16.11 Planning—Static Analysis (SAST/IaC)
🔒 Secure, Static Analysis - Milestone Planning
This is a planning issue for Category:SAST (including IaC Scanning), which is maintained by groupstatic analysis.
See the group handbook page for more about this issue and how it fits into group workflows.
In this issue:
Iteration Commencing 2024-03-15 (check this)
Narrative
In 16.11, the SAST/IaC team will continue these focus areas from 16.10:
- Analyzer consolidation, with a goal of deprecating as many analyzers as we can by %17.0.
- Improving GitLab-maintained SAST rulesets and release process, in collaboration with the VR team.
These efforts directly align with the Result quality and "Day 1" experience and "Day 2" efficiency themes that are described in our 1 year plan.
We will also add two new noteworthy focus points this milestone:
- SAST team members will undergo sast-rules review training to help with the rule review effort.
- We will also deal with the current requests for help assigned to our group (internal link).
Priorities
Key items to deliver
This section lists items that should be ready to deliver (or at least to move forward). Many of these items should be defined as ~Deliverable items, assuming they are feasible to deliver in the milestone.
Status of this list: Initially reviewed. We will add typemaintenance and typebug items, and ensure that all typefeature work is included, before reviewing the overall list with team members.
full list of RFH
Requests for HelpLooking forward
This section lists items that are in earlier stages of planning. Refining them is an important part of this milestone because it sets us up to work on them in the following milestones. Primary areas of responsibility are listed, but everyone can contribute!
This is almost certainly more than we can take on. It's generally in priority order (most important at the top).
Good candidate issues if time allows
Item | Why? | Area |
---|
Please suggest others or add them directly.
Learn and react
We'll engage with these initiatives, and respond within the milestone by filing issues or implementing if feasible:
TBD
Product and UX
This section includes other Product and UX context that may not fit into the Looking forward section above.
Product Manager: @connorgilbert
- TODO
UX: No current plan for SAST this milestone
Documentation
This section includes group inputs and the plan for Technical Writing in the milestone.
Technical Writing stable counterpart: @rdickenson
Input on group priorities
Initial thoughts below
From a groupstatic analysis perspective, the following would likely improve customer outcomes:
- TBD
Anticipated release posts and documentation include:
- Monthly analyzer updates
Planned new content
TBD
Planned maintenance
TBD