From be69fb53ed48eb25ed6c0b4568fb8815474f8657 Mon Sep 17 00:00:00 2001
From: Olivier Gonzalez <52092-gonzoyumo@users.noreply.gitlab.com>
Date: Thu, 4 Mar 2021 14:51:01 +0000
Subject: [PATCH] Add Infradev triaging to CA reaction rotation

---
 .../development/secure/composition-analysis/index.html.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sites/handbook/source/handbook/engineering/development/secure/composition-analysis/index.html.md b/sites/handbook/source/handbook/engineering/development/secure/composition-analysis/index.html.md
index a355ec2080cc3..10e7e1f9c318d 100644
--- a/sites/handbook/source/handbook/engineering/development/secure/composition-analysis/index.html.md
+++ b/sites/handbook/source/handbook/engineering/development/secure/composition-analysis/index.html.md
@@ -52,6 +52,7 @@ There is no formal designation process yet, volunteers are welcome and rotation
 1. Triage vulnerabilities reported on the projects we maintain and help resolving them depending on their priority. (See [Security vulnerabilities triaging process](#security-vulnerabilities-triaging-process))
 1. Triage and work with community contributors to help drive their MRs to completion. (See [Community contributions triaging process](#community-contributions-triaging-process))
 1. Triage bugs and resolve them when given `~priority::1`. (See [Bugs triaging process](#bugs-triaging-process))
+1. Triage infradev issues and resolve them when given `~priority::1`. (See [Infradev triaging process](#infradev-triaging-process))
 
 These items must be triaged continuously throughout the month which means they must be checked multiple times a week.
 
@@ -99,6 +100,13 @@ If immediate feedback is required, then add a comment to the vulnerability issue
 1. Leverage the [Bug scrub issues board](https://gitlab.com/groups/gitlab-org/-/boards/1077546?scope=all&utf8=%E2%9C%93&label_name[]=bug&label_name[]=devops%3A%3Asecure&label_name[]=group%3A%3Acomposition%20analysis).
 1. For each open issue that has no Priority label ("Open" column), shortly investigate the bug (< 1h) and comment with your findings. Ideally you'd suggest Priority and Severity levels to guide PM decision.
 
+### Infradev triaging process
+
+1. Leverage the [Infra/Dev issues board](https://gitlab.com/groups/gitlab-org/-/boards/1193197?scope=all&utf8=%E2%9C%93&label_name[]=infradev&label_name[]=section%3A%3Asec) for Sec section. We target the whole section on purpose to cover a larger area and stay aware of other group's issues that could also affect us.
+1. For each open issue that has no Priority label ("Open" column), shortly investigate the issue (< 1h) and comment with your findings. Make sure correct stage and group label are applied. 
+
+Please refer to our [infradev process](https://about.gitlab.com/handbook/engineering/workflow/#infradev) for more details.
+
 ### Tech-debt and tooling triaging process
 
 To help our Product Manager decide which tech-debt and tooling issues to include in the upcoming milestone, the engineering teams assign them a [priority label](https://about.gitlab.com/handbook/engineering/quality/issue-triage/#priority).
-- 
GitLab