Ultimate User Request for source code of LGPL-licensed components in GitLab Advanced SAST

Problem Statement

What is the problem?

We need a formal process for handling these type of requests. They are legal requests, so we have to handle them very specifically. Atm we are using myself as a "stopgap" for them

Why is this a problem?

• Bus factor of 1 is never good
• I am not always available (try as hard as I might)

Proposal

A more detailed gameplan can be found here

tl;dr

• Make a ZD app to automate the checks and replies as much as possible
• Leverage Dev Pulse to use "RFH" style waiting

So the SE would use the app to process it, once all checks are done it would make a legal issue and "Dev Pulse" that issue. SE gets reply from legal, sends messaging back to user in ticket (much akin to how RFHs work).

DRI

Jason Colyer will act as the DRI for this issue.

Required Resources

• Readiness development
• Communication to Support

Potential Roadblocks/Things to consider

N/A

Desired Outcome

What does success look like?

SEs have a simple process to follow for these tickets that aligns with current working styles.

---

added FY25 OKRNot Applicable label

assigned to @jcolyer

@lyle @leeeee-gtlb @vparsons Over to y'all for review and approval

added ReadinessConsulting label

I'm going to go ahead and proceed with this. This should all be setup and live 2025-03-01

closed

added ReadinessCompleted label and removed ReadinessConsulting label