Govern: Security Policies 17.1 Planning Issue
Previous planning issue: Govern: Security Policies 17.0 Planning Issue (#455823 - closed)
Narrative
During our last milestone, our team was working on great features that we have recently completed Aligning scan result policy and MR widget compa... (&11847 - closed), Display security policy violation details to users (&11185) and Toggle merge request approval policies to fail ... (&10816 - closed) Congratulations!
At the same time we have started shifting our focus to spend more time on quality and performance and improvements that we wanted to introduce with Use database read model for merge request appr... (&9971 - closed) and https://gitlab.com/groups/gitlab-org/-/epics/12033+.
In this milestone, we aim to release Pipeline Execution Policy Type (&13266 - closed), finalize https://gitlab.com/groups/gitlab-org/-/epics/12033+, and focus on quality and performance improvements in scope of Govern: Security Policies - 17.x - Technical De... (&13225) (DRI: @sashi_kumar / @aturinske) and Use database read model for merge request appr... (&9971 - closed), we will also continue working on improvements needed for Cells 1.0 in the scope of (size: M to L) Cells - Workflows: Security Poli... (&12709 - closed).
Additionally, as we do in every release, we want to continue solving bugs to improve the UX of Security Policy features and ensure they are working correctly. Our group is increasingly interested in using features, so we need to ensure that Scan Execution and Merge Request Approval Policies are working as expected.
We also want to improve our documentation with:
- TBD
Spikes
- Spike: Verify how to implement Policy History i... (#434678 - closed)
- Spike: Cells - Investigate and separate importe... (#441078 - closed)
- Spike: Update security policies to support comp... (#424827)
- Spike: Reuse policy schema definitions for mode... (#448318 - closed)
Priorities
To provide necessary help and collaborate with groupcompliance
To finalize and close
- Pipeline Execution Policy Type (&13266 - closed) ( @mcavoj / @arfedoro)
- Use database read model for merge request appr... (&9971 - closed) ( @sashi_kumar)
- https://gitlab.com/groups/gitlab-org/-/epics/12033+ ( @mc_rocha)
To continue working on
To start planning
- Cancelled: Allow Users to View Policy History i... (&5448)
- Exclude packages from Merge Request Approval Po... (&10203 - closed)
typefeature / typemaintenance backend focus
- [backend] Apply policy scope and limits for pip... (#452381 - closed) • Sashi Kumar Kumaresan • 17.2 • At risk ( Deliverable)
- Spike Come up with PoC for pipeline execution p... (#441252 - closed) • Martin Cavoj • 17.1 • At risk ( Deliverable)
- [backend] Handle pipeline execution policy job ... (#455314 - closed) • Martin Cavoj • 17.2 • At risk ( Deliverable)
- [backend] Handle pipeline execution policy vari... (#455312 - closed) • Marcos Rocha • 17.2 • At risk ( Deliverable)
- [backend] Inject pipeline execution policy jobs... (#455261 - closed) • Martin Cavoj • 17.1 • On track ( Deliverable)
- [backend] Handle pipeline execution policy rese... (#452384 - closed) • Andy Schoenen • 17.2 • At risk ( Deliverable)
- Update scan_finding approval rules when protect... (#432913 - closed) • Sashi Kumar Kumaresan • 17.3 • At risk ( Deliverable)
- Add service to create and sync policy YAML into... (#416262 - closed) • Andy Schoenen • 17.5 • At risk ( Deliverable)
- https://gitlab.com/gitlab-org/gitlab/-/issues/437012+s ( Deliverable)
- Spike: Cells - Investigate and separate importe... (#441078 - closed) • Marcos Rocha • 17.4 ( Stretch)
- Spike: Reuse policy schema definitions for mode... (#448318 - closed) • Unassigned • Backlog ( Stretch)
- Follow-up from "Ignore value of feature toggle ... (#448494 - closed) • Dominic Bauer • 17.3 ( Stretch)
- Spike: Test and identify Scan Execution Policy ... (#436545 - closed) • Dominic Bauer • 17.2 ( Stretch)
- Metric - Adoption/usage of pipeline execution p... (#436055 - closed) • Marcos Rocha • 17.3 ( Stretch)
