FY22-Q2 Secure:Static Analysis KR - Establish Maintainers in Static Analysis projects
Problem to solve
As a member of groupstatic analysis in GitLab.org / GitLab, I want to know who to interact with to ship code and have more confidence in the types of scrutiny each change has received.
Proposal
Further details
This work builds on the groundwork laid in gitlab-org/gitlab#300358 (closed).
-
The proposal for adding a Maintainers program in Static Analysis needs to be finalized. It's out to the team for commentary and contribution. -
Maintainers need to be encouraged to self-nominate for the trainee process. -
Trainee maintainers need to be worked through the process and converted into Maintainers for each project owned by Static Analysis. -
Add CODEOWNERS
files to projects-in-product which are owned by groupstatic analysis
Updated roles and permissions
-
Static Analysis Backend Engineers removed as direct members of https://gitlab.com/gitlab-org/security-products. -
https://gitlab.com/gitlab-org/secure/static-analysis-be added as a group to be Maintainers
for:-
https://gitlab.com/gitlab-org/security-products/post-analyzers -
https://gitlab.com/gitlab-org/security-products/security-report-schemas -
https://gitlab.com/gitlab-org/security-products/ci-templates -
https://gitlab.com/gitlab-org/security-products/danger-bot -
https://gitlab.com/gitlab-org/security-products/security-product-templates -
https://gitlab.com/gitlab-org/security-products/release -
https://gitlab.com/gitlab-org/security-products/tests -
https://gitlab.com/gitlab-org/security-products/dependencies -
https://gitlab.com/gitlab-org/security-products/demos
-
-
SAST and Secret Detection analyzers in https://gitlab.com/gitlab-org/security-products/analyzers updates so Developer+Maintainer
may merge into protected branches. -
Trainee Maintainers (as indicated by related issues) added to CODEOWNERS
files for the projects they indicated. -
Verify SAST and Secret Detection projects in https://gitlab.com/gitlab-org/security-products/analyzers are set up to require CODEOWNERS approval prior to merge. -
Update week 2 onboarding template so Static Analysis new starters aren't made Developers
in https://gitlab.com/gitlab-org/security-products.
Edited by Thomas Woodham