- List the feature group that created this feature/service and who are
the current Engineering Managers, Product Managers and their
Directors:
- The "~group::static analysis" team created this feature.
- The "~group::secret detection" team created this feature.
- Engineering Manager is `@amarpatel`.
- Product Manager is `@connorgilbert`
-Director is `@wayne`.
- Product Manager is `@smeadzinger`
-Senior Engineering Manager is `@twoodham`.
- List individuals are the subject matter experts and know the most
about this feature:
- Feature development was led by `@ahmed.hemdan` with help from
...
...
@@ -248,7 +248,9 @@ _The items below will be reviewed by the Scalability:Practices team._
_The items below will be reviewed by the Scalability:Practices team._
- [ ] Are there custom backup/restore requirements?
- N/A
- [ ] Are backups monitored?
- [ ] Was a restore from backup tested?
- [ ] Link to information about growth rate of stored data.
...
...
@@ -257,64 +259,23 @@ _The items below will be reviewed by the Scalability:Practices team._
_The items below will be reviewed by the Delivery team._
-[ ] Will a [change management issue](https://about.gitlab.com/handbook/engineering/infrastructure/change-management/) be used for rollout? If so, link to it here.
- [ ] Does this feature have any version compatibility requirements with other components (e.g., Gitaly, Sidekiq, Rails) that will require a specific order of deployments?
-[x] Will a [change management issue](https://about.gitlab.com/handbook/engineering/infrastructure/change-management/) be used for rollout? If so, link to it here.
- [x] Does this feature have any version compatibility requirements with other components (e.g., Gitaly, Sidekiq, Rails) that will require a specific order of deployments?
- This feature uses pre-receive push options, which was introduced by this commit to Gitaly: https://gitlab.com/gitlab-org/gitaly/-/commit/dd1303cdcf5219b7f9c2b0d764c28733ab370205
-[ ] Is this feature validated by our [QA blackbox tests](https://gitlab.com/gitlab-org/gitlab-qa)?
- [ ] Will it be possible to roll back this feature? If so explain how it will be possible.
- [x] Will it be possible to roll back this feature? If so explain how it will be possible.
- Disable the feature flag, as was the case here: https://gitlab.com/gitlab-org/gitlab/-/issues/455913#note_1906929355
### Security
_The items below will be reviewed by the InfraSec team._
- [ ] Put yourself in an attacker's shoes and list some examples of "What could possibly go wrong?". Are you OK going into Beta knowing that?
- [ ] Link to any outstanding security-related epics & issues for this feature. Are you OK going into Beta with those still on the TODO list?
## General Availability
### Monitoring and Alerting
_The items below will be reviewed by the Scalability:Practices team._
- [ ] Confirm that on-call SREs have access to this service and will be on-call. If this is not the case, please add an explanation here.
### Operational Risk
_The items below will be reviewed by the Scalability:Practices team._
- [ ] Link to notes or testing results for assessing the outcome of failures of individual components.
- [ ] What are the potential scalability or performance issues that may result with this change?
- [ ] What are a few operational concerns that will not be present at launch, but may be a concern later?
- [ ] Are there any single points of failure in the design? If so list them here.
- [ ] As a thought experiment, think of worst-case failure scenarios for this product feature, how can the blast-radius of the failure be isolated?
### Backup, Restore, DR and Retention
_The items below will be reviewed by the Scalability:Practices team._
- [ ] Are there any special requirements for Disaster Recovery for both Regional and Zone failures beyond our current Disaster Recovery processes that are in place?
- [ ] How does data age? Can data over a certain age be deleted?
### Performance, Scalability and Capacity Planning
_The items below will be reviewed by the Scalability:Practices team._
-[ ] Link to any performance validation that was done according to [performance guidelines](https://docs.gitlab.com/ee/development/performance.html).
- [ ] Link to any load testing plans and results.
- [ ] Are there any potential performance impacts on the Postgres database or Redis when this feature is enabled at GitLab.com scale?
-[ ] Explain how this feature uses our [rate limiting](https://gitlab.com/gitlab-com/runbooks/-/tree/master/docs/rate-limiting) features.
- [ ] Are there retry and back-off strategies for external dependencies?
- [ ] Does the feature account for brief spikes in traffic, at least 2x above the expected rate?
### Deployment
_The items below will be reviewed by the Delivery team._
-[ ] Will a [change management issue](https://about.gitlab.com/handbook/engineering/infrastructure/change-management/) be used for rollout? If so, link to it here.
- [ ] Are there healthchecks or SLIs that can be relied on for deployment/rollbacks?
-[ ] Does building artifacts or deployment depend at all on [gitlab.com](https://gitlab.com)?
- [x] Put yourself in an attacker's shoes and list some examples of "What could possibly go wrong?". Are you OK going into Beta knowing that?
- An attacker could make a large number of pushes in rapid succession in a DoS attack. We have a [rate limit](https://docs.gitlab.com/ee/administration/settings/rate_limits_on_git_ssh_operations.html) of 600 pushes per minute to prevent this.
- An attacker could push a large number of commits with many secrets to attempt to affect performance. To mitigate this, we do not scan files over 1Mib, and we implemented timeouts on the total scan time, as well as on individual blob scan times.
- [x] Link to any outstanding security-related epics & issues for this feature. Are you OK going into Beta with those still on the TODO list?
- [Secrets not detected in `CHANGELOG.md` of `gitlab-org/security-products`]https://gitlab.com/gitlab-org/gitlab/-/issues/458784
- When this issue was detected, it could only be reproduced in the `CHANGELOG.md` for `gitlab-org/security-products` projects. As of 2024-05-13, this issue has been moved to the Backlog due to inability to reproduce.
