You need to sign in or sign up before continuing.
Threat Insights 16.7 Planning
Summary
In 16.7 we will:
- Enable a new experimental AI feature, Resolve this Vulnerability.
- Start adding filters to the Group Dependency List, the first one will be filter by project.
- Add the ability to group by OWASP top 10 on the Project Vulnerability Report.
- Add the new vulnerability report's Tool filter to the group vulnerability report.
Focus
typefeature focus
- [Experiment] - Vulnerability Resolution (&10779 - closed)
-
Use database for project dependency list (&8293 - closed) (DRI: @zmartins)
- backend Update sbom_occurrences ingestion in order to f... (#426122 - closed) • Zamir Martins • 16.7 • On track
- backend Add vulnerabilities as part of graphql dependen... (#426123 - closed) • Zamir Martins • 16.7 • On track
- backend Add support to sorting (two levels) based on th... (#426126 - closed) • Zamir Martins • 16.7 • Needs attention
-
Project and License filters (&10904 - closed) (DRI: BE @bwill, FE @dpisek)
- [Spike] - Optimize group dependency list query ... (#427783 - closed) • Mehmet Emin INAC • 16.8
- frontend Add "project" filter option to group-level depe... (#422356 - closed) • David Pisek, Brian Williams • 16.7 • On track
- [Feature flag] Enable `group_level_dependencies... (#424727 - closed) • David Pisek, Brian Williams • 16.10 • On track
- Discovered during milestone (added 30th of Nov):
- Group-level dependencies: Add error handling fo... (#432707 - closed) • David Pisek • 16.7 • On track
- Long project names wrap incorrectly within the ... (#433246 - closed) • David Pisek, Savas Vedova • 16.7 • On track
- Pagination does not reset when filters get applied (#433247 - closed) • David Pisek, Savas Vedova • 16.7 • On track
-
Additional Activity filters for Vulnerability R... (&7883 - closed) (DRI: @subashis)
- backend Backend: Add hasRemediations filter to Vulnerab... (#358638 - closed) • Subashis Chakraborty • 16.7 • On track
- database backend VulnerabilityReads require index or indicies fo... (#428078 - closed) • Unassigned • Backlog (moved to 16.9)
- backend Fix the has_remediations ingestion logic for vu... (#429361 - closed) • Subashis Chakraborty • 16.7
- frontend [Feature flag] Rollout of `activity_filter_has_mr` (#426104 - closed) • Samantha Ming • 16.7
-
Vulnerability report grouping (&10164) (DRIs: backend @bala.kumar , frontend @svedova)
- backend Store OWASP Top 10 in backend for vulnerability... (#419092 - closed) • Bala Kumar • 16.8 • On track
- backend Include OWASP filter to vulnerabilitySeverities... (#432618 - closed) • Subashis Chakraborty • 16.8 • On track
- backend Evaluate limiting Group Level Vulnerability Rep... (#432715 - closed) • Unassigned • Backlog
- frontend FE: Group By Tools (#429919 - closed) • Samantha Ming • 16.7
- Enhanced filtering and search on the Vulnerabil... (&3429) (DRI: @ghavenga, @svedova)
- Add the new vulnerability report's Tool filter ... (&11859)
- Update bulk dismissal reason dropdown on Vulner... (#432499 - closed) • Lorenz van Herwaarden • 16.7
typemaintenance focus
-
Pipeline Security Listing Migration and Enhance... (&8478) (DRI: BE @subashis FE @lorenzvanherwaarden)
- Make vulnerabilitiesCountsQuery injection optio... (#431796 - closed) • Lorenz van Herwaarden • 16.7
- Make scanner injection optional in vulnerabilit... (#431800 - closed) • Lorenz van Herwaarden • 16.7
- Show dismissal reason in pipeline security tab (#433336 - closed) • Savas Vedova, Lorenz van Herwaarden • 16.7
- Add "Activity" column to pipeline security report (#362575 - closed) • David Pisek, Lorenz van Herwaarden • 16.7
- Follow-up after deprecate the use of Vulnerabil... (&9552) (DRI: @mallocke)
- Proper 1:1 relationship between Vulnerabilities... (&11030 - closed) (DRI: @Quintasan)
typebug focus
To be refined and scheduled by Wednesday, November 15th.
severity2 Bugs
- Performance issues on vulnerability_findings en... (#411666 - closed) • Subashis Chakraborty • 16.9 • On track
- Database timeout when viewing the group depende... (#425274) • Brian Williams • 17.2 • On track
- SBOM components removed during partial ingestio... (#421666 - closed) • Mehmet Emin INAC, Michael Becker • 16.7 • On track
- Vulnerabilities do not stay Dismissed (#427070 - closed) • Michał Zając • 16.8
- Error when dismissing pipeline security finding... (#428893 - closed) • Subashis Chakraborty • 16.7
- https://gitlab.com/gitlab-org/gitlab/-/issues/429130+s
severity3 Bugs
- Hide Resolve with merge request action for newl... (#428890 - closed) • Subashis Chakraborty, Lorenz van Herwaarden • 16.7
- Investigate MR Widget Security Reports not show... (#431850 - closed) • David Pisek • 16.7
- Create Merge Request action for non default bra... (#421450 - closed) • Brian Williams • 16.8
- empty `blob_path` for security findings (#434358 - closed) • David Pisek, Michael Becker • 16.7
Extra
What's on the horizon?
- Use security_findings for security MR widget re... (#390185) • Michael Becker • 17.2 • At risk
- Allow security reports to be read for pipelines... (#346843 - closed) • Bala Kumar • 16.10 • On track
- MR Security widget - migrate to GraphQL (&10962) Threat InsightsNavy
- Use rubygem to release security report schemas (&9314) Threat InsightsTangerine
- Change 1:N to 1:1 relation between Vulnerabilit... (&10819) Threat InsightsTangerine (DRI: @Quintasan)
- Delete `vulnerability_occurrence_pipelines` table (&11241) Threat InsightsTangerine (DRI: TBC)
Team OKRs
Planning Boards
- Delivery Board - columns are workflow labels
- Planning Board - columns are milestones
- Who's Working on What? - columns are individual team members
- Bug board - columns are severity and priority
-
Set the Milestone (current Milestone) -
Update the Milestone link for the Planning Board -
Set the Due Date for the end of the current Milestone
Edited by Neil McCorrison