Trainee Secure Analyzer Maintainer: Vishwa Bhat
Basic setup
-
Change this issue title to include your name, project, and maintainer type: Trainee Secure Analyzer Maintainer: [full name] [project type]
. -
Indicate your selected analyzer projects (limit to 1 subgroup per trainee issue): -
Static Analysis analyzer projects -
analyzers/brakeman
-
analyzers/flawfinder
| gitlab-org/security-products/analyzers/flawfinder!102 (merged) -
analyzers/kubesec
-
analyzers/mobsf
-
analyzers/nodejs-scan
-
analyzers/phpcs-security-audit
-
analyzers/pmd-apex
-
analyzers/secrets
-
analyzers/security-code-scan
-
analyzers/semgrep
| gitlab-org/security-products/analyzers/semgrep!281 (merged) -
analyzers/sobelow
-
analyzers/kics
-
analyzers/spotbugs
| gitlab-org/security-products/analyzers/spotbugs!173 (merged)
- Shared common projects
-
analyzers/command
-
analyzers/report
-
analyzers/ruleset
-
- Post-Analyzer projects
-
post-analyzers/tracking-calculator
-
-
-
-
Read the code review page in the handbook -
Understand how to become a maintainer -
Understand our Secure Team standards and style guidelines -
Understand our Secure Release Process -
Understand our Secure QA Process -
Create a merge request updating your team member entry) adding yourself as a trainee maintainer -
Ask your manager to set up a check in on this issue every six weeks or so.
Working towards becoming a maintainer
There is no checklist here, only guidelines. Remember that there is no specific timeline on this.
Your reviews should aim to cover maintainer responsibilities as well as reviewer responsibilities. Your approval means you think it is ready to merge.
After each MR is merged or closed, add a discussion to this issue using this template:
### (Merge request title): (Merge request URL)
During review:
- (List anything of note, or a quick summary. "I suggested/identified/noted...")
Post-review:
- (List anything of note, or a quick summary. "I missed..." or "Merged as-is")
(Maintainer who reviewed this merge request) Please add feedback, and compare
this review to the average maintainer review.
Tip: There are tools available to assist with this task.
When you're ready to make it official
When reviews have accumulated, and recent reviews consistently fulfill maintainer responsibilities, any maintainer can take the next step. The trainee should also feel free to discuss their progress with their manager or any maintainer at any time.
-
Create a merge request for CODEOWNERS
for the relevant project, adding yourself accordingly, and ask a maintainer to review it. -
Create a merge request updating your team member entry proposing yourself as a maintainer and assign to your manager. -
Keep reviewing, start merging 🤘 -
Keep reviewing, and helping with merge requests! 🎉
Edited by Vishwa Bhat