Threat Insights 17.1 Planning Issue
Summary
In 17.1 we will:
- Kick off work for [GA] Vulnerability Explanation (&10642) by refining Move Vulnerability Explanation to GitLab Duo Chat (&13309)
- Continue or work on implementing the ability to Filter by Identifier on the Vulnerability Report (&13340)
- Finalize the ability to filter by component on the Dependency List and start working on the ability to filter by packager
Focus
Projects
Vulnerability Report
- Implement Filtered Search Component on the Vuln... (&13339)
- Filter by Identifier on the Vulnerability Report (&13340)
Dependency List
AI
[GA] Vulnerability Explanation (&10642)
- [Spike] - Explore supporting other scanners for... (#452401) • Unassigned • 17.1 • At risk
- Update the Vulnerability Explanation feature to... (#443657) • Samantha Ming • 17.1 • At risk
- Move Vulnerability Explanation to GitLab Duo Chat (&13309) workflowrefinement
Performance and Optimization
-
[Secure, Govern] - Database Optimisation Effort... (&12114)
-
Group-level dependency list page performance improvements 1
- New query for group-level dependency list page ... (#450920) • Unassigned • 17.1
- New query for group-level dependency list page ... (#450922) • Unassigned • 17.1
- New query for group-level dependency list page ... (#437648) • Unassigned • 17.1 • At risk
- Implement keyset pagination for group-level dep... (#437647) • Unassigned • Backlog
-
Group-level vulnerability report page performan... (&12372)
- Support sorting by `detected_at` in new denorma... (#461446) • Mehmet Emin INAC • 17.1
- Improve the performance of the `VulnerabilitySe... (#438303) • Bala Kumar • 17.1
- Group Vulnerability Report CSV Export fails to ... (#440163) • Gregory Havenga • 17.1 • Needs attention
- Threat Insights - Drop unused Indices (#456959) • Gregory Havenga • 17.1
- [Feature flag] Rollout of `utilize_denormalized... (#455263) • Mehmet Emin INAC • 17.1 • On track
-
Group-level dependency list page performance improvements 1
- Cells 1.0, (size: L) Govern: Threat Insights - Cells Support (&13087)
- Cells 1.0 Workflow Review (#448881) • Subashis Chakraborty • 17.1 (This may continue for couple of milestones to keep track of the workflows)
- Add sharding key to `vulnerability_exports` (#457095) • Subashis Chakraborty • 17.1
- Remove `Request new CVE` button when in org/cell (#450766) • Subashis Chakraborty • 17.1
typemaintenance focus
- Use security_findings for MR widget report comparison
-
Pipeline Security Listing Migration and Enhance... (&8478) (DRI: backend @subashis, frontend @lorenzvanherwaarden)
- [Feature flag] Rollout of `pipeline_security_da... (#328818) • Lorenz van Herwaarden • 17.1 • At risk
- Pipeline security tab shows findings when still... (#460494) • Subashis Chakraborty • 17.1 ~blocking
- Add the ability to do the filtering of dismissa... (#433033) • Michael Becker • 17.1, workflowrefinement
- Delete `vulnerability_occurrence_pipelines` table (&11241)
- Threat Insights 17.0 deprecations, removals and... (&10425)
typebug focus
- Implement a new worker to store security report... (#452005) • Michael Becker • 17.1
- 'Create Jira Issue' button in Merge Request wid... (#441954) • Unassigned • 17.1
- Inconsistent display of vulnerability comment w... (#438342) • Michał Zając, David Pisek • 17.1 • At risk
- https://gitlab.com/gitlab-org/gitlab/-/issues/442486+s
- Customer Unable to load Security Dashboard at G... (#440712) • Unassigned • 17.1
typebug workflowrefinement
All issues listed in this section are meant to be refined for the current milestone but are not considered Deliverable(s).
What's on the horizon?
- Dependency list grouping (&8091)
- Auto-resolve vulnerabilities when not found in ... (&5708)
- Auto-dismiss irrelevant vulnerabilities (&10894)
- MR Security widget - migrate to GraphQL (&10962) Threat InsightsNavy
- Use rubygem to release security report schemas (&9314) Threat InsightsTangerine
Team OKRs
Planning Boards
- Delivery Board - columns are workflow labels
- Planning Board - columns are milestones
- Who's Working on What? - columns are individual team members
- Bug board - columns are severity and priority
-
Set the Milestone (current Milestone) -
Update the Milestone link for the Delivery Board -
Set the Due Date for the end of the current Milestone
Edited by Alana Bellucci