Threat Insights 15.5 Planning

Narrative

If I had to summarize in one word what %15.5 means for our team, it would be "transition". There are several aspects of this transition:

• We've restructured into two full-stack teams: Threat InsightsNavy and Threat InsightsTangerine.
• We are now part of the new Govern stage.
• We are welcoming some new-to-our-team faces joining us from Protect.
• We now have a second category, Dependency Management.

"Change" could also describe what we are and will experience. I chose the word transition deliberately as I think this conveys a slower, more deliberate long-term journey from where things were at the beginning of 15.4 to where they will end up several milestones from now. I also see change as implying the differences will be more immediate and abrupt. I do not intend for this to be the case. I also will need some time to figure out all the implications of our new working structure as well as ramp up on our new Dependency Management category. To that end, %15.5 is not going to deviate much from %15.4. I hope we can all use this milestone to adjust to our new structure and scope while continuing to focus on the key improvements we have been.

Important links

typefeature focus

• Category:Vulnerability Management : Integrate developer security training 2.0
• Category:Dependency Management : Continuous vulnerability scans

typemaintenance focus

• Category:Vulnerability Management : Deprecate and remove Vulnerabilities::Feedback
• Category:Vulnerability Management : Migrate Pipeline Security Tab to GraphQL
• Category:Vulnerability Management : Vulnerability Management DDL to replace raw JSON in the DB (raw_metadata)
• Category:Vulnerability Management : MR Widget v2 framework

typebug focus

severity2 / priority2 :

• Category:Vulnerability Management : securityReportFindings GraphQL resolver is unable to retrieve scanners
• Category:Vulnerability Management : GraphQL SecurityScanners incorrectly showing as disabled
• Category:Vulnerability Management : Unexpectedly low vulnerabilities count in group-level Security Dashboard on specific days

severity3 / priority2 :

• Category:Vulnerability Management : Some vulnerability reports last updated value not being updated after scans
• Category:Vulnerability Management : Gitlab GraphQL API search returns 'Internal server error' when searching for Group Vulnerabilities filtered by multiple scanners

severity3 / priority3 :

• Category:Vulnerability Management : Security report shows findings in pipeline security tab but vulnerabilities are not created
• Category:Vulnerability Management : ActionView::Template::Error: undefined method `project_vulnerability_url' for #ActionView::Base:0x00000010908570
• Category:Vulnerability Management : Merge Request does not show security scan report

Extra

Team Navy Kanban Board - easier to pick up, non-project tasks: Bugs, orphaned issues/enhancements, MR follow-ups