17.7 AST::Static Analysis planning issue

General info

Priorities

Feature

Our Highest Priority feature work this milestone is:

Priority Initiative Issues DRI
1 Duo Vulnerability Resolution: Add support for r... (&15716 - closed) workflowplanning breakdown @mbenayoun
2 real-time SAST scan post experiment release fol... (&15770 - closed) - Upgrade to latest Runway (#497799 - closed) • Jason Leasure • 17.7
- Investigate replacing bespoke OIDC discovery wi... (#493442 - closed) • Jason Leasure • Backlog • Needs attention
- Accelerate engineering onboarding (#488047 - closed) • Jason Leasure • 17.7 • On track
- Add automatic dependency update process (#499727 - closed) • Jason Leasure • 17.7
- Merge user facing documentation (#488046 - closed) • Jason Leasure • 17.9
@jleasure
3 Understanding the Vulnerability Deduplication P... (&14805 - closed) - Add vulneratiliby tracking tests to the GitLab ... (#478498 - closed) • Julian Thome • 17.7 • On track
- Document status-quo of vulnerability tracking (#478499 - closed) • Julian Thome • 17.7 • On track
- https://gitlab.com/gitlab-org/gitlab/-/issues/478500+s
-Distill tracking approach into a vulnerability ... (#509135 - closed) • Julian Thome • 17.7 • On track 		@julianthome

Maintenance and bugs

Priority Initiative Issues DRI
1 Advanced SAST engine (Lightz) - Maintenance, bu... (&14848 - closed) - GLAS - SECURE_LOG_LEVEL should enable lightz de... (#500648 - closed) • Philip Cunningham • 17.7
- https://gitlab.com/gitlab-org/gitlab/-/issues/493284+s
- https://gitlab.com/gitlab-org/gitlab/-/issues/480217+s
- Lightz-AIO | Refactor "--test" to be not depend... (#498665 - closed) • Hua Yan • 17.8 • On track
- https://gitlab.com/gitlab-org/gitlab/-/issues/479667+s
- Lightz - Investigate extremely long scan time o... (#501758 - closed) • Meir Benayoun • 17.9 • On track 		@mtolpin
2 Split IaC Scanning from SAST (&10654) workflowplanning breakdown @adamcohen

Standalone issues

Bugs

Bugs board (no vulnerabilities, no milestone).

Vulnerabilities are handled by the reaction rotation.

P1
---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::1" AND label = "type::bug" AND label != "vulnmapper" AND opened = true AND milestone = "17.7"
P2
---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::2" AND label = "type::bug" AND label != "vulnmapper" AND opened = true AND milestone = "17.7"
P3
---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::3" AND label = "type::bug" AND label != "vulnmapper" AND opened = true AND milestone = "17.7"

Other

Feature
---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "type::feature" AND label = "group::static analysis" AND opened = true AND milestone = "17.7"
Maintenance
---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "type::maintenance" AND label = "group::static analysis" AND opened = true AND milestone = "17.7"

Engineering allocation

Edited by Julian Thome