2019-12-02 - Triage report for "group::dynamic analysis"
Hi, @matt_wilson @sethgitlab @leipert
This is a group or stage level triage package that aims to summarize the feature proposals and bugs which have not been scheduled or triaged. For more information please refer to the handbook:
Scheduling the workload is a collaborative effort by the Product Managers and Engineering Managers for that group. Please work together to provide a best estimate on priority and milestone assignments. For each issue please:
- Determine if the issue should be closed if it is no longer relevant or a duplicate.
- If it is still relevant please assign either a best estimate versioned milestone, the %Backlog or the %Awaiting further demand milestone.
- Specifically for ~bug, if there is no priority or clarity on a versioned milestone, please add a Priority label. Priority labels have an estimate SLO attached to them and help team members and the wider community understand roughly when it will be considered to be scheduled.
- Once a milestone has been assigned please check off the box for that issue.
- Please work with your team to complete the list by the due date set.
Feature Proposal Section
For the following feature proposals. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.
Unscheduled feature with customer
-
#35573 (closed) Increase ZAP data cache size for DAST or make configurable Category:DAST, customer, devopssecure, feature, groupdynamic analysis
Unscheduled feature (non-customer)
-
#37050 (closed) Add visual indicator if DAST failed to scan a URL Category:DAST, UX, devopssecure, feature, groupdynamic analysis -
#36920 (confidential) ~"(confidential)" -
#36679 (closed) Approach for updating upstream DAST Scanner devopssecure, feature, groupdynamic analysis -
#33906 (closed) API Fuzzing MVC ~"Category:Fuzzing", devopssecure, direction, feature, groupdynamic analysis
Bug Section
For the following bugs. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone and ensure that a priority label is set.
Heatmap for all bugs
Bugs for their priority and severity label are counted here. Every bug should have severity and priority labels applied. Please take a look at the bugs which fall into the columns indicating that the priority or severity labels are currently missing.
| ~S1 | ~S2 | ~S3 | ~S4 | ~"No severity" | |
|---|---|---|---|---|---|
| ~P1 | 0 | 0 | 0 | 0 | 0 |
| ~P2 | 0 | 4 | 0 | 0 | 0 |
| ~P3 | 1 | 0 | 1 | 1 | 0 |
| ~P4 | 0 | 1 | 2 | 5 | 0 |
| ~"No priority" | 0 | 0 | 0 | 0 | 1 |
Unscheduled ~bug with customer
-
#37290 (closed) Auto DevOps: dast_environment_deploy times out Category:DAST, Enterprise Edition, ~"bug", customer, devopssecure, groupdynamic analysis, internal customer, reproduced on GitLab.com
Unscheduled ~bug (non-customer)
-
#35849 (closed) Auto DevOps DAST job shouldn’t be added to the pipeline if dast_environment_deploy job is skipped Category:DAST, ~"P4", ~"S3", backend, ~"bug", creator-pairing, devopssecure, groupdynamic analysis -
#35847 (closed) Security Dashboard is empty if security job fails ~"P4", ~"S3", backend, ~"bug", creator-pairing, devopssecure, groupdynamic analysis, security dashboard -
#35182 (closed) Vulnerabilities reported in the pipeline do not show on the security dashboards ~"P2", ~"S2", backend, ~"bug", devopssecure, groupdynamic analysis, security dashboard
Heatmap for ~missed-SLO bugs
| ~S1 | ~S2 | ~S3 | ~S4 | |
|---|---|---|---|---|
| ~P1 | 0 | 0 | 0 | 0 |
| ~P2 | 0 | 1 | 0 | 0 |
| ~P3 | 0 | 0 | 0 | 0 |
| ~P4 | 0 | 1 | 0 | 0 |
This is a group level triage package that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook: