Trainee SAST Maintainer: Saikat Sarkar
Basic setup
-
Change this issue title to include your name, project, and maintainer type: Trainee SAST Maintainer: [full name] [project type]
. -
Indicate your selected analyzer projects (limit to 1 subgroup per trainee issue): - Analyzer projects
-
analyzers/bandit
-
analyzers/brakeman
-
analyzers/eslint
-
analyzers/flawfinder
-
analyzers/gosec
-
analyzers/kubesec
-
analyzers/mobsf
-
analyzers/nodejs-scan
-
analyzers/phpcs-security-audit
-
analyzers/pmd-apex
-
analyzers/secrets
-
analyzers/security-code-scan
-
analyzers/semgrep
-
analyzers/sobelow
-
analyzers/spotbugs
-
- Shared common projects
-
analyzers/command
-
analyzers/report
-
analyzers/ruleset
-
- Post-Analyzer projects
-
post-analyzers/tracking-calculator
-
- Analyzer projects
-
Read the code review page in the handbook -
Understand how to become a maintainer -
Understand our Secure Team standards and style guidelines -
Understand our Secure Release Process -
Understand our Secure QA Process -
Create a merge request updating your team member entry) adding yourself as a trainee maintainer -
Ask your manager to set up a check in on this issue every six weeks or so.
Working towards becoming a maintainer
There is no checklist here, only guidelines. Remember that there is no specific timeline on this.
Your reviews should aim to cover maintainer responsibilities as well as reviewer responsibilities. Your approval means you think it is ready to merge.
After each MR is merged or closed, add a discussion to this issue using this template:
### (Merge request title): (Merge request URL)
During review:
- (List anything of note, or a quick summary. "I suggested/identified/noted...")
Post-review:
- (List anything of note, or a quick summary. "I missed..." or "Merged as-is")
(Maintainer who reviewed this merge request) Please add feedback, and compare
this review to the average maintainer review.
Tip: There are tools available to assist with this task.
When you're ready to make it official
When reviews have accumulated, and recent reviews consistently fulfill maintainer responsibilities, any maintainer can take the next step. The trainee should also feel free to discuss their progress with their manager or any maintainer at any time.
-
Create a merge request updating your team member entry proposing yourself as a maintainer. -
Create a merge request for CODEOWNERS
for the relevant project, adding yourself accordingly, and ask a maintainer to review it. -
Keep reviewing, start merging 🤘 -
Keep reviewing, and helping with merge requests! 🎉 -
Important Read: If you are not currently a backend or frontend maintainer, please assign the merge requests to a maintainer who can merge on your behalf, specifying that it has already been approved by a CI/CD templates maintainer.
🤖
Auto-Summary Discoto Usage
Points
Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive)
point:
. For example, the following are all valid points:
#### POINT: This is a point
* point: This is a point
+ Point: This is a point
- pOINT: This is a point
point: This is a **point**
Note that any markdown used in the point text will also be propagated into the topic summaries.
Outcomes
Outcomes define the decisions or resolutions of a discussion. Once outcomes are defined, sub-topics and points are collapsed underneath the outcomes.
Outcomes are declared in a similar manner as points:
#### OUTCOME: This is an outcome
* outcome: This is an outcome
+ Outcome: This is an outcome
- oUTCOME: This is an outcome
outcome: This is an outcome
Note that multiple outcomes may be declared for each topic.
Topics
Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.
Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive)
topic:
. For example, the following are all valid topics:
# Topic: Inline discussion topic 1
## TOPIC: **{+A Green, bolded topic+}**
### tOpIc: Another topic
Quick Actions
Action Description /discuss sub-topic TITLE
Create an issue for a sub-topic. Does not work in epics /discuss link ISSUABLE-LINK
Link an issuable as a child of this discussion Discussion-Size Indicators
The relative size of the discussion occurring within a topic and its sub-topics is indicated via braille dots.
More dots means that more points or sub-topics exist within a given topic.
Examples:
- TOPIC
⣿⣿⡆
A large discussion occurred here- TOPIC
⣇
A smaller discussion occurred here
Last updated by this job
TOPIC
⡄
TOPIC
⡄
TOPIC
⡄
TOPIC
⡀
TOPIC
⡄
TOPIC
⡀
TOPIC
⡀
TOPIC
⡀
TOPIC
⡀
TOPIC
⡀
Discoto Settings
---
summary:
max_items: -1
sort_by: created
sort_direction: ascending
See the settings schema for details.