18.0 AST::Static Analysis planning issue

General info
Priorities
- Feature
- Maintenance and bugs
- Standalone issues
  - Bugs
    - P1
    - P2
    - P3
  - Other
    - Feature
    - Maintenance
Engineering allocation

General info

Period: 2025-04-12 to 2025-05-09
Planning board
Reaction rotation: @philipcunningham (primary), @smtan (secondary) (reaction rotation issue).

Priorities

Feature

Our highest priority feature work this milestone is:

Priority	Initiative	Issues	DRI
1	Duo Vulnerability Resolution: Gap Analysis for ... (&16060 - closed)	- Issue 1+ - ...	@mbenayoun
2	Enable GitLab Advanced SAST by default (&15145)	- Issue 1+ - ...	@adamcohen
3	SAST support for C and C++: experiment release (&17343 - closed)	clangsa-sast: create project scaffold (#534712 - closed) • Jason Leasure • 18.0 • On track clangsa-sast: implement filters (exclude paths ... (#533889 - closed) • Jason Leasure • 18.0 • On track clangsa-sast: implement report parser (#533888 - closed) • Jason Leasure • 18.0 • On track clangsa-sast: implement analyzer configuration (#533891 - closed) • Jason Leasure • 18.0	@jleasure
4	Iteration 1 - New metrics for SAST adoption (&16661)	- Update report and command modules to add suppor... (#521626 - closed) • Julian Thome • 18.0 • On track - Update semgrep and GLAS analyzers to provide ne... (#521633 - closed) • Julian Thome • 18.0 • On track - Create the tableau charts using the new event type (#521632 - closed) • Julian Thome • 18.0 • On track	@julianthome
5	Duo Vulnerability Resolution: Add support for r... (&15716 - closed)	workflowplanning breakdown for next sub-epic	@adamcohen
6	Faster Advanced SAST: Diff-based scanning in MRs (&16790)	workflowplanning breakdown	@smtan

Maintenance and bugs

Our highest priority maintenance work this milestone is:

Priority	Initiative	Issues	DRI
1	https://gitlab.com/groups/gitlab-org/-/epics/17336+	- Lightz-AIO \| Improve rules splitting (#535119 - closed) - https://gitlab.com/gitlab-org/gitlab/-/issues/533514+	@mtolpin

Standalone issues

Bugs

Bugs board (no vulnerabilities, no milestone).

Vulnerabilities are handled by the reaction rotation.

P1

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::1" AND label = "type::bug" AND label != "vulnmapper"  AND milestone = "18.0"

P2

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::2" AND label = "type::bug" AND label != "vulnmapper" AND milestone = "18.0"

P3

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "group::static analysis" AND label = "priority::3" AND label = "type::bug" AND label != "vulnmapper" AND milestone = "18.0"

Other

Feature

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "type::feature" AND label = "group::static analysis" AND milestone = "18.0"

Maintenance

---
display: table
fields: title, healthStatus, assignees
---
epic = none AND label = "type::maintenance" AND label = "group::static analysis" AND milestone = "18.0"

Engineering allocation

everyone: work on one typebug before picking-up a new issue.
@adamcohen: typefeature DRI for &15145 and &15716 (closed)
@hyan3: typefeature contributing to &17343 (closed)
@jleasure: typefeature DRI for &17343 (closed)
@julianthome: typefeature DRI for &16661
@mtolpin: typemaintenance DRI for &16656 (closed), contributing to other
@philipcunningham: typemaintenance primary rotation
@smtan: typemaintenance secondary rotation, typefeature DRI for &16790

Edited Apr 24, 2025 by Jason Leasure