Trainee SAST Maintainer: Julian Thome
Basic setup
-
Change this issue title to include your name, project, and maintainer type: Trainee SAST Maintainer: [full name] [project type]
. -
Indicate your selected analyzer projects (limit to 1 subgroup per trainee issue): - Analyzer projects
-
analyzers/bandit
-
analyzers/brakeman
-
analyzers/eslint
-
analyzers/flawfinder
-
analyzers/gosec
-
analyzers/kubesec
-
analyzers/mobsf
-
analyzers/nodejs-scan
-
analyzers/phpcs-security-audit
-
analyzers/pmd-apex
-
analyzers/secrets
-
analyzers/security-code-scan
-
analyzers/semgrep
-
analyzers/sobelow
-
analyzers/spotbugs
-
- Shared common projects
-
analyzers/command
-
analyzers/report
-
analyzers/ruleset
-
- Post-Analyzer projects
-
post-analyzers/tracking-calculator
-
vet/go-tree-sitter
-
vet/tree-sitter70cast
-
vet/vet
-
vet/stencils
-
- Analyzer projects
-
Read the code review page in the handbook -
Understand how to become a maintainer -
Understand our Secure Team standards and style guidelines -
Understand our Secure Release Process -
Understand our Secure QA Process -
Create a merge request updating your team member entry) adding yourself as a trainee maintainer -
Ask your manager to set up a check in on this issue every six weeks or so.
Working towards becoming a maintainer
There is no checklist here, only guidelines. Remember that there is no specific timeline on this.
Your reviews should aim to cover maintainer responsibilities as well as reviewer responsibilities. Your approval means you think it is ready to merge.
After each MR is merged or closed, add a discussion to this issue using this template:
### (Merge request title): (Merge request URL)
During review:
- (List anything of note, or a quick summary. "I suggested/identified/noted...")
Post-review:
- (List anything of note, or a quick summary. "I missed..." or "Merged as-is")
(Maintainer who reviewed this merge request) Please add feedback, and compare
this review to the average maintainer review.
Tip: There are tools available to assist with this task.
When you're ready to make it official
When reviews have accumulated, and recent reviews consistently fulfill maintainer responsibilities, any maintainer can take the next step. The trainee should also feel free to discuss their progress with their manager or any maintainer at any time.
-
Create a merge request updating your team member entry proposing yourself as a maintainer. -
Create a merge request for CODEOWNERS
for the relevant project, adding yourself accordingly, and ask a maintainer to review it. -
Keep reviewing, start merging 🤘 -
Keep reviewing, and helping with merge requests! 🎉 -
Important Read: If you are not currently a backend or frontend maintainer, please assign the merge requests to a maintainer who can merge on your behalf, specifying that it has already been approved by a CI/CD templates maintainer.
🤖
Auto-Summary Discoto Usage
Points
Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive)
point:
. For example, the following are all valid points:
#### POINT: This is a point
* point: This is a point
+ Point: This is a point
- pOINT: This is a point
point: This is a **point**
Note that any markdown used in the point text will also be propagated into the topic summaries.
Topics
Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.
Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive)
topic:
. For example, the following are all valid topics:
# Topic: Inline discussion topic 1
## TOPIC: **{+A Green, bolded topic+}**
### tOpIc: Another topic
Quick Actions
Action Description /discuss sub-topic TITLE
Create an issue for a sub-topic. Does not work in epics /discuss link ISSUABLE-LINK
Link an issuable as a child of this discussion
Last updated by this job
- TOPIC Let badger act as distributed symbol table: https://gitlab.com/gitlab-org/security-products/vet/vet/-/merge_requests/68 #11788 (comment 792940276)
- TOPIC Bug in control-flow pass: https://gitlab.com/gitlab-org/security-products/vet/vet/-/merge_requests/67 #11788 (comment 792941602)
- TOPIC Fix deploy job: https://gitlab.com/gitlab-org/security-products/vet/vet/-/merge_requests/66 #11788 (comment 792943752)
- TOPIC Duplication issue with multiple stencils : https://gitlab.com/gitlab-org/security-products/vet/vet/-/merge_requests/64 #11788 (comment 792946367)
- TOPIC Make parser more robust : https://gitlab.com/gitlab-org/security-products/vet/tree-sitter70cast/-/merge_requests/26 #11788 (comment 792965363)
- TOPIC Eliminate Locking : https://gitlab.com/gitlab-org/security-products/vet/tree-sitter70cast/-/merge_requests/28 #11788 (comment 792966422)
- TOPIC brakeman email FP elimination : https://gitlab.com/gitlab-org/security-products/vet/stencils/-/merge_requests/2 #11788 (comment 792968832)
- TOPIC Adding rule pack synthesis support to semgrep : gitlab-org/security-products/analyzers/semgrep!93 (merged) #11788 (comment 792971439)
- TOPIC Flawfinder integration : gitlab-org/security-products/analyzers/semgrep!74 (merged) #11788 (comment 792973274)
- TOPIC Use updated report format : https://gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/-/merge_requests/19 #11788 (comment 792975572)
- TOPIC Rely on report and ruleset packages directly : https://gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/-/merge_requests/11 #11788 (comment 792976685)
- TOPIC only ingest tracking info in case fingerprints are present : https://gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/-/merge_requests/5 #11788 (comment 792979086)
- TOPIC integration of the tracking calculator : gitlab-org/security-products/analyzers/brakeman!56 (merged) #11788 (comment 792982447)
- TOPIC Maintainership MRs #11788 (comment 867133722)
- TOPIC Initial Import: https://gitlab.com/gitlab-org/secure/vulnerability-research/pocs/post-analyzers/tracking-calculator/-/merge_requests/1 #11788 (comment 874944675)
- TOPIC Go treesitter taggr: https://gitlab.com/gitlab-org/security-products/post-analyzers/tracking-calculator/-/merge_requests/18 #11788 (comment 874949087)
- TOPIC Update to latest go-tree-sitter version: https://gitlab.com/gitlab-org/security-products/vet/tree-sitter70cast/-/merge_requests/23 #11788 (comment 874970544)
- TOPIC Bootstrap command and CastBuilder interface: https://gitlab.com/gitlab-org/secure/vulnerability-research/vet/tree-sitter70cast/-/merge_requests/17 #11788 (comment 874984797)
- TOPIC Install grammar w/ argument: https://gitlab.com/gitlab-org/secure/vulnerability-research/vet/tree-sitter70cast/-/merge_requests/11 #11788 (comment 874986797)
Discoto Settings
---
summary:
max_items: -1
sort_by: created
sort_direction: ascending
See the settings schema for details.