Use case 1
- Author: Jarno Huusko
- Date / Version: 20/02/2024 / 1.0
User roles
- Sec (Actor1): The primary user who monitors and addresses security concerns on the GitLab Security Dashboard.
- Dev/Ops Engineer (Actor2): Assists in implementing the necessary security patches or configurations.
Prerequisites / Conditions
- The user must have administrative access to the GitLab Security Dashboard.
- GitLab instance must be up-to-date with the latest stable release.
Use Case Diagram
Description of use case -eg. Modify existing request
- Review: The Security Specialist reviews the GitLab Security Dashboard for any open security issues or vulnerabilities.
- Assessment: The issues are assessed based on their severity and impact on the project.
- Plan: A mitigation plan is devised for each identified issue, prioritizing critical vulnerabilities.
- Implementation: The DevOps Engineer, in collaboration with the Security Specialist, implements the necessary fixes or updates.
- Verification: The Security Specialist verifies that the issues are resolved by re-examining the dashboard.
- Documentation: All actions taken to mitigate the issues are documented for future reference.
Exceptions
-
E1: If an issue cannot be mitigated due to dependency conflicts, it is escalated for further review.
-
E2: If the dashboard fails to update post-mitigation, a manual verification process is initiated.
Result
- The GitLab Security Dashboard should have no open security issues, indicating that all known vulnerabilities have been addressed.
Use frequency
- This use case is executed monthly as part of regular security maintenance, or more frequently if critical vulnerabilities are discovered.
Additional information
- Details on specific security patches, version numbers, and configuration changes should be recorded to assist in future audits or troubleshooting.
Sources
- Based on the public administration recommendations and input from the original authors.