Database Dictionary Audit for Secure:Dynamic Analysis
Recently the database team has started documenting all database tables in db/doc
. As an MVP, we've assigned
each table to a feature category. We attempted to automate this, and then made rough guesses on the ones that
couldn't be automatically identified either using this spreadsheet
or just by guessing based on their name and code references. In order to make sure these are accurate, I'm
asking every team to take a look at the tables associated with their feature categories assoicated with their
stages.
What we need from your team? Look through the list of tables and fix any mistaken labels and update the description field to help folks know what purpose the table serves.
Process (per table)
- Are the feature categories correct?
- Keep in mind that tables can have multiple categories. Look at the list and if there are any other categories it belongs to, add them.
- If a table has no category that seems to be a perfect match, assign it to the closest match. Tables must have at least one feature category.
- If the table is assigned to a feature category for a different group, open a merge request changing the category and assign it to the EM for the group responsible for that category.
- Update the description of the table to give anybody interacting with it context around the purpose and submit a merge request with the information.
- Double check the
milestone
andintroduced_by_url
to see if they are accurate
Tables
-
dast_profiles -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_profiles description has been updated -
dast_profiles milestone
andintroduced_by_url
seem accurate
-
-
dast_sites -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_sites description has been updated -
dast_sites milestone
andintroduced_by_url
seem accurate
-
-
dast_site_profiles_pipelines -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_site_profiles_pipelines description has been updated -
dast_site_profiles_pipelines milestone
andintroduced_by_url
seem accurate
-
-
dast_profiles_pipelines -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_profiles_pipelines description has been updated -
dast_profiles_pipelines milestone
andintroduced_by_url
seem accurate
-
-
dast_site_profile_secret_variables -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_site_profile_secret_variables description has been updated -
dast_site_profile_secret_variables milestone
andintroduced_by_url
seem accurate
-
-
dast_site_tokens -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_site_tokens description has been updated -
dast_site_tokens milestone
andintroduced_by_url
seem accurate
-
-
dast_site_profiles_builds -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_site_profiles_builds description has been updated -
dast_site_profiles_builds milestone
andintroduced_by_url
seem accurate
-
-
dast_profile_schedules -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_profile_schedules description has been updated -
dast_profile_schedules milestone
andintroduced_by_url
seem accurate
-
-
dast_site_validations -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_site_validations description has been updated -
dast_site_validations milestone
andintroduced_by_url
seem accurate
-
-
dast_scanner_profiles_builds -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_scanner_profiles_builds description has been updated -
dast_scanner_profiles_builds milestone
andintroduced_by_url
seem accurate
-
-
dast_scanner_profiles -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_scanner_profiles description has been updated -
dast_scanner_profiles milestone
andintroduced_by_url
seem accurate
-
-
dast_site_profiles -
dynamic_application_security_testing is the correct feature category or has been updated -
dast_site_profiles description has been updated -
dast_site_profiles milestone
andintroduced_by_url
seem accurate
-
-
coverage_fuzzing_corpuses -
code_quality is the correct feature category or has been updated -
coverage_fuzzing_corpuses description has been updated -
coverage_fuzzing_corpuses milestone
andintroduced_by_url
seem accurate
-
Why is this effort happening?
There have been many times that issues occur in production, but the the infrastructure team doesn't have the information it needs to identify subject matter experts who can help resolve things quickly. This in turn can delay the time it takes to find and fix pressing issues.
How much time should we expect to spend on this?
Depends, if the team has a lot of tables, it may take a little bit to get all of the information together. If not, this could be very fast. The descriptions are as much or little as the team wants to add. More information may help folks self service better.
How urgent is this?
The urgency is up to the team. If the tables have poor information or are misassigned, that may cause more burden on the team when answering questions.