Dogfooding: enable GitLab Secure feature categories on Static Analysis dependencies
Problem to solve
As a GitLab Backend Engineer in groupstatic analysis, I want to know what security vulnerabilities may be lurking within the OSS projects we rely upon.
Proposal
-
Enumerate all the dependencies in Static Analysis projects. -
Fork identified projects into GitLab. -
Enable AutoDevops on the projects. -
Write up go/no-go policy for accepting updated dependency into GitLab analyzer.
Further details
Edited by Thomas Woodham