16.7 Secure:Composition Analysis Planning Issue
- Release date
- General info
- Reaction Rotation
- Priorities
- Upcoming Customer Issues that Need Refinement
- Work type classification
- Planned capacity
Release date
December 21st, 2023
Source: https://about.gitlab.com/releases/#upcoming-releases
General info
For this milestone, we'll try to complete the GA of Continuous Vulnerability Scans for Container Scanning.
This milestone 16.7 starts on 2023-11-13 and ends on 2023-12-15.
Reaction Rotation
- Security: 15% @fcatteau
- Maintainership: 15% @brytannia
- Support: 15% @philipcunningham
Priorities
Our Highest Priority feature work this milestone is:
Priority | Initiative | Why? | Area | DRI |
---|---|---|---|---|
1 | Feature maturity to make CVS for DS GA | CVS is DevSecOps adoption priority #4 (closed) and is a highly requested feature. Customers will really begin to use the feature once it is enabled by default for everyone in ultimate. | Dependency Scanning | @fcatteau |
2 | Container Scanning: CVS Trigger scans on Trivy DB changes | Delivering the MVC of Continuous Vulnerability Scanning for container scanning in 16.6 will enable customers to get new vulnerability data when the Trivy DB is updated. This is a critical feature that will help us simplify security scanning, improve the usability and security results associated with container scanning. This is expected to be enabled by default for Ultimate customers in 16.6 | Container Scanning | @adamcohen |
3 | Improve Operational Container Scanning reporting (&11968 - closed) | OCS relies on parsing the Trivy log to retrieve the findings that it submits to GitLab. Aside from the risk of the log format changing and breaking the integration, log files are also limited to 10MB, which restricts users with larger deployments. | Operational Container Scanning | @nilieskou |
Upcoming Customer Issues that Need Refinement
Priority | Issue | Why? | Area |
---|---|---|---|
1 | |||
2 |
Work type classification
TODO
Planned capacity
-
backend => ~95%
- Aditya: 90%
- Fabien: 85%
- Igor: 100%
- Nick: 100%
- Olivier: 100%
- Oscar: 100%
- Philip: 85%
- Shao: 100%
- Tetiana: 85%
-
frontend => 100%
- Fernando: 100%
- documentation, Russell: 12% (15% - 1 week's PTO)
- Quality, Will: %
- Engineering Manager, Thiago: 100%
- Product Manager, John: %
Edited by Russell Dickenson