17.0 Planning—Secret Detection
🔒 Secure, Secret Detection - Milestone Planning
This is a planning issue for Category:Secret Detection and Category:Code Quality, which is maintained by groupsecret detection.
See the group handbook page for more about this issue and how it fits into group workflows.
In this issue:
Milestone Key Dates
- Duration:
- Release Date:
Narrative
Pre-receive Secret Detection Beta
In %16.11, we finalized refinement for most if not all of the issues in scope for Beta. We also kicked off development on the audit events, granular controls (project level configuration), and discussed how we could improve messaging on the various workflows. We also took some time to define a timeline for the key targets along our road to Beta. We're still working on finalizing the target dates, but we have established success criteria for these targets.
The key targets/goal posts we'd like to deliver in %17.0 are:
- Beta is feature complete
- Baseline monitoring dashboard and runbook have been created
- Dogfooding has begun, and phase 1 has been completed.
Account teams and customers are very excited about pre-receive scanning, so let's get it shipped and available to our interested customers (see #439921 (closed))!
High-impact updates to the current Secret Detection system
Remote ruleset config issues
In %16.11 we prioritized the following two highly requested typebug with our remote ruleset config:
- SAST/SD: Shared remote ruleset configuration is... (#425730 - closed)
- Security secret detection scan doesn't pick up ... (#425251 - closed) We made significant progress on these issues and have identified and proposed a fix for both. We're currently working on getting feedback on the fixes, and coordinating a rollout strategy since the fixes will require updates to some of shared modules that are used across all analyzers.
Secret Detection tracking
Another highly requested typefeature we began working on in %16.11 is Track Secret Detection findings by filename and... (#434096 - closed). We made some great progress here as well, and are expecting to release this in %17.0. The rollout for this may also require coordination across groups as the enhancement will be made to tracking-calculator.
Other expected work
With %17.0 being a breaking change release, there may be support needed from our group to facilitate changes across the SAST and SD analyzers. Please keep an eye out and assist where you can! While our team does not have any breaking changes announced, we will most likely need to perform a major version bump for our secrets analyzer.
(See direction for discussion of these two themes and how they interact.)
Priorities
Key items to deliver
This section lists items that should be ready to deliver (or at least to move forward). Many of these items should be defined as ~Deliverable items, assuming they are feasible to deliver in the milestone.
Status of this list: Initially reviewed. We will add typemaintenance and typebug items, and ensure that all typefeature work is included, before reviewing the overall list with team members.
Initiative | Issues | DRI |
---|---|---|
Looking forward
This section lists items that are in earlier stages of planning. Refining them is an important part of this milestone because it sets us up to work on them in the following milestones. Primary areas of responsibility are listed, but everyone can contribute!
This is almost certainly more than we can take on. It's generally in priority order (most important at the top).
Please suggest others or add them directly.
Product and UX
This section includes other Product and UX context that may not fit into the Looking forward section above.
Product Manager: @smeadzinger
- Transition tasks
UX Designer: @mfangman
- Design: Pre-receive Secret Dection configuratio... (#451559 - closed) • Michael Fangman • 17.0
- Discover the Jobs to Be Done (JTBD) for Secret ... (ux-research#2707) • Michael Fangman, Erika Feldman • 16.7
Documentation
This section includes group inputs and the plan for Technical Writing in the milestone.
Technical Writing stable counterpart: @rdickenson
- Track Secret Detection findings by filename and... (#434096 - closed) • Vishwa Bhat • 17.0 • On track
- Update documentation, focusing on how instance-... (#451359 - closed) • Serena Fang • 17.1
- Add supported token/API key/secret types to doc... (#454905 - closed) • Russell Dickenson • 17.1