17.7 Secure:Composition Analysis Planning Issue

• General info
• Priorities
  • Feature
  • Maintenance and bugs
    • Epics
    • Standalone issues
      • Bugs
        • P1
        • P2
        • P3
      • Other
        • Feature
        • Maintenance
• Engineering allocation

General info

• Period:  2024-11-16 to 2024-12-13
• Planning board
• Reaction rotation:

Priorities

Feature

Our Highest Priority feature work this milestone is:

Priority	Initiative	Issues	DRI
1	SBOM-based dependency scanning findings for non... (&14636 - closed)	Add support for security findings into pipeline... (#490334 - closed) Add/Update documentation to cover sbom based se... (#490348 - closed) and the outcome of SPIKE: Store and expose security reports for sc... (#500748 - closed)	@zmartins
2	Deprecate build support on Dependency Scanning ... (&14146 - closed)	TBC	@gonzoyumo
3	Efficient Dependency & Container Vulnerability ... (&11544 - closed)	Expose CVSS, KEV and EPSS score to Vulnerabilit... (#499408 - closed)	@YashaRise
4	Full dependency graph support in new component ... (&7288 - closed)	Report vulnerable dependency paths for Bundler ... (#229812 - closed) Report vulnerable dependency paths for Composer... (#229814 - closed) Report vulnerable dependency paths for Composer... (#229814 - closed) • Igor Frenkel • 17.7 • On track Validate generated SBOMs against gitlab-org/git... (#485657 - closed) • Joey Khabie • 17.7 Ensure existing DS settings continue to work (#476224 - closed) • Oscar Tovar • 17.7 Update dependency scanning QA template for new ... (#498965 - closed) • Igor Frenkel • 17.9 • On track Report vulnerable dependency paths for Bundler ... (#229812 - closed) • Joey Khabie • 17.8 • Needs attention	@ifrenkel
5	Efficient Dependency & Container Vulnerability ... (&11912 - closed)	TBC	@onaaman
6	Stretch Maturing Static Reachability to Beta (&15781 - closed)	#501054 (closed)	@Joey_Khabie
7	License Scanning support for Swift (&15540 - closed)	#498897 (closed)

Maintenance and bugs

Epics

Priority	Initiative	Issues	DRI
1	Issue/Epic

Standalone issues

Bugs

P1

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::composition analysis" AND label = "priority::1" AND label = "type::bug" AND label != "vulnmapper" AND opened = true AND milestone = "17.7"

P2

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::composition analysis" AND label = "priority::2" AND label = "type::bug" AND label != "vulnmapper" AND opened = true AND milestone = "17.7"

P3

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::composition analysis" AND label = "priority::3" AND label = "type::bug" AND label != "vulnmapper" AND opened = true AND milestone = "17.7"

Bugs board (no vulns)

Other

Feature

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "type::feature" AND label = "group::composition analysis" AND opened = true AND milestone = "17.7"

Maintenance

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "type::maintenance" AND label = "group::composition analysis" AND opened = true AND milestone = "17.7"

Engineering allocation

• everyone: typebug work on one bug before picking-up a new issue.
• @gonzoyumo: typefeature and typemaintenance DRI for &14146 (closed)
• @hacks4oats: OOO ~50%
• @ifrenkel: typefeature DRI for &7288 (closed) (OOO last 2 days of iteration)
• @Joey_Khabie: typefeature
• @nilieskou: OOO ~25%
• @onaaman: typefeature DRI for &11912 (closed).
• @YashaRise: typefeature DRI for &11544 (closed). typemaintenance Secondary Reaction Rotation.
• @zmartins: typefeature DRI for &14636 (closed). typemaintenance Primary Reaction Rotation.