Consolidate Sec Section Feature Development docs into docs.gitlab.com/ee/development
Proposal
Across the sectionsec we don’t distinguish very clearly between development docs and workflow docs, splitting across project READMEs and assorted handbook content. Further for SAST/SCA, the discoverability of our docs in analyzers/common and tests/common seems quite poor IMO. What do folks think about shifting our development docs towards the contribution docs instead?
IMO the handbook feels closer to internal docs. Moving to docs.gitlab.com has various benefits:
- Single place for development guidelines and testing paradigms
- Improves Community Contributors understanding of current testing guides and workflows, potentially increasing contributions
- Focuses handbook technical documentation around internal guidance only
Opportunity
docs.gitlab.com is the home for our user-facing documentation around user interactions with GitLab, administration of gitLab, and active development of GitLab. We have good and comprehensive usage documentation currently (under doc/users/application_security/**
), some administrative guidance (doc/administration
), and integration docs (doc/integration/secure.md
). We are currently missing a single place to join documentation on the development of our sectionsec features including analyzers. This should probably live within doc/development
.
This documentation is currently spread across various individual repositories and a lot of documentation has been living within our handbook as team pages, such as this this section on Developing analyzers. This has low discoverability and fuzzy boundaries on whether it contributes to our individual team's workflows or generic development. To clarify standards and improve contributions we should move all generic development docs to docs.gitlab.com's doc/development
section.
Sec Analyzer Feature Development section
Proposal to add a new-
Technical Documentation | !94406 (merged) -
Glossary of terms (Terminology) -
How to use analyzers | !100321 (merged) -
Analyzer development | !100321 (merged) -
Testing local changes | !100321 (merged) -
Versioning and Release Process - [-]
Development of new analyzers -
How to use test projects -
FIPS verification -
Generating vulnerability test data