Trainee SAST Analyzers Maintainer: Zach Rice
Basic setup
-
Change this issue title to include your name, project, and maintainer type: Trainee SAST Maintainer: [full name]
. -
Indicate your selected analyzer projects: -
analyzers/bandit
(done) -
analyzers/brakeman
-
analyzers/eslint
(done) -
analyzers/flawfinder
-
analyzers/gosec
(done) -
analyzers/kubesec
(done) -
analyzers/mobsf
-
analyzers/nodejs-scan
(done) -
analyzers/phpcs-security-audit
-
analyzers/pmd-apex
-
analyzers/secrets
(done) -
analyzers/security-code-scan
-
analyzers/semgrep
(done) -
analyzers/sobelow
-
analyzers/spotbugs
-
analyzers/kics
(done)
-
-
Read the code review page in the handbook -
Understand how to become a maintainer -
Understand our Secure Team standards and style guidelines -
Understand our Secure Release Process -
Understand our Secure QA Process -
Create a merge request updating your team member entry) adding yourself as a trainee maintainer -
Ask your manager to set up a check in on this issue every six weeks or so.
Working towards becoming a maintainer
There is no checklist here, only guidelines. Remember that there is no specific timeline on this.
Your reviews should aim to cover maintainer responsibilities as well as reviewer responsibilities. Your approval means you think it is ready to merge.
After each MR is merged or closed, add a discussion to this issue using this template:
### (Merge request title): (Merge request URL)
During review:
- (List anything of note, or a quick summary. "I suggested/identified/noted...")
Post-review:
- (List anything of note, or a quick summary. "I missed..." or "Merged as-is")
(Maintainer who reviewed this merge request) Please add feedback, and compare
this review to the average maintainer review.
Tip: There are tools available to assist with this task.
When you're ready to make it official
When reviews have accumulated, and recent reviews consistently fulfill maintainer responsibilities, any maintainer can take the next step. The trainee should also feel free to discuss their progress with their manager or any maintainer at any time.
-
Create a merge request updating your team member entry proposing yourself as a maintainer. -
Create a merge request for CODEOWNERS
for the relevant project, adding yourself accordingly, and ask a maintainer to review it. -
Keep reviewing, start merging 🤘 -
Keep reviewing, and helping with merge requests! 🎉 -
Important Read: If you are not currently a backend or frontend maintainer, please assign the merge requests to a maintainer who can merge on your behalf, specifying that it has already been approved by a CI/CD templates maintainer.
🤖
Auto-Summary Discoto Usage
Points
Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive)
point:
. For example, the following are all valid points:
#### POINT: This is a point
* point: This is a point
+ Point: This is a point
- pOINT: This is a point
point: This is a **point**
Note that any markdown used in the point text will also be propagated into the topic summaries.
Topics
Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.
Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive)
topic:
. For example, the following are all valid topics:
# Topic: Inline discussion topic 1
## TOPIC: **{+A Green, bolded topic+}**
### tOpIc: Another topic
Quick Actions
Action Description /discuss sub-topic TITLE
Create an issue for a sub-topic. Does not work in epics /discuss link ISSUABLE-LINK
Link an issuable as a child of this discussion
Last updated by this job
- TOPIC [Secrets] Add Python Package Index (PyPI) token detection: gitlab-org/security-products/analyzers/secrets!104 (merged) #11724 (comment 578367254)
- TOPIC [Secrets] Add test for ensuring AWS identifier remains unchanged: gitlab-org/security-products/analyzers/secrets!99 (merged) #11724 (comment 578380535)
- TOPIC [Secrets] Add RawSourceCodeExtract to report: gitlab-org/security-products/analyzers/secrets!79 (merged) #11724 (comment 578398688)
- TOPIC [Secrets] Support custom gitleaks rulesets: gitlab-org/security-products/analyzers/secrets!80 (merged) #11724 (comment 578421831)
- TOPIC [eslint] Update eslint version: gitlab-org/security-products/analyzers/eslint!75 (merged) #11724 (comment 584742230)
- TOPIC [eslint] Update QA expections: gitlab-org/security-products/analyzers/eslint!79 (merged) #11724 (comment 584751481)
- TOPIC [semgrep] Pass SAST_EXCLUDED_PATHS as semgrep exclude flags: gitlab-org/security-products/analyzers/semgrep!47 (merged) #11724 (comment 592340204)
- TOPIC [bandit] update CONTRIBUTING.md: gitlab-org/security-products/analyzers/bandit!76 (merged) #11724 (comment 665687903)
- TOPIC [bandit] Remove refs to the SAST_DEFAULT_ANALYZERS variable: gitlab-org/security-products/analyzers/bandit!77 (merged) #11724 (comment 665689380)
- TOPIC [bandit] Add multi-project qa test for Bandit: gitlab-org/security-products/analyzers/bandit!63 (merged) #11724 (comment 665692110)
- TOPIC [bandit] Enable rule-disablement: gitlab-org/security-products/analyzers/bandit!58 (merged) #11724 (comment 665693374)
- TOPIC [gosec] Add go 1.16 support and limit GOPATH shimming to projects not using go modules: gitlab-org/security-products/analyzers/gosec!100 (merged) #11724 (comment 666751375)
- TOPIC [gosec] feat: Add tracking-calculator to gosec: gitlab-org/security-products/analyzers/gosec!99 (merged) #11724 (comment 666757564)
- TOPIC [gosec] Remove SAST_GO_SEC_CONFIG: gitlab-org/security-products/analyzers/gosec!106 (merged) #11724 (comment 666759266)
- TOPIC [gosec] Allow processing multline issues from gosec (Community Contribution): gitlab-org/security-products/analyzers/gosec!90 (merged) #11724 (comment 666760724)
- TOPIC [semgrep] Remove eslint object injection rule: gitlab-org/security-products/analyzers/semgrep!132 (closed) #11724 (comment 1029842814)
- TOPIC [semgrep] Upgrade semgrep: gitlab-org/security-products/analyzers/semgrep!32 (merged) #11724 (comment 1029861990)
- TOPIC [semgrep] Add custom ruleset passthrough functionality: gitlab-org/security-products/analyzers/semgrep!30 (merged) #11724 (comment 1029869651)
- TOPIC [eslint] Update eslint version: gitlab-org/security-products/analyzers/eslint!75 (merged) #11724 (comment 1031606420)
- TOPIC [eslint] Update the version for the dependencies: gitlab-org/security-products/analyzers/eslint!90 (merged) #11724 (comment 1031607945)
- TOPIC [eslint] Fix CA Certs in open shift environments: gitlab-org/security-products/analyzers/eslint!106 (merged) #11724 (comment 1031612309)
- TOPIC [kubesec] feat: Analyze manifests concurrently: gitlab-org/security-products/analyzers/kubesec!55 (merged) #11724 (comment 1069377182)
- TOPIC [kubesec] fix: Use kubesec rule ID for primary identifier value: gitlab-org/security-products/analyzers/kubesec!46 (merged) #11724 (comment 1069381353)
- TOPIC [kubesec] Updating report schema: gitlab-org/security-products/analyzers/kubesec!47 (merged) #11724 (comment 1069384155)
- TOPIC [kubesec] Monthly Dependency Updates: gitlab-org/security-products/analyzers/kubesec!63 (merged) #11724 (comment 1069385542)
- TOPIC [security-code-scan] Restrict openshift: gitlab-org/security-products/analyzers/security-code-scan!79 (merged) #11724 (comment 1069442218)
- TOPIC [security-code-scan] Add support for .NET Core multiprojects: gitlab-org/security-products/analyzers/security-code-scan!21 (merged) #11724 (comment 1069475255)
Discoto Settings
---
summary:
max_items: -1
sort_by: created
sort_direction: ascending
See the settings schema for details.