17.11 AST::Static Analysis planning issue

• General info
• Priorities
  • Feature
  • Maintenance and bugs
  • Standalone issues
    • Bugs
      • P1
      • P2
      • P3
    • Other
      • Feature
      • Maintenance
• Engineering allocation

General info

• Period: 2025-03-15 to 2025-04-11
• Planning board

• Reaction rotation: @adamcohen (primary), @philipcunningham (secondary).

Priorities

Feature

Our highest priority feature work this milestone is:

Priority	Initiative	Issues	DRI
1	Duo Vulnerability Resolution: Gap Analysis for ... (&16060 - closed)	- Duo VR - Manual Assessment of Injection CWEs (#508107 - closed) - Duo VR - Gap Analysis Report for Injection Vuln... (#522870 - closed)	@mbenayoun
2	Enable GitLab Advanced SAST by default (&15145)	DRI on rotation	@adamcohen
3	Advanced SAST support for C and C++ (&14271)	- https://gitlab.com/gitlab-org/gitlab/-/issues/519380+s - https://gitlab.com/gitlab-org/gitlab/-/issues/521428+s	@jleasure
4	Iteration 1 - New metrics for SAST adoption (&16661)	- Define an internal event with analytics instrum... (#521625 - closed) • Julian Thome • 17.11 • On track - https://gitlab.com/gitlab-org/gitlab/-/issues/524371+s - Update report and command modules to add suppor... (#521626 - closed) • Julian Thome • 18.0 • On track - Update semgrep and GLAS analyzers to provide ne... (#521633 - closed) • Julian Thome • 18.0 • On track	@julianthome

Maintenance and bugs

Our highest priority maintenance work this milestone is:

Priority	Initiative	Issues	DRI
1	GLAS | Algorithm improvements (&16656 - closed)	- https://gitlab.com/gitlab-org/gitlab/-/issues/521174+ - GLAS | Optimize multi-core scanning for balance... (#517278 - closed) - https://gitlab.com/gitlab-org/gitlab/-/issues/519859+ - https://gitlab.com/gitlab-org/gitlab/-/issues/519911+ - Lightz | Remove usage of Lazy load for ASTs (#520967 - closed)	@mtolpin

Standalone issues

Bugs

Bugs board (no vulnerabilities, no milestone).

Vulnerabilities are handled by the reaction rotation.

P1

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::1" AND label = "type::bug" AND label != "vulnmapper"  AND milestone = "17.11"

P2

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::2" AND label = "type::bug" AND label != "vulnmapper" AND milestone = "17.11"

P3

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::3" AND label = "type::bug" AND label != "vulnmapper" AND milestone = "17.11"

Other

Feature

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "type::feature" AND label = "group::static analysis" AND milestone = "17.11"

Maintenance

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "type::maintenance" AND label = "group::static analysis" AND milestone = "17.11"

Engineering allocation

• everyone: work on one typebug before picking-up a new issue.
• @adamcohen: typemaintenance primary rotation, typefeature contributing to &16060 (closed).
• @hyan3: typemaintenance contributing to &16656 (closed).
• @jleasure: typefeature DRI for &14271.
• @julianthome: typefeature DRI for &16661.
• @mbenayoun: typefeature DRI for &15716 (closed), (handover to @adamcohen).
• @mtolpin: typemaintenance DRI for &16656 (closed).
• @philipcunningham: typemaintenance secondary rotation, typefeature contributing to &14271.
• @smtan: typemaintenance, typefeature contributing to other.