Skip to content

Proposal: release security report schemas version 15-0-0

Context

Changes targeting version 15-0-0 of the security-report-schemas have been made in a protected v15_wip branch (i.e. no direct commits or force pushes) and there's a merge request for it: Build and Release MODEL version 15.0.0 (gitlab-org/security-products/security-report-schemas!100 - merged).

All the changes present in that MR have already been through review + maintainer review, so they're ready to be merged.

Proposal

Release version 15-0-0 of the security-report-schemas as part of GitLab %15.4.

[Feature flag] Cleanup enforce_security_report_... (#355628 - closed) is scheduled for %15.3 and, from there on, the feature flag to disable schema validation enforcement is no longer available. Releasing in %15.4 gives everyone one extra milestone to make changes and release 14-x-x before changes can only be made to 15-x-x.

NB: the previous versions of the schema, 14-x-x, will continue to be accepted until such a time when we agree to deprecate and remove them; see TBD.

Details

If this proposal is accepted, a new issue to do the actual release must be written.

Optionally, we may choose to cut a "release candidate" (i.e." 15.0.0-rc1) that will be tagged on the existing v15_wip branch and manually copied/allowed in the gitlab-org/gitlab rails application. This allows teams to be early adopters of the new model. If we choose to do this, a separate issue should be created.

Impact to integrations

As explained in the v15 MR:

(...) there is no defined process to to iterate on previous MODEL releases when a new MODEL release is out. By merging this MR, we'll be agreeing that unless there are exceptional circumstances there will be no changes made to the 14-x-x schema.

Given the above, once 15-0-0 is released, all integrations should adopt the new model schema version as soon as possible, even if the 14-x-x schemas aren't being deprecated yet.

/cc @matt_wilson @sam.white @derekferguson @NicoleSchwartz @connorgilbert @minac @cam_swords @theoretick @julianthome @idawson @fcatteau @mparuszewski