Security Reachability

Determines which security findings are reachable from a public entry point

Comment

Inspiration

Every security team drowns in the same problem: "The scanner found 200 vulnerabilities — which ones actually matter?" Most findings sit in code that no external caller can reach, but scanners present them as a flat list, so teams burn days triaging by hand or fix the loud ones and miss the reachable one. Whether a finding is exploitable depends on whether an attacker-controlled entry point can actually reach the vulnerable code — and that is a call-graph question scanners can't answer. GitLab Orbit can, because it indexes the call graph and security findings as one queryable graph. That unlock inspired Security Reachability.

What it does

Security Reachability turns a flat list of findings into a prioritized one. It maps each finding to the vulnerable definition (the sink), identifies external entry points (route handlers, public functions, main) as sources, and uses Orbit's path-finding to check whether any source can reach any sink along the call graph. Findings are sorted reachable-first, and the report prints the actual call path for the top reachable finding — for example, api::handle_search() → service::search() → db::run_query() — which is the exploit route, straight from the graph. Security triage flips from "200 findings" to "12 are reachable from a public endpoint, and here's exactly how."

How we built it

The agent is an Agent Skill (a SKILL.md following the Agent Skills specification) paired with a custom flow on the GitLab Duo Agent Platform. The skill encodes all Orbit interaction: it discovers the graph schema at runtime, collects findings and their vulnerable definitions, identifies entry points by visibility and path heuristics, then runs path-finding queries (bounded depth) from sources to sinks to classify each finding reachable or not. The flow is flow-registry-v1 YAML running in the ambient environment; it loads the skill via the workspace_agent_skills context and posts exactly one comment without changing any vulnerability state. Orbit is reached through its REST API (POST /api/v4/orbit/query, GET /api/v4/orbit/schema, GET /api/v4/orbit/status) and the equivalent MCP tools. The agent is published to the GitLab AI Catalog.

Challenges we ran into

Orbit's ontology is in beta, so edge and node names can change. Hardcoding them would make the agent brittle, so the skill discovers the schema at runtime and adapts. The harder challenge was keeping path-finding bounded — naive reachability on a large call graph explodes combinatorially — so we cap traversal depth, dedupe visited nodes, and limit entry-point/sink pairs. Defining entry points was also subtle: treating every public function as a source inflates "reachable," so we prefer recorded visibility or route attributes and fall back to path heuristics only when needed.

Accomplishments that we're proud of

Security Reachability does static reachability analysis — normally expensive and tooling-heavy — almost for free, because Orbit already holds the call graph and the findings together. Every verdict is traceable: each reachable finding ships with a real call path from a query result, with no fabrication. And it is honest about its limits, flagging that dynamic dispatch and framework routing may add paths it can't see, so "not reachable" means lower priority, not safe.

What we learned

The real power of a knowledge graph isn't any single query — it's the join across domains that no existing tool spans. We learned that showing the concrete call path is what makes the result trustworthy and actionable; a "reachable" label alone is just another flag, but the path is evidence. And delivering it inside the merge request, where the fix decision happens, matters as much as the analysis.

What's next for Security Reachability

Ranking reachable findings by entry-point exposure (public API vs internal CLI) so the most attacker-accessible paths float to the top. Data-flow awareness, not just call reachability, to cut false positives further. And a combined risk surface with our companion agent, Test Gap Sentinel — code that is both reachable and untested is the highest-priority work of all.

Built With

  • agent-skills
  • ai-catalog
  • anthropic-claude
  • clickhouse
  • gitlab
  • gitlab-duo-agent-platform
  • gitlab-knowledge-graph
  • gitlab-orbit
  • grpc
  • markdown
  • mcp
  • rest-api
  • yaml
Share this project:

Updates