities" --paginate > vulnerabilities.json

# Export to CSV format
glab api "projects/$project_id/vulnerabilities" --paginate | \
  jq -r '["id","title","severity","state","scanner","detected_at"],
         (.[] | [.id, .title, .severity, .state, .scanner.name, .detected_at]) | @csv' > vulnerabilities.csv

Workflow 7: Compare Pipeline Results

project_id=123

# Get findings from specific pipeline
pipeline_id=789
glab api "projects/$project_id/vulnerability_findings?pipeline_id=$pipeline_id" | \
  jq -r '.[] | "\(.severity): \(.name)"'

Scanner Types

Scanner	Report Type	Description
`sast`	SAST	Static Application Security Testing
`dast`	DAST	Dynamic Application Security Testing
`dependency_scanning`	Dependency Scanning	Third-party dependency vulnerabilities
`container_scanning`	Container Scanning	Container image vulnerabilities
`secret_detection`	Secret Detection	Hardcoded secrets in code
`coverage_fuzzing`	Coverage Fuzzing	Fuzzing test results
`api_fuzzing`	API Fuzzing	API fuzzing results

Troubleshooting

Issue	Cause	Solution
403 Forbidden	Ultimate required or no access	Check GitLab tier and permissions
Empty results	No scans run	Configure and run security scanners in CI
Old vulnerabilities	No recent pipeline	Run new pipeline with security jobs
Can't dismiss	Already dismissed or resolved	Check current state
Missing scanner type	Scanner not configured	Add scanner to CI configuration

Best Practices

Triage regularly: Review new vulnerabilities frequently
Document dismissals: Always add comments explaining why
Track critical issues: Monitor critical/high severity closely
Integrate with issues: Create issues for confirmed vulnerabilities
Automate where possible: Use CI to fail on new critical findings

Overview

This skill enables GitLab vulnerability management directly from chat by calling glab api endpoints. You can list vulnerabilities and view details, or change their states (confirm, dismiss, resolve, revert) and retrieve vulnerability findings. This enables faster, automated vulnerability workflows.

How This Skill Works

Requests are translated into glab api calls against projects/:id/vulnerabilities and related endpoints. State changes use POST (e.g., /confirm, /dismiss, /resolve, /revert). Findings are retrieved from projects/:id/vulnerability_findings to surface related results.

When to Use It

When you want to list all vulnerabilities for a project.
When you need to view details for a specific vulnerability.
When you want to confirm, dismiss, or resolve a vulnerability.
When you want to filter vulnerabilities by state or severity.
When you want to view vulnerability findings for a project.

Quick Start

Step 1: Install/authenticate with glab and ensure a token with read_api or api scope.
Step 2: List vulnerabilities for a project: glab api projects/123/vulnerabilities --method GET.
Step 3: Change vulnerability state, e.g., confirm: glab api projects/123/vulnerabilities/456/confirm --method POST.

Best Practices

Use a token with read_api or api scope; for changes ensure Developer+ permissions on the project.
Double-check project ID and vulnerability ID before making changes.
Include a clear comment when dismissing a vulnerability to justify the decision.
Use pagination and filtering (--paginate, state/severity queries) for large results.
Validate API responses and re-fetch after actions to confirm the updated state.

Example Use Cases

List all vulnerabilities for project 123.
Get details for vulnerability 456 in project 123.
Confirm vulnerability 456 in project 123.
Dismiss vulnerability 456 with a 'false positive' note.
List findings for project 123 vulnerability findings.

Frequently Asked Questions

Add this skill to your agents

gitlab-vulnerability

Vulnerability Skill

Quick Reference

When to Use This Skill

API Prerequisites

Vulnerability States

Severity Levels

Available Commands

List Project Vulnerabilities

Get Vulnerability Details

Confirm Vulnerability

Dismiss Vulnerability

Resolve Vulnerability

Revert to Detected State

List Vulnerability Findings

Security Dashboard (Group Level)

Common Workflows

Workflow 1: Triage New Vulnerabilities

Workflow 2: Generate Security Report

Workflow 3: Bulk Dismiss False Positives

Workflow 4: Track Critical Vulnerabilities

Workflow 5: Check for CVEs

Workflow 6: Export Vulnerabilities

Workflow 7: Compare Pipeline Results

Scanner Types

Troubleshooting

Best Practices

Related Documentation

Source

Overview

How This Skill Works

When to Use It

Quick Start

Best Practices

Example Use Cases

Frequently Asked Questions