Adjust security developer workflow (!122249) · Merge requests · GitLab.org / GitLab

You need to sign in or sign up before continuing.

Steve Abrams requested to merge master-patch-d397 into master May 31, 2023

🔬 What does this MR do and why?

Currently, the security development workflow template instructs the developer to link their security tracking issue to the security release tracking issue as one of the first steps before any development takes place.

This creates a few problems in that it causes issues to be linked possibly a few days before the upcoming security release, when it is likely too late to be included, creating confusion for the developer and toil for the release manager who will likely ask if they were expecting the issue to be included and then asking them to unlink (or telling them their issue will be unlinked) and to re-link when the next security release tracking issue is created.

Instead of linking the issue at the beginning of the process. We should not link it until after development has been completed and all of the MRs are approved and ready to be merged.

Screenshots or screen recordings

n/a

How to set up and validate locally

n/a

🛃 MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited May 31, 2023 by Steve Abrams

Adjust security developer workflow

🔬 What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

🛃 MR acceptance checklist

Merge request reports