Govern: Security Policies 16.5 Planning
Previous planning issue: Govern: Security Policies 16.4 Planning (#422580 - closed)
Narrative
In %16.4 we delivered Allow users to define branch exceptions to enfo... (&9567 - closed) and started working on new Epics Prevent branch modification when a policy disab... (&9705 - closed) and Allow users to enforce MR approvals as a compli... (&9696 - closed). Great work!
In %16.5 we want to continue our work around Prevent branch modification when a policy disab... (&9705 - closed) and Allow users to enforce MR approvals as a compli... (&9696 - closed) and start developing Allow compliance teams to prevent pushing and f... (&9706 - closed). These are important functionalities that allow us to expand our offering to allow compliance enforcement with Security Policies (Allow compliance enforcement of security policies (&9704 - closed)).
We want to continue our work around Pipeline Execution Action (Custom CI YAML Suppo... (&7312 - closed), as it is crucial to release a working solution before %16.7 to allow users to adapt to new functionality before deprecating Compliance Pipelines.
With slightly lower priority and when the capacity of our team would allow this, we would like also to:
- work on the Spike around Enforce SEP variables with the highest precedence (#424028 - closed),
- prepare changes for Exclude packages from Merge Request Approval Po... (&10203),
- investigate how to close gap between MR Security Widget and Scan Result Policies approvals in Improve how AppSec teams handle vulnerability m... (&11020)
Additionally, as we do in every release, we want to solve bugs to improve the UX of Security Policies features and ensure they are working correctly. We see more and more interest in using features from our group, so we need to ensure Scan Execution and Scan Result policies are working as expected.
We want to take care of Epics for future milestones to create implementation issues for them:
- Security Policy Scopes (&5510 - closed),
- Pipeline Execution Action (Custom CI YAML Suppo... (&7312 - closed)
We also want to improve our documentation with ...
Epics
To finalize and close
- Prevent branch modification when a policy disab... (&9705 - closed)
- Allow users to enforce MR approvals as a compli... (&9696 - closed)
To work on
To prepare implementation issues and refine
- Security Policy Scopes (&5510 - closed)
- Pipeline Execution Action (Custom CI YAML Suppo... (&7312 - closed)
Spikes
- Spike: Investigate possible solution to enforce... (#424470 - closed)
- [Spike] Close gap between MR security widget an... (#416942 - closed)
typefeature / typemaintenance backend focus
- Generate approval notification when no scanners... (#417598 - closed) • Andy Schoenen • 16.7 • On track (Deliverable)
- Prevent deletion of protected branches via secu... (#420728 - closed) • Sashi Kumar Kumaresan • 16.5 • On track (Deliverable)
- [Spike] Close gap between MR security widget an... (#416942 - closed) • Sashi Kumar Kumaresan • 16.5 • At risk (Deliverable)
- BE: Prevent changes in group-level protected br... (#420724 - closed) • Marcos Rocha • 16.9 • On track (Deliverable)
- Allow remote CI configuration files for securit... (#424485 - closed) • Andy Schoenen • 16.6 • On track (Deliverable)
- BE: Support component filtering options for Sca... (#424526) • Marcos Rocha • 17.4 • At risk (Deliverable)
- Backfill security policy bot users (#414376 - closed) • Andy Schoenen • 16.8 • On track (Deliverable)
- [Spike] Investigate efficient logic for scan re... (#410039 - closed) • Sashi Kumar Kumaresan • 16.5 • At risk (Deliverable)
- Spike: Make sure security policy compliance pip... (#424488 - closed) • Andy Schoenen • 16.9 • On track (Deliverable)
- Remove index index_vulnerabilities_on_detected_... (#417265) • Unassigned • 17.5 (Stretch)
- Add metrics for Compliance Group (#416918 - closed) • Andy Schoenen • 16.7 (Stretch)
- Spike: Investigate security policy usage by typ... (#416137) • Unassigned • Backlog (Stretch)
- Avoid rejecting additional attributes consisten... (#415217 - closed) • Andy Schoenen • 16.5 (Stretch)
- Spike: introduce versioning for security policy... (#424568) • Unassigned • Backlog (Stretch)
- Follow-up from "Remove transaction in ProcessSc... (#408745) • Unassigned • Backlog (Stretch)
- Add e2e test to ensure policies appear in setti... (#423454 - closed) • Marcos Rocha • 16.7 (Stretch)
- BE: Update policy bot comment to support `any_m... (#421726 - closed) • Sashi Kumar Kumaresan • 16.5 (Stretch)
- Use bot avatar for security_policy_bot users (#421386) • Marcos Rocha • 17.3 (Stretch)
- Spike: Investigate the database query performan... (#421159 - closed) • Unassigned • 16.8 (Stretch)
- Deprecate `ScanResultPolicy.groupApprovers` Gra... (#420775 - closed) • Sashi Kumar Kumaresan • 17.0 • On track (Stretch)
- Add scan result policy access check (#420629 - closed) • Andy Schoenen • 16.6 (Stretch)
- tmp_idx_vulnerability_occurrences_on_id_where_r... (#417880 - closed) • Unassigned • 16.5 (Stretch)
- Cells: Fix cross joins in security/fetch_policy... (#417460 - closed) • Sashi Kumar Kumaresan • 16.5 (Stretch)
typefeature / typemaintenance frontend focus
- FE: Disable "Unprotect" button when policy is i... (#421623 - closed) • Alexander Turinske, Artur Fedorov • 16.6 • On track (Deliverable)
- FE: Add humanised version to Scan Result Polici... (#422786) • Artur Fedorov • 17.5 • At risk (Deliverable)
- FE: Add component specific filters to Scan Resu... (#422713) • Artur Fedorov • 17.5 • At risk (Deliverable)
- Add e2e test to ensure policies appear in setti... (#423454 - closed) • Marcos Rocha • 16.7 (Stretch)
- Refactor security policy file structure (#420677 - closed) • Alexander Turinske • 16.5 (Stretch)
- Mention UTC in the scheduled time for security... (#382431 - closed) • Unassigned • 17.3 (Stretch)
typebug backend focus
- priority3 / severity3 Security bot says policy violate but not accurate (#420948 - closed) • Sashi Kumar Kumaresan • 16.5 • On track (Deliverable)
- priority3 / severity3 License approval works incorrectly when the tar... (#419569 - closed) • Marcos Rocha • 16.8 • On track (Deliverable)
- priority3 / severity3 Security Policy Creation error "Project was cre... (#416875 - closed) • Alan (Maciej) Paruszewski • 16.9 • On track (Deliverable)
- priority4 / severity4 GRPC::ResourceExhausted: 8:detecting object has... (#412419 - closed) • Alan (Maciej) Paruszewski • 16.5 • On track (Deliverable)
- priority4 / severity4 Make it clearer why you cannot create a scan ex... (#420333) • Unassigned • Backlog (Stretch)
Extra
- Kanban Board with additional smaller maintenance issues and bugs. (Prioritized from top to bottom)
- Group Priorities List