Create 'Secure:Secret Detection' group
This MR officially establishes a separate group called Secure:Secret Detection. (We are keeping the Secure:Static Analysis group.) These are currently "sub-teams" that are managed by different EMs and have disjoint sets of engineering ICs.
This group will maintain the following categories:
- Secret Detection (priority investment area)
- Code Quality (not being invested in at this time)
The reasons to reflect this in the group hierarchy (rather than a single group with sub-teams or another structure) include the fact that:
- In GitLab's organizational structure, Groups have responsibility for Categories.
- The boundary between the separate groups matches with Category lines. (That is, splitting Categories does not yield a muddled boundary where a single group would help deconflict.)
- Field and Support team members use groups (and associated PMs, EMs, and others) as a way to determine where and how to escalate customer issues.
- We are making significant investments in Secret Detection and will continue to staff a group to support Secret Detection's expanded scope.
This MR intentionally leaves the existing Static Analysis group unchanged (except for moving its SD and CQ categories to the new group). The Static Analysis group will maintain the following categories:
- SAST (priority investment)
- IAC Scanning (not an investment focus at this time; also not an official category yet)
This is because it is most important and time-sensitive to officially reflect the fact that a separate group of team members now handles Secret Detection and Code Quality. Any future changes to the Static Analysis group can be handled separately.
Note: Group name
It is a bit of a challenge to come up with a group name that is simultaneously clear, correct, and concise. Because Secret Detection is a significantly higher priority for the group, it made sense to use a name that reflected this. Similar, more generic names like "Code Analysis" are vague, and "Static Analysis" is both already taken and more broad than SD+CQ.
Approvals
Merge requests with changes to stages and groups and significant changes to categories need to be created, approved, and/or merged by each of the below:
-
Chief Product Officer @david (post MR link in chief-product-officer once all others have approved) -
PLT Leader relevant to the affected Section(s) @hbenson -
The Product Director relevant to the affected Section(s): @sarahwaldner -
The Engineering Director relevant to the affected Section(s): @wayne -
Director of Product Design: @vkarnes
Note:_ Chief Product Officer approval should be requested once all other approvals have been completed. To request approval, post the MR link in the #chief-product-officer channel tagging @david and cc'ing @Gena Schwam._
The following people need to be on the merge request so they stay informed:
-
Chief Technology Officer @sabrinafarmer -
Development Leader relevant to the affected Section(s) @bmarnane -
VP of Infrastructure & Quality Engineering @meks -
VP of UX @david (Acting VP of UX leader) -
Director of Technical Writing @susantacker -
Engineering Productivity (by @ mentioning @gl-quality/eng-prod) -
The Product Marketing Manager relevant to the stage group(s) (recent personnel change; mentioning @dsteer)
After Approvals and Merge
-
Create an issue in the gitlab-org/quality/triage-opsproject to update GitLab Bot automation:- Issue: New group: "Secure:Secret Detection" (gitlab-org/quality/triage-ops#1494 - closed)
- for Category change
- for Stage or Group change
- If label migration is required, please follow the self-serve instructions to get started on a one-off label migration MR
-
Open an MR in the gitlab-org/gitlabproject to update any reference of the previous group label to the new one -
Mention the product group Technical Writer to update the documentation metadata -
Share MR in #product,#development, and relevant#s_,#g_, and#f_Slack channels