Eugie Limpin activity https://gitlab.com/eugielimpin 2026-03-19T08:39:21Z tag:gitlab.com,2026-03-19:5220970308 Eugie Limpin commented on issue #589682 at GitLab.org / GitLab 2026-03-19T08:39:21Z eugielimpin Eugie Limpin

Updated weight to 1.

 tag:gitlab.com,2026-03-19:5220969321 Eugie Limpin commented on issue #589682 at GitLab.org / GitLab 2026-03-19T08:39:04Z eugielimpin Eugie Limpin

@jayswain there is nothing to implement here since all required permissions (see Resources in the description) required to access Security dashboards (new and old) are already enabled for Security Managers.

Verification thread: #589682 (comment 3172967283)

cc @m-omokoh

Closing this one now.

 tag:gitlab.com,2026-03-19:5220967990 Eugie Limpin closed issue #589682: Security Auditing - Project level - Security Dashboard at GitLab.org / GitLab 2026-03-19T08:38:40Z eugielimpin Eugie Limpin tag:gitlab.com,2026-03-19:5220914941 Eugie Limpin commented on issue #589682 at GitLab.org / GitLab 2026-03-19T08:24:41Z eugielimpin Eugie Limpin

Old group security dashboard is accessible:

Screenshot_2026-03-19_at_4.23.48_PM

 tag:gitlab.com,2026-03-19:5220882917 Eugie Limpin commented on issue #589682 at GitLab.org / GitLab 2026-03-19T08:15:53Z eugielimpin Eugie Limpin

New group security dashboard is accessible:

 tag:gitlab.com,2026-03-19:5220875310 Eugie Limpin commented on issue #589682 at GitLab.org / GitLab 2026-03-19T08:13:41Z eugielimpin Eugie Limpin

New project security dashboard is accessible:

 tag:gitlab.com,2026-03-19:5220866204 Eugie Limpin commented on issue #589682 at GitLab.org / GitLab 2026-03-19T08:11:08Z eugielimpin Eugie Limpin

Export is working:

 tag:gitlab.com,2026-03-19:5220551913 Eugie Limpin commented on issue #589682 at GitLab.org / GitLab 2026-03-19T06:15:43Z eugielimpin Eugie Limpin

Some recent changes allowed Security Managers to see (project level) Secure -> Security dashboard menu and access the page:

Screenshot_2026-03-19_at_2.13.34_PM

 tag:gitlab.com,2026-03-19:5220528486 Eugie Limpin commented on merge request !227866 at GitLab.org / GitLab 2026-03-19T06:05:33Z eugielimpin Eugie Limpin

@jayswain could you perform the initial backend review for this MR, please? 🙏🏼

 tag:gitlab.com,2026-03-19:5220525131 Eugie Limpin pushed to project branch el-security-manager-dast-on-demand-scan at GitLab.org / GitLab 2026-03-19T06:04:05Z eugielimpin Eugie Limpin

Eugie Limpin (a44b61ff) at 19 Mar 06:04

Authorize Security Manager role to manage DAST on-demand scans

 tag:gitlab.com,2026-03-19:5220492630 Eugie Limpin commented on merge request !227866 at GitLab.org / GitLab 2026-03-19T05:45:01Z eugielimpin Eugie Limpin

It doesn’t prove that the Security Manager path works without push rights (the intended behavior change), since it doesn’t explicitly ensure the user can’t push to the branch

Security Managers, by spec, can't push to branches.

 tag:gitlab.com,2026-03-19:5220431622 Eugie Limpin pushed to project branch el-security-manager-dast-on-demand-scan at GitLab.org / GitLab 2026-03-19T05:11:06Z eugielimpin Eugie Limpin

Eugie Limpin (083d7d79) at 19 Mar 05:11

Authorize Security Manager role to manage DAST on-demand scans

... and 216 more commits

tag:gitlab.com,2026-03-19:5220431318 Eugie Limpin commented on issue #591358 at GitLab.org / GitLab 2026-03-19T05:10:56Z eugielimpin Eugie Limpin

Closing this now that !226807 (merged) is merged. FYI @jayswain @m-omokoh

 tag:gitlab.com,2026-03-19:5220430937 Eugie Limpin closed issue #591358: Security Auditing - Group Level - Security Configuration Profiles at GitLab.org / GitLab 2026-03-19T05:10:41Z eugielimpin Eugie Limpin tag:gitlab.com,2026-03-19:5220428764 Eugie Limpin commented on merge request !226807 at GitLab.org / GitLab 2026-03-19T05:09:19Z eugielimpin Eugie Limpin

Yeah, we should move this in ee/spec/. It's safe in the meantime because it's only used (as it should be) in ee/spec/policies/project_policy_spec.rb.

 tag:gitlab.com,2026-03-19:5220276372 Eugie Limpin commented on issue #589677 at GitLab.org / GitLab 2026-03-19T03:38:14Z eugielimpin Eugie Limpin

Thanks, @jayswain.

I've implemented view, create, update, and delete actions in !227866 but it looks like we still have to figure out how we can authorize Security Managers to run DAST on-demand scans without giving them code write access.

While working on the run action, I added create_pipeline permission for Security Managers but I got stuck because in addition the create_pipeline permission requirement, the user should also be allowed_to_write_ref? (can_update_branch? -> can_push_to_branch?(ref) || can_merge_to_branch?(ref)).

FYI @m-omokoh @mikeeddington @joelpatterson

 tag:gitlab.com,2026-03-19:5220048434 Eugie Limpin commented on merge request !225640 at GitLab.org / GitLab 2026-03-19T01:41:33Z eugielimpin Eugie Limpin

Thanks for the thorough review, @ccharnolevsky!

 tag:gitlab.com,2026-03-19:5220037454 Eugie Limpin commented on merge request !227225 at GitLab.org / GitLab 2026-03-19T01:38:39Z eugielimpin Eugie Limpin

@drosse could you review as frontend maintainer, please?

 tag:gitlab.com,2026-03-19:5220034268 Eugie Limpin commented on merge request !227225 at GitLab.org / GitLab 2026-03-19T01:37:29Z eugielimpin Eugie Limpin

@jayswain don't forget to assign a reviewer (/request_review @username) 🙏🏼

We need Verify approval (and Hinam has a lot of ongoing reviews) so let's ask @panoskanell instead.

 tag:gitlab.com,2026-03-19:5220019952 Eugie Limpin pushed to project branch master at GitLab.org / GitLab 2026-03-19T01:32:06Z eugielimpin Eugie Limpin

Eugie Limpin (7eb0920f) at 19 Mar 01:32

Merge branch 'jswain_security_manager_vulnerability_report' into 'm...

... and 1 more commit