<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=584076) </details> <!--IssueSummary end--> ## Useful Links :arrow_right: [CA - Interlock board](https://gitlab.com/groups/gitlab-org/-/boards/7549657?milestone_title=18.7&label_name%5B%5D=group%3A%3Acomposition%20analysis&assignee_username=albi.yusupova) :arrow_right: [Kanban board](https://gitlab.com/groups/gitlab-org/-/boards/7549657?milestone_title=18.8&assignee_username=albi.yusupova&label_name[]=group%3A%3Acomposition%20analysis) with all features, bugs, and maintenance items picked up to work in this milestone. :arrow_left: [18.6 Planning Issue](https://gitlab.com/gitlab-org/gitlab/-/issues/580737) :arrow_left: [Reaction Rotation Schedule](https://gitlab.com/groups/gitlab-org/secure/-/epics/2#schedule) <!--IssueSummary end--> [[_TOC_]] ## General info ### Theme We need to focus on roadmap deliverables. * Period:  13/Dec/2025 - 09/Jan/2026 * [Reaction rotation](https://handbook.gitlab.com/handbook/engineering/development/sec/secure/composition-analysis/#reaction-rotation): @onaaman @nilieskou ([issue](https://gitlab.com/gitlab-org/secure/general/-/issues/460#note_2952746665)) ### Feature #### Active Development | Description | DRI | Due | Notes | |-------------|-----|-----|-------| | [Dependency Scanning GA](https://gitlab.com/groups/gitlab-org/-/epics/15961) | @gonzoyumo | 18.8 | @ifrenkel is supporting Olivier for this deliverable | | https://gitlab.com/groups/gitlab-org/-/epics/17403+ | @hacks4oats | 18.8 | @albi.yusupova Will work with Oscar on this. | | Fallback on scanning manifest files | | | The idea here is that we refine this and ideally start implementing /cc @gonzoyumo | | Dependency resolution: Building lock/graph files for Java and Python | | | The idea here is that we refine this and ideally start implementing /cc @gonzoyumo | ### Maintenance and bugs #### Standalone issues ##### Bugs ```glql --- display: table fields: title, labels("priority*"), labels("severity*"), labels("Deliverable"), labels("Stretch"), healthStatus, assignees, state --- label = "group::composition analysis" AND label = "type::bug" AND label != "vulnmapper" AND milestone = "18.8" ``` ##### Other ###### Feature ```glql --- display: table fields: title, labels("Deliverable"), labels("Stretch"), labels("workflow::*"), healthStatus, assignees, state --- label = "type::feature" AND label = "group::composition analysis" AND milestone = "18.8" ``` ###### Maintenance ```glql --- display: table fields: title, labels("Deliverable"), labels("Stretch") ,labels("workflow::*"), healthStatus, assignees, state --- label = "type::maintenance" AND label = "group::composition analysis" AND milestone = "18.8" AND label != "docs-only" AND state = opened ```