### Problem to solve As a member of gitlab-org/gitlab~10690740, I want to know who to interact with to ship code and have more confidence in the types of scrutiny each change has received. ### Proposal - [ ] [Formalize a maintainer program for Secure analyzers](https://gitlab.com/gitlab-org/secure/general/-/issues/52). ### Further details This work builds on the groundwork laid in https://gitlab.com/gitlab-org/gitlab/-/issues/300358. - [x] The proposal for adding a [Maintainers program in Static Analysis](https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests/81120) needs to be finalized. It's out to the team for commentary and contribution. - [x] Maintainers need to be encouraged to self-nominate for the trainee process. - [ ] Trainee maintainers need to be worked through the process and converted into Maintainers for each project owned by Static Analysis. - [x] Add `CODEOWNERS` files to projects-in-product which are owned by ~"group::static analysis" #### Updated roles and permissions - [x] Static Analysis Backend Engineers removed as direct members of https://gitlab.com/gitlab-org/security-products. - [x] https://gitlab.com/gitlab-org/secure/static-analysis-be added as a group to be `Maintainers` for: - [x] https://gitlab.com/gitlab-org/security-products/post-analyzers - [x] https://gitlab.com/gitlab-org/security-products/security-report-schemas - [x] https://gitlab.com/gitlab-org/security-products/ci-templates - [x] https://gitlab.com/gitlab-org/security-products/danger-bot - [x] https://gitlab.com/gitlab-org/security-products/security-product-templates - [x] https://gitlab.com/gitlab-org/security-products/release - [x] https://gitlab.com/gitlab-org/security-products/tests - [x] https://gitlab.com/gitlab-org/security-products/dependencies - [x] https://gitlab.com/gitlab-org/security-products/demos - [x] SAST and Secret Detection analyzers in https://gitlab.com/gitlab-org/security-products/analyzers updates so `Developer+Maintainer` may merge into protected branches. - [x] Trainee Maintainers (as indicated by related issues) added to `CODEOWNERS` files for the projects they indicated. - [x] Verify SAST and Secret Detection projects in https://gitlab.com/gitlab-org/security-products/analyzers are set up to require CODEOWNERS approval prior to merge. - [x] Update week 2 onboarding template so Static Analysis new starters aren't made `Developers` in https://gitlab.com/gitlab-org/security-products.