- Clean up orphan Software licenses regularly (#435810 - closed) • Unassigned • Backlog ( Stretch)
- Spike: Verify how to implement Policy History i... (#434678 - closed) • Sashi Kumar Kumaresan • 17.2 ( Stretch)
- Create DB tables to store all policy YAML content (#416260 - closed) • Sashi Kumar Kumaresan • 17.1 ( Stretch)
- https://gitlab.com/gitlab-org/gitlab/-/issues/450703+s ( Stretch)
typefeature / typemaintenance frontend focus
- [Frontend] Add file path action to policy editor (#454284 - closed) • Alexander Turinske • 17.1 • On track ( Deliverable)
- Create rule mode radio button for fallback prop... (#451662 - closed) • Alexander Turinske • 17.1 • On track ( Deliverable)
- Add fallback behavior property to the policy li... (#451660 - closed) • Alexander Turinske • 17.1 • On track ( Deliverable)
- [Frontend Integration] Add integration tests fo... (#454336 - closed) • Artur Fedorov • 17.1 ( Stretch)
- Move security policy graphql requests from list... (#458824 - closed) • Alexander Turinske • 17.1 ( Stretch)
- Disable save policy button based on schema (#429896) • Unassigned • Backlog ( Stretch)
- Abstract out save policy logic/flags (#458230 - closed) • Alexander Turinske • Backlog ( Stretch)
typebug backend focus
- priority3 / severity2 Protected Branch API PATCH request returns a de... (#436539 - closed) • Marcos Rocha • 17.1 • On track ( Deliverable)
- priority3 / severity3 Password bypass on approvals using policy projects (#461248 - closed) • Dominic Bauer • 17.2 ( Deliverable)
- priority3 / severity3 Merge request approval policy applies to all br... (#456055 - closed) • Andy Schoenen • 17.3 • Needs attention ( Deliverable)
- priority3 / severity3 Protected branch cannot be updated through API ... (#442421 - closed) • Marcos Rocha • 17.1 • On track ( Deliverable)
- priority4 / severity4 Instance required pipeline configuration jobs a... (#440236 - closed) • Alan (Maciej) Paruszewski • 17.2 ( Stretch)
- priority4 / severity4 Bug: policy name can't have special characters (#413967 - closed) • Alan (Maciej) Paruszewski • 17.1 ( Stretch)
- https://gitlab.com/gitlab-org/gitlab/-/issues/441095+s ( Stretch)
- Incorrect error returned when reapplying securi... (#457065 - closed) • Marcos Rocha • 17.1 ( Stretch)
typebug frontend focus
- priority4 / severity3 Security policy editor schema validation is not... (#457789 - closed) • Alexander Turinske • 17.1 • On track ( Deliverable)
- priority3 / severity3 [Bug] The project status checks setting fronten... (#376192 - closed) • Alexander Turinske • 17.1 ( Stretch)
- priority3 / severity3 Security policy branch exceptions options shows... (#432133 - closed) • Artur Fedorov • 17.1 ( Stretch)
- priority4 / severity4 UX bug: policy error message showing an YAML mo... (#419406 - closed) • Alexander Turinske • 17.2 • At risk ( Stretch)
- priority4 / severity4 Improve action section layout and dropdown content (#432246 - closed) • Artur Fedorov • 17.2 ( Stretch)
- Security Policy Project modal refreshes dropdow... (#448593 - closed) • Artur Fedorov • 17.1 ( Stretch)
- Security Policy yaml validation does not work w... (#461252 - closed) • Alexander Turinske • 17.5 • At risk ( Stretch)
Extra
- Kanban Board with additional smaller maintenance issues and bugs. (Prioritized from top to bottom)
- Group Priorities List
Metrics
Release post items
Release post items related to current work in format Epic | Release post | Milestone.
- Merge request approval policies fail open/close... (&13227 - closed) | Release post | %17.1
- Manage scheduled scan execution pipeline concur... (&13997 - closed) | Release post | %17.1
- Pipeline Execution Policy Type (&13266 - closed) | Release post | %17.2
- Refine Policy Application Limits (&8084) | Release post | %17.2?
- Expand Scan Execution Policies to run on MR pip... (#415427 - closed) | Release post | %17.2?
- Exclude packages from Merge Request Approval Po... (&10203 - closed) | Release post | %17.4