Blog post: A benchmarking framework for SAST

Triage (REQUIRED)

Please note that there is a different process for when you want to announce something via the blog. Please see announcement requests in the handbook and open an announcement request issue instead of a blog post issue.

Generally speaking, engineering blog posts that are tutorials/how-tos or which share how we built or debugged something, are popular with our audience. If your proposed blog post is aligned with our Attributes of a successful blog post guidelines, you can skip straight to your proposal.

If you are pitching something outside of those guidelines, please fill in the below to help us prioritize. You can check out examples of high- and low-performing blog posts to help with your rationale.

This issue fulfills one of these goals:

  • Drive traffic to our website
  • Convert traffic into leads
  • Thought leadership/share expertise
  • Build relationships with potential customers
  • Drive long-term results (please explain below in your proposal)
  • Announcement
    • Link to announcement request issue (required, see https://about.gitlab.com/handbook/marketing/corporate-marketing/#requests-for-announcements)
  • Cross-functional support
    • Link to OKR (required if this box is checked)

Proposal

Benchmarking helps us make data-driven decisions e.g., when coming up with new features or proof of concepts, as they pertain to the security tool. The framework implemented in the context of the GSoC 2022 project: A benchmarking framework for SAST project helps to assess the impact/quality of a security analyzer or a configuration change before it reaches production.

In this blog post we show the architecture and benchmarking approach implemented in the benchmarking framework.

Roles and Responsibilities

Person Role
@julianthome requestor
@martynaskrupskis editor/first author
@idawson editor
@julianthome editor
@dbolkensteyn editor
@mhenriksen editor
@mark.art editor
@person approver (optional)

Checklist

  • If you have a specific publish date in mind (please allow 3 weeks' lead time)
    • Include it in the issue title and apply the appropriate marketing milestone (e.g. Mktg: 2021-03-28)
    • Give the issue a due date of a minimum of 2 working days prior
    • If your post is likely to be >2,000 words, give a due date of a minimum of 4 working days prior
  • If time sensitive
    • Add ~"Blog: Priority" label and supplied rationale in description
  • If wide-spread customer impacting or sensitive, mention @nwoods to give her a heads up ASAP, apply the sensitive label, and check the PR handbook in case you need to open an announcement request instead of a blog post issue
  • If the post is about one of GitLab's Technology Partners, including integration partners, mention @dpduncan, apply the Partner Marketing label, and see the blog handbook for more on third-party posts
  • If the post is about one of GitLab's customers, mention @FionaOKeeffe, apply the Customer Reference Program label, and see the blog handbook for more on third-party posts
  • Indicate if supporting an event or campaign
  • Indicate if this post requires additional approval from internal or external parties before publishing (please provide details in a comment)

Production

  • Requestor to complete issue template (Triage, Proposal, Roles and Responsibilities, Checklist )
  • Issue sent through triage for consideration (pitch, planning/in progress, review, scheduled)
  • Issue assigned to requestor to draft blog post and open MR
  • MR created and linked to issue - issue is now deprecated in favor of MR and will close once MR is complete
Edited by Julian Thome