Secure group issues requiring attention
Heat map for bugs:
| ~S1 | ~S2 | ~S3 | ~S4 | |
|---|---|---|---|---|
| ~P1 | 2 | 1 | 0 | 0 |
| ~P2 | 0 | 4 | 8 | 0 |
| ~P3 | 0 | 0 | 8 | 0 |
| ~P4 | 0 | 0 | 0 | 23 |
Hi @kencjohnston,
Here is a list of feature proposals without a milestone.
We would like to ask you to determine whether this issue should be scheduled or closed. For each issue please:
- Close the issue out if it is no longer relevant or a duplicate.
- Assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.
For the issues triaged please check off the box in front of the given issue.
Please work with your team to complete the list this week.
-
#12811 (closed) Allow to configure pip version in Dependency Scanning ~"Secure", ~"Secure::Software Composition Analysis", backend, ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12752 (closed) SAST for Kubernetes manifests ~"Secure", devopssecure, feature, groupstatic analysis, ~"sast" -
#12738 (closed) blacklist and whitelist licenses across an entire instance ~"Secure", Secure UXCompliance & Auditing, devopssecure, feature, groupstatic analysis -
#12728 (closed) Support air-gapped (offline) DAST for on-prem instances ~"Secure", ~"Secure::Static and Dynamic Analysis", ~"dast", devopssecure, feature, groupdynamic analysis -
#12727 (closed) Support air-gapped (offline) License Compliance for on-prem instances ~"Secure", ~"Secure::Software Composition Analysis", devopssecure, feature, ~"group::software composition analysis", ~"license management" -
#12726 (closed) Support air-gapped (offline) Dependency Scanning for on-prem instances ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12713 (closed) Add Dependency Scanning information to the Dependency List API ~"Secure", ~"Secure::Software Composition Analysis", dependency list, ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12685 (closed) License management settings: user awareness if setup configuration is not complete ~"Secure", Secure UXCompliance & Auditing, ~"Secure::Software Composition Analysis", UX, auto updated, devopssecure, feature, ~"group::software composition analysis", ~"license management" -
#12543 (closed) Provide generic analyzer for custom security scans ~"Secure", ~"dependency scanning", devopssecure, feature, ~"sast" -
#12394 (closed) Add yarn audit wrapper to Dependency Scanning ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12390 (closed) Support package manager sbt in dependency scanning ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12319 (closed) Synchronize gemnasium-db with CVE Details ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12318 (closed) Synchronize gemnasium-db with Victims CVE DB ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12317 (closed) Synchronize gemnasium-db with PHP Security Advisories DB ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis" -
#12316 (closed) Synchronize gemnasium-db with NVD ~"Secure", ~"Secure::Software Composition Analysis", ~"dependency scanning", devopssecure, feature, ~"group::software composition analysis"
This is a group level triage package that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook:
Edited by Nicole Schwartz