Secure group issues requiring attention
Hi @kencjohnston,
Here is a list of feature proposals without a milestone.
We would like to ask you to determine whether this issue should be scheduled or closed. For each issue please:
- Close the issue out if it is no longer relevant or a duplicate.
- Assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.
For the issues triaged please check off the box in front of the given issue.
Please work with your team to complete the list this week.
-
#12319 (closed) Synchronize gemnasium-db with CVE Details ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12318 (closed) Synchronize gemnasium-db with Victims CVE DB ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12317 (closed) Synchronize gemnasium-db with PHP Security Advisories DB ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12316 (closed) Synchronize gemnasium-db with NVD ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12315 (closed) Synchronize gemnasium-db with oss-security mailing list ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12253 (closed) Enable automatic retries in Secure test projects ~"Secure", devopssecure, feature -
#12190 (closed) Show warning when the Dependency List is not up-to-date ~"Secure", ~"Secure::Software Composition Analysis", UX, backend, ~"dependency scanning", devopssecure, feature, frontend, ~"group::software composition analysis" -
#12140 (closed) Add Access Token auth to Gemnasium API ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12087 Dependency List: Show when a component is out of date ~"Secure", ~"Secure::Software Composition Analysis", dependency list, ~"dependency scanning", devopssecure, feature -
#12012 (closed) Pipfile.lock support for License Management ~"Secure", ~"Secure::Software Composition Analysis", devopssecure, feature, ~"license management" -
#11947 (closed) Add Trivy as an option for Container Scanning ~"Secure", ~"Secure::Software Composition Analysis", ~"auto devops", feature -
#11849 (closed) Preview, check advisory in Gemnasium without being an admin ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature -
#11166 (closed) Add support for MAVEN_CLI_OPTS for dependency scanning ~"Accepting merge requests", ~"Secure", ~"Secure::Software Composition Analysis", customer, ~"dependency scanning", devopssecure, feature -
#6858 (closed) Dependency scanning should not run maven tests ~"Secure", customer, ~"dependency scanning", feature
We're only listing 15 issues here, and here's the heat map for the full distribution:
| ~S1 | ~S2 | ~S3 | ~S4 | ~"No severity" | |
|---|---|---|---|---|---|
| ~P1 | 0 | 0 | 0 | 0 | 0 |
| ~P2 | 0 | 0 | 0 | 0 | 0 |
| ~P3 | 0 | 0 | 0 | 0 | 0 |
| ~P4 | 0 | 0 | 0 | 0 | 0 |
| ~"No priority" | 0 | 0 | 0 | 0 | 14 |
Dear @twoodham,
Here is a list of bugs without severity and priority for the team.
We would like to ask you to work with your team to triage the issues in this list. For each issue please:
- Close the issue if it is no longer relevant or a duplicate.
- Assign a Priority and a Severity Label.
- Assign either a versioned milestone or to the %Backlog milestone.
The definition of these labels are defined at:
- Priority Labels (~P1 / ~P2 / ~P3 / ~P4)
- Severity Labels (~S1 / ~S2 / ~S3 / ~S4)
For the issues triaged please check off the box in front of the given issue.
Please work with your team to complete the list this week.
-
#12311 (closed) DAST: Additional arguments for ZAP are ignored ~"Secure", ~"Secure::Static and Dynamic Analysis", ~"bug", devopssecure
We're only listing 15 issues here, and here's the heat map for the full distribution:
| ~S1 | ~S2 | ~S3 | ~S4 | ~"No severity" | |
|---|---|---|---|---|---|
| ~P1 | 0 | 0 | 0 | 0 | 0 |
| ~P2 | 0 | 0 | 0 | 0 | 0 |
| ~P3 | 0 | 0 | 0 | 0 | 0 |
| ~P4 | 0 | 0 | 0 | 0 | 0 |
| ~"No priority" | 0 | 0 | 0 | 0 | 1 |
This is a group level triage package that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook: