Govern: Security Policies 17.0 Planning Issue
Previous planning issue: Govern: Security Policies 16.10 + 16.11 Plannin... (#441464 - closed)
Narrative
In the last two milestones (%16.10 and %16.11), our team was working on many exciting features, officially releasing Security Policy Scopes (&5510 - closed) and Project owners should be able to link to a secu... (&12156 - closed)! Congratulations!
Over the last two milestones, we have also worked on &7312 (closed), where we prepared the PoC and agreed on the plan, which was then moved to a separate Epic: Pipeline Execution Policy Type (&13266 - closed). Additionally, we have worked on Use database read model for merge request appr... (&9971) and https://gitlab.com/groups/gitlab-org/-/epics/12033+.
Recently, after the Summit, we have decided to focus on quality and performance (gitlab-com/www-gitlab-com!133564 (merged)), and we started small reprioritization to achieve that goal.
In this milestone, we want to focus on getting closer to the delivery of Pipeline Execution Policy Type (&13266 - closed), continue our work around Toggle merge request approval policies to fail ... (&10816 - closed), and https://gitlab.com/groups/gitlab-org/-/epics/12033+.
Additionally, we would like to progress with Use database read model for merge request appr... (&9971) and focus on refactoring the current implementation to ensure we have scalable features ready to be used by larger groups and projects. We will also continue working on improvements needed for Cells 1.0 in the scope of (size: M to L) Cells - Workflows: Security Poli... (&12709 - closed).
With this milestone, we will continue our strategy while working on new tasks. Most of the issues are preassigned to designated DRIs for each Epic, and they will be responsible for refining, creating implementation issues, implementing, verifying, and reassigning issues to others if needed. We already see that this approach helped us with communication and collaboration and reduced the potential miscommunication.
Additionally, as we do in every release, we want to solve bugs to improve the UX of Security Policy features and ensure they are working correctly. Our group is increasingly interested in using features, so we need to ensure that Scan Execution and Scan Result policies are working as expected.
We also want to take care of Govern: Security Policies - 17.x - Technical De... (&13225) (DRI: @sashi_kumar / @aturinske) for %17.1 to create implementation issues for technical debt and other issues that we would like to solve to improve performance and quality of our work.
We also want to improve our documentation with:
- TBD
Spikes
- Spike: Test and identify Scan Execution Policy ... (#436545 - closed)
- Spike: Cells - Investigate and separate importe... (#441078 - closed)
- https://gitlab.com/gitlab-org/gitlab/-/issues/437012+
Priorities
groupcompliance
To provide necessary help and collaborate withTo finalize and close
Display security policy violation details to users (&11185) (@mcavoj)- Toggle merge request approval policies to fail ... (&10816 - closed) (@bauerdominic / @aturinske)
- Aligning scan result policy and MR widget compa... (&11847 - closed) (@sashi_kumar / @aturinske)
To continue working on
- Pipeline Execution Policy Type (&13266 - closed) (@mcavoj / @arfedoro)
- Use database read model for merge request appr... (&9971) (@sashi_kumar)
- https://gitlab.com/groups/gitlab-org/-/epics/12033+ (@mc_rocha)
To start planning
typefeature / typemaintenance backend focus
- Remove `newly_detected` in %17.0 (#422414 - closed) • Sashi Kumar Kumaresan • 17.0 • At risk (Deliverable)
- Remove `project.networkpolicies` in %17.0 (#421440 - closed) • Dominic Bauer • 17.0 • At risk (Deliverable)
- Deprecate `ScanResultPolicy.groupApprovers` Gra... (#420775 - closed) • Sashi Kumar Kumaresan • 17.0 • On track (Deliverable)
- Add service to create and sync policy YAML into... (#416262 - closed) • Andy Schoenen • 17.5 • At risk (Deliverable)
- [backend] Create graphql mutation for pipeline ... (#454951 - closed) • Alan (Maciej) Paruszewski, Artur Fedorov • 17.0 • On track (Deliverable)
- Spike Come up with PoC for pipeline execution p... (#441252 - closed) • Martin Čavoj • 17.1 • At risk (Deliverable)
- [backend] Handle pipeline execution policy rese... (#452384 - closed) • Andy Schoenen • 17.2 • At risk (Deliverable)
- [backend] Inject pipeline execution policy jobs... (#455261 - closed) • Martin Čavoj • 17.1 • On track (Deliverable)
- [backend] Handle pipeline execution policy job ... (#455314 - closed) • Martin Čavoj • 17.2 • At risk (Deliverable)
- [backend] Add new pipeline execution policy sch... (#452379 - closed) • Alan (Maciej) Paruszewski • 17.0 • At risk (Deliverable)
- Update scan_finding approval rules when protect... (#432913 - closed) • Sashi Kumar Kumaresan • 17.3 • At risk (Deliverable)
- Add GraphQL API for policy errors and violations (#433406 - closed) • Sashi Kumar Kumaresan • 17.0 • At risk (Deliverable)
- Update `match_on_inclusion` to `match_on_inclus... (#424513 - closed) • Sashi Kumar Kumaresan • 17.0 • At risk (Deliverable)
- https://gitlab.com/gitlab-org/gitlab/-/issues/437012+s (Deliverable)
- Create DB tables to store all policy YAML content (#416260 - closed) • Sashi Kumar Kumaresan • 17.1 (Stretch)
- [backend] Handle pipeline execution policy vari... (#455312 - closed) • Marcos Rocha • 17.2 • At risk (Stretch)
- [backend] Apply policy scope and limits for pip... (#452381 - closed) • Sashi Kumar Kumaresan • 17.2 • At risk (Stretch)
- Follow-up from "Ignore value of feature toggle ... (#448494 - closed) • Dominic Bauer • 17.3 (Stretch)
- Spike: Cells - Investigate and separate importe... (#441078 - closed) • Marcos Rocha • 17.4 (Stretch)
- BE: Support new policy action type `send_bot_me... (#438269 - closed) • Marcos Rocha • 17.0 (Stretch)
- Clean up orphan Software licenses regularly (#435810) • Unassigned • Backlog (Stretch)
typefeature / typemaintenance frontend focus
- Remove `newly_detected` in %17.0 (#422414 - closed) • Sashi Kumar Kumaresan • 17.0 • At risk (Deliverable)
- Update `match_on_inclusion` to `match_on_inclus... (#424513 - closed) • Sashi Kumar Kumaresan • 17.0 • At risk (Deliverable)
- [Frontend] Add conditions section to policy editor (#454285 - closed) • Alexander Turinske • 17.0 (Deliverable)
- [Frontend] Add file path action to policy editor (#454284 - closed) • Alexander Turinske • 17.1 • On track (Deliverable)
- [Frontend] Create editor for pipeline execution... (#454281 - closed) • Alexander Turinske • 17.0 • On track (Deliverable)
- FE: Add fallback behavior property to the yaml ... (#451661 - closed) • Alexander Turinske • 17.0 • On track (Deliverable)
- [Frontend] Update policy list to include new type (#454326 - closed) • Artur Fedorov • 17.0 • On track (Deliverable)
- Update from `{name 1} + x more` to `{name 1}, ... (#440580 - closed) • Artur Fedorov • 17.0 (Stretch)
- [Frontend] Add rule verification for switching ... (#454287 - closed) • Alexander Turinske • 17.0 (Stretch)
- [Frontend] Update policy drawer to include new ... (#454331 - closed) • Artur Fedorov • 17.0 (Stretch)
- FE: Add support for group-level branch exceptio... (#423434 - closed) • Artur Fedorov • 17.0 (Stretch)
- priority3 / severity3 JS Flaky test: ee/spec/frontend/vue_merge_reque... (#427192 - closed) • Alexander Turinske • 17.4 (Stretch)
- priority3 / severity3 JS Flaky test: ee/spec/frontend/vue_merge_reque... (#427334 - closed) • Alexander Turinske • 17.0 (Stretch)
- priority3 / severity3 JS Flaky tests in ee/spec/frontend/vue_merge_re... (#426129 - closed) • Alexander Turinske • 17.2 (Stretch)
typebug backend focus
- License approval policy require approval when n... (#442045 - closed) • Dominic Bauer • 17.0 • At risk (Deliverable)
- Scan execution policy runs pipeline on branches... (#450891 - closed) • Sashi Kumar Kumaresan • 17.0 (Stretch)
- Bug: scope error is not check when submit the MR (#442536 - closed) • Artur Fedorov • 17.0 (Stretch)
- priority2 / severity4 GitLab Security Policy Bot can be blocked as a ... (#439129 - closed) • Alan (Maciej) Paruszewski • 17.0 • On track (Deliverable)
- priority3 / severity3 Protected branch cannot be updated through API ... (#442421 - closed) • Marcos Rocha • 17.1 • On track (Deliverable)
- priority3 / severity3 Unable to exclude SpotBugs analyzer using SAST_... (#440855 - closed) • Alan (Maciej) Paruszewski • 17.0 • On track (Deliverable)
typebug frontend focus
- Bug: scope error is not check when submit the MR (#442536 - closed) • Artur Fedorov • 17.0 (Stretch)
- priority3 / severity3 Scan execution policy tags dropdown not populat... (#454548) • Unassigned • Awaiting further demand (Stretch)
- priority3 / severity3 Security policy branch exceptions options shows... (#432133 - closed) • Artur Fedorov • 17.1 (Stretch)
- priority4 / severity4 UX bug: policy error message showing an YAML mo... (#419406 - closed) • Alexander Turinske • 17.2 • At risk (Stretch)
Extra
- Kanban Board with additional smaller maintenance issues and bugs. (Prioritized from top to bottom)
- Group Priorities List