Sign in or sign up before continuing. Don't have an account yet? Register now to get started.

14.6 Planning - Static Analysis

🔒 Secure, Static Analysis - Kickoff Videos

Assess your applications and services by scanning your source code for vulnerabilities and weaknesses.

devopssecure groupstatic analysis @gitlab-org/secure/static-analysis-be

Category	Direction	Maturity	Priority
Category:SAST	Epic / Strategy	maturitycomplete	~P1
Category:Secret Detection	Epic / Strategy	maturityviable	~P2
Category:Code Quality	[TBD / Strategy	maturityminimal	~P3

Themes

🔍 Secret Improvements

New GitLeaks version (massive speed improvements) and new detection rules

Issues included:
- #345770 (closed)
DRI: @zrice

📐 Custom Rulesets improvements

Prioritized scope is being discussed in #345171 (comment 728751807).

Current epic encapsulating work: &4179
DRI: @dsearles
Engineering team: @dsearles, @rossfuhrman

⏸ Monthly Analyzer Updates Issue ⚙

We have over a dozen analyzers that need to be maintained, these analyzers are checked and updated every month.

General Updates
Engineering team: @gitlab-org/secure/static-analysis-be

Outcomes

Release Post Candidates

https://gitlab.com/gitlab-com/www-gitlab-com/-/merge_requests?scope=all&utf8=%E2%9C%93&state=all&label_name[]=group%3A%3Astatic%20analysis&label_name[]=release%20post%20item&milestone_title=14.6

Feedback

14.6 retrospective issue

Helpful Links 🔗

How we work
Slack channel: #g_secure-static-analysis
Static Group UX issues
Issue boards - overview of all workflow stages
- Delivery Workflow Board - focused on development
- Planning Board - focused on pre-development
Static Analysis Metrics
- Official Secure & Defend Performance Indicators
- Unofficial Static Analysis Usage Dashboard
SAST Analyzer job performance metrics
14.6 release issue

Edited Nov 16, 2021 by Thomas Woodham