17.2 Secure:Composition Analysis Planning Issue
General info
- Period: 2024–06-15 to 2024-07-12.
- Planning board
- Reaction rotation: @atiwari71 (primary), @nilieskou (secondary). Full schedule. Reaction rotation issue.
Priorities
Feature
Our Highest Priority feature work this milestone is:
Maintenance and bugs
Epics
Standalone issues
Bugs
- priority2 Security MR widget shows incorrect image name w... (#463953 - closed) • Zamir Martins • 17.2
- priority2 SBoM export failing with: `Invalid CycloneDX re... (#461240) • Olivier Gonzalez • 17.3 • On track
- priority2 Add a system note when a vulnerability is marke... (#463199) • Unassigned • Backlog
- priority2 Some NPM packages showing up as `unknown` licen... (#463772) • Igor Frenkel • Backlog
- priority3 License DB detects no licenses for a set of Mav... (#439786 - closed) • Oscar Tovar • 17.3 • On track
- priority3 Gemnasium-Maven dependency scanning fails on lo... (#437838 - closed) • Philip Cunningham • 17.2 • On track
- priority3 Properly handle unknown / incorrect SPDX identi... (#442727) • Shao Ming Tan • 17.3 • On track
- priority3 Continuous Container Scanning attempts to inser... (#452267) • Yasha Rise • 17.3
- priority3 Editable flags can cause gemnasium-python-depen... (#451279 - closed) • Nick Ilieskou • 17.2 • On track
- priority3 Error when pulling plugin for maven project mir... (#414689) • Miki Amos • 17.3 • On track
- priority3 Handle invalid user input in semver_dialects pa... (#428449 - closed) • Orin Naaman • 17.2
- Review / Verification of unknown licenses for s... (#470151 - closed) • Nick Ilieskou • 17.2
Other
- typefeature Remove components with empty names or duplicate... (#461858) • Unassigned • 17.3
- typefeature Allow Gemnasium to match file patterns (#452259) • Unassigned • 17.3
- typefeature https://gitlab.com/gitlab-org/gitlab/-/issues/458451+s
- typefeature Upgrade Dependency Scanning Gradle support to 7... (#421893 - closed) • Olivier Gonzalez • 17.2
- typemaintenance Add pipeline license count endpoint (#441299) • Shao Ming Tan • 17.3 • On track
- typefeature workflowplanning breakdown Design: Show errors for invalid SBoM reports in... (#366960 - closed) • Olivier Gonzalez • 17.2
- typefeature Remove Security Configuration ProjectSetContinu... (#462364) • Unassigned • 17.3
- typefeature Include prereleases if affected range starts wi... (#442028) • Orin Naaman • 17.3
- typemaintenance Migrate from Terraform templates to OpenTofu co... (#440756 - closed) • Nick Ilieskou • 17.2 • On track
- typemaintenance Migrate gemnasium to use github.com/pandatix/go... (#460894 - closed) • Nick Ilieskou • 17.2
- typemaintenance OCS with Trivy 52.2 requires more Cluster level... (#469501 - closed) • Nick Ilieskou • 17.2
Engineering allocation
- everyone: typebug work on one bug before picking-up a new issue.
- @atiwari71: typemaintenance Primary Reaction Rotation.
- @fcatteau: contributing to Sec DB decomposition WG.
- @fernando-c: typefeature FE DRI for &13049.
- @gonzoyumo: typefeature contributing to other issues.
- @hacks4oats: typefeature DRI for &10174.
- @ifrenkel: typefeature DRI for &13093.
- @mamos-gl: typefeature DRI for &13390.
- @nilieskou: typemaintenance Secondary Reaction Rotation and typefeature contributing to &8026 and &11544.
- @onaaman: typefeature contributing to &11544 & DRI on #442028
- @philipcunningham: typemaintenance DRI for &11228.
- @smtan: typefeature contributing to &10174.
- @YashaRise: typefeature DRI for &11544.
- @zmartins: typefeature DRI for &8026.
Edited by Nick Ilieskou