17.2 Secure:Static Analysis (blue) Planning Issue
General info
- Period: 2024–06-15 to 2024-07-12.
- Board: Current Board
Reaction Rotation
- Primary: @julianthome
- Secondary: @jleasure
Narrative
By end of %17.2 Our intent is to have a functional SAST in the IDE scanner (even if not perfect). We will undertake typemaintenance work to streamline and document processes that are currently vague. Furthermore, we will focus on documentation work to make sure we are empowering our customers to improve their security posture, in accordance with our OKR https://gitlab.com/gitlab-com/gitlab-OKRs/-/work_items/8107+s.
Features
Maintenance and bugs
Epics
Standalone issues
typemaintenance
- Fix problem where remote rulesets aren't picked... (#460640 - closed) • Julian Thome, Craig Smith • 17.2 • On track Deliverable
- Use danger-bot instead of custom script for rul... (#467156) • Julian Thome • Backlog Deliverable Engineering Time
- Add a test or review step that explicitly check... (#463607 - closed) • Julian Thome • 17.3 • On track Deliverable Engineering Time
- Improve tracking-calculator pipeline execution (#467541 - closed) • Julian Thome • 17.3 Deliverable Engineering Time
- Unnecessary whitespace is being added to packag... (#463604 - closed) • Julian Thome • 17.2 • On track Deliverable
- Add image integration tests for csharp-dotnetco... (#467184 - closed) • Adam Cohen • 17.1
typebug
- Test and fix all remote SAST remote configurati... (#458845 - closed) • Craig Smith • 17.2 priority1
- Semgrep-SAST-analyzer runs for HTML-files but f... (#375099 - closed) • Julian Thome • 17.3 • On track priority2 Deliverable
- Backport SAST-rules distribution fixes to 16.x (#464102 - closed) • Craig Smith • 17.2 priority1
- Prevent project-level SAST/SD/IaC config files ... (#414732 - closed) • Schmil Monderer • 17.3 priority2
- Report parsing error: [Schema] property '/vulne... (#443628 - closed) • Adam Cohen • 17.3 priority3
documentation
- SAST documentation: latest template is referenc... (#466442 - closed) • Craig Smith • 17.3
- SAST documentation: Document IaC scanning offli... (#466443 - closed) • Craig Smith • 17.3
Technical Writing
This section includes group inputs and the plan for Technical Writing in the milestone.
Technical Writing stable counterpart: @rdickenson
- groupstatic analysis will work trying to achieve https://gitlab.com/gitlab-com/gitlab-OKRs/-/work_items/8107+s
Edited by Julian Thome