[Spike] Composition Analysis components for global CI/CD catalog
Topic to Evaluate
groupcomposition analysis has been asked to take ownership for the existing CI/CD component for container scanning (https://gitlab.com/gitlab-components/container-scanning).
The expectation is for CA to own and maintain this as any other of our projects, starting as soon as possible.
This spike issue is to answer questions related to this new responsibility.
Time-box
This is time-boxed to 3 days.
Tasks to Evaluate
-
Should we update the container scanning configuration docs to include a component option? -
What other templates should we create component(s) for? (Dependency Scanning, License Scanning) -
If so, when should we create them? -
What is the equivalent of the .latest
templates for CI/CD components. What should be our approach? -
Who would like to volunteer as the initial maintainers? -
Is there training available that all engineers should undertake? -
What problems do we have in templates that can potentially be solved by components? -
How are components tested? -
What are the regular maintenance tasks that component projects need? -
Should we consider creating one or more demos? -
Should we look to retire templates? If so, how long do we maintain both templates and components for?
Risks and Implementation Considerations
Other
Slack teams for help:
#g_pipeline-authoring
#f_ci_catalog
Team
-
Add workflowplanning breakdown typefeature and the corresponding ~devops::<stage>
and~group::<group>
labels. -
Ping the PM and EM. -
Write issues with the outcome of the spike. - Create Dependency Scanning CI/CD Component (#433267) has been updated and refined based on #431827 (comment 1749127927).
/cc @johncrowley
Edited by Fabien Catteau