16.5 Secure:Composition Analysis Planning Issue
- Release date
- General info
- Reaction Rotation
- Priorities
- Upcoming Customer Issues that Need Refinement
- Work type classification
Release date
October 22nd, 2023
Source: https://about.gitlab.com/releases/#upcoming-releases
General info
For this milestone, we'll try to complete the MVC of Continuous Vulnerability Scans for Container Scanning that we started in the previous milestone. We'll continue to improve CVS for Dependency Scanning and start addressing the lefover we removed from the initial scope.
Some minor improvements like support for JAVA 21 and providing CVSS score are also planned.
This milestone 16.5 starts on 2023-09-18 and ends on 2023-10-17.
Reaction Rotation
- Security: 15% @philipcunningham
- Maintainership: 15% @hacks4oats
- Support: 15% @ifrenkel
Priorities
Our Highest Priority feature work this milestone is:
Priority | Initiative | Why? | Area | DRI |
---|---|---|---|---|
1 | Feature maturity to make CVS for DS Beta and GA | CVS is DevSecOps adoption priority #4 (closed) and is a highly requested feature. Customers will really begin to use the feature once it is enabled by default for everyone in ultimate. | Dependency Scanning | @fcatteau |
2 | Container Scanning: CVS Trigger scans on Trivy DB changes | Delivering the MVC of Continuous Vulnerability Scanning for container scanning in 16.5 will enable customers to get new vulnerability data when the Trivy DB is updated. This is a critical feature that will help us simplify security scanning, improve the usability and security results associated with container scanning. This is expected to be enabled by default for Ultimate customers in 16.5 | Container Scanning | @adamcohen |
3 | MVC support for CVSS | Commitment to ultimate customer | Dependency Scanning | @hacks4oats |
Upcoming Customer Issues that Need Refinement
Priority | Issue | Why? | Area |
---|---|---|---|
1 | |||
2 |
Work type classification
- typefeature: 28/64 - issues
- typebug: 12/19 - issues
- typemaintenance: 12/22 - issues
- typeignore: 2/0 - issues
- others: 2/2 - issues
|
|
-
backend => ~80%
- Adam: 90%
- Aditya: 75%
- Fabien: 90%
- Igor: 50%
- Nick: 90%
- Oscar: 85%
- Philip: 85%
- Shao: 90%
- Tetiana: 90%
-
frontend => 100%
- Fernando: 50%
- documentation, Russell: 10% (Usual 15% - allowance for PTO coverage of other TWs)
- Quality, Will: %
- Engineering Manager, Olivier: 100%
- Product Manager, Sara: %
Edited by Olivier Gonzalez