Secure group issues requiring attention
Hi @kencjohnston,
Here is a list of feature proposals without a milestone.
We would like to ask you to determine whether this issue should be scheduled or closed. For each issue please:
- Close the issue out if it is no longer relevant or a duplicate.
- Assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.
For the issues triaged please check off the box in front of the given issue.
Please work with your team to complete the list this week.
-
#12190 (closed) Show warning when the Dependency List is not up-to-date ~"Secure", ~"Secure::Software Composition Analysis", UX, backend, ~"dependency scanning", devopssecure, feature, frontend -
#12140 (closed) Add Access Token auth to Gemnasium API ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12087 Dependency List: Show when a component is out of date ~"Secure", ~"Secure::Software Composition Analysis", ~"bill of materials", ~"dependency scanning", devopssecure, feature -
#12012 (closed) Pipfile.lock support for License Management ~"Secure", ~"Secure::Software Composition Analysis", devopssecure, feature, ~"license management" -
#11947 (closed) Add Trivy as an option for Container Scanning ~"Secure", ~"Secure::Software Composition Analysis", ~"auto devops", feature -
#11853 (closed) Configuring DAST to use PKI certs through an API ~"Secure", ~"Secure::Static and Dynamic Analysis", ~"dast", devopssecure, feature -
#11849 (closed) Preview, check advisory in Gemnasium without being an admin ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature -
#11166 (closed) Add support for MAVEN_CLI_OPTS for dependency scanning ~"Accepting merge requests", ~"Secure", ~"Secure::Software Composition Analysis", customer, ~"dependency scanning", devopssecure, feature -
#8428 (closed) License Management ignores pip configurations with private servers ~"Secure", ~"Secure::Software Composition Analysis", blocked, devopssecure, feature, ~"license management", upstream deps
Hi @leipert,
Here is a list of frontend bugs without severity and priority for the team.
We would like to ask you to work with your team to triage the issues in this list. For each issue please:
- Close the issue if it is no longer relevant or a duplicate.
- Assign a Priority and a Severity Label.
- Assign either a versioned milestone or to the %Backlog milestone.
The definition of these labels are defined at:
- Priority Labels (~P1 / ~P2 / ~P3 / ~P4)
- Severity Labels (~S1 / ~S2 / ~S3 / ~S4)
For the issues triaged please check off the box in front of the given issue.
Please work with your team to complete the list this week.
-
#5438 (closed) Sast report in CI View: Tab only appears after job has successfully run ~"Secure", ~"Secure::Static and Dynamic Analysis", UX, backend, ~"bug", devopssecure, frontend
Dear @twoodham,
Here is a list of bugs without severity and priority for the team.
We would like to ask you to work with your team to triage the issues in this list. For each issue please:
- Close the issue if it is no longer relevant or a duplicate.
- Assign a Priority and a Severity Label.
- Assign either a versioned milestone or to the %Backlog milestone.
The definition of these labels are defined at:
- Priority Labels (~P1 / ~P2 / ~P3 / ~P4)
- Severity Labels (~S1 / ~S2 / ~S3 / ~S4)
For the issues triaged please check off the box in front of the given issue.
Please work with your team to complete the list this week.
-
#12162 (closed) Dependency List contains duplicates (npm project) ~"Secure", ~"Secure::Software Composition Analysis", ~"bug", ~"dependency scanning" -
#12017 (closed) Security Report parser failure - Missing locationattribute in dependency scanning vulnerability ~"Secure", ~"Secure::Software Composition Analysis", ~"bug", ~"group::software composition analysis" -
#12021 (closed) Dependency Scanning analysis is taking too much time on CE/EE ~"Secure", ~"Secure::Software Composition Analysis", ~"bug", ~"dependency scanning", devopssecure, ~"performance"
This is a group level triage package that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook: