Static Analysis Async MoSCoW 15.3

As inspired by #356612 (closed) this is an attempt at a minimal asynchronous process for backlog refinement. This first time we will be focusing on typemaintenance since they require narrower breadth than typefeature

In reality, typebug would likely be easier given the stricter definition of the problem domain, but perhaps we can do that next time

The goal is to determine what should be closed out of backlog. This is not an attempt to weight issues which comes later after we determine whether they are even worth doing.

Rules

MoSCoW rating: (Must, Should, Could, Wont, ?, or Elsewhere).

Extra ratings:

? - I don't understand what this is or have an opinion (more explicit than an empty cell)
Elsewhere - means to send elsewhere in the event we determine this to belong to another team.

Participation is optional: as long as one person has started we can use an aggregate
Each team member adds MoSCoW Rating
[optionally] each team member opens new discoto thread if any issue requires discussion
Open for 1 week
After 1 week, @theoretick will compile ratings into overall column. He may take liberties with discrepancies but advertise back here in case others wish to contest
@amarpatel as DRI for typemaintenance will determine whether to accept overall rating or override (in the future this will be more cross-functional depending on workflow types)

The cutoff for whether to close out "Should"s vs "Could"s vs "Wont"s is TBD.

Review

Currently populated with Development department members, but if others wish to participate, please feel free to add column!

This list is generated via created_at ASC list of SAST type::maintenance

issue	overall	@theoretick	@rossfuhrman	@zrice	@vbhat161	@jamesliu-gitlab
Increase test coverage for spotbugs (#214982 - closed)	W	W	W	W	W	W
Clean-up temporary Docker images in Security Pr... (#215030 - closed)	S	S	C	S	C	S
CodeQuality data is exposed in MergeRequestWidg... (#229383 - closed)	C	C	C	?	?	?
Pin Static Analysis analyzers and tools to the ... (#232660 - closed)	W	W	C	W	W	?
SAST & Secret Detection testing & Azure compati... (#235623 - closed)	C	W	C	C	C	?
Add allowlist rule for secrets analyzer project (#241535 - closed)	C	C	C	C	C	?
Increase test coverage for eslint (#254681 - closed)	W	W	W	W	W	W
Increase test coverage for nodejs-scan (#254683 - closed)	W	W	W	W	W	W
Increase test coverage for flawfinder (#254684 - closed)	W	W	W	W	W	W
Increase test coverage for sobelow (#254691 - closed)	W	W	W	W	W	W
Increase test coverage for pmd-apex (#254694 - closed)	W	W	W	W	W	W
Add unit tests for MobSF Analyzer (#259833 - closed)	C	W	C	C	W	C
Secret Detection: Update tests to use `SAST_ANA... (#254971)	S	S	S	S	M	M
Move inline SAST Analyzer testdata into files (#267013 - closed)	C	C	C	C	C	S
Add retry to Secure danger-review jobs (#267349 - closed)	S	C	M	S	C	M
Update SAST Analyzers' Default MR description t... (#277142 - closed)	S	S	C	S	C	M
Decouple kubesec analyzer from kubsec docker im... (#294322 - closed)	M	C	S	M	C	M
Standardize analyzer images with overridable GO... (#277401 - closed)	C	C	C	C	C	C
Better logging for multi-project scans (#292812 - closed)	S	S	S	S	M	M
Consider refactoring secure analyzer ruleset pa... (#297249 - closed)	C	C	E(C)	W	?	?
https://gitlab.com/gitlab-org/gitlab/-/issues/301062+	C	C	C	C	S	?
Rename the code_quality job to code-quality (#324127 - closed)	W	W	W	W	W	W
Add MobSF downstream QA test for custom ruleset... (#330673 - closed)	W	W	W	C	W	W

Auto-Summary 🤖

Discoto Usage

Points

Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive) point:. For example, the following are all valid points:

#### POINT: This is a point

* point: This is a point

+ Point: This is a point

- pOINT: This is a point

point: This is a **point**

Note that any markdown used in the point text will also be propagated into the topic summaries.

Topics

Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.

Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive) topic:. For example, the following are all valid topics:

# Topic: Inline discussion topic 1

## TOPIC: **{+A Green, bolded topic+}**

### tOpIc: Another topic

Quick Actions

Action Description

/discuss sub-topic TITLE Create an issue for a sub-topic. Does not work in epics

/discuss link ISSUABLE-LINK Link an issuable as a child of this discussion

Action	Description
`/discuss sub-topic TITLE`	Create an issue for a sub-topic. Does not work in epics
`/discuss link ISSUABLE-LINK`	Link an issuable as a child of this discussion

Last updated by this job

TOPIC "Increase test coverage **" #368540 (comment 1034622607)
TOPIC Add MobSF downstream QA test for custom ruleset... (#330673 - closed) #368540 (comment 1034624061)
TOPIC Standardize analyzer images with overridable GO... (#277401 (closed)) #368540 (comment 1034917502)
TOPIC Consider refactoring secure analyzer ruleset package on top of report package #297249 (closed) #368540 (comment 1035834184)
TOPIC What do yall think of Async MoSCoW? #368540 (comment 1035836815)
TOPIC CodeQuality data is exposed in MergeRequestWidget (#229383 (closed)) #368540 (comment 1037949525)
TOPIC SAST & Secret Detection testing & Azure compatibility (#235623 (closed)) #368540 (comment 1037964046)

Discoto Settings

---
summary:
  max_items: -1
  sort_by: created
  sort_direction: ascending

See the settings schema for details.

Edited Jul 28, 2022 by Lucas Charles