Clarify the deadline for vulnerability issue slo reminder automation
Context
We would like to update the vulnerability slo reminder messages with the new proposed messaging
This vulnerability was initially reported on
December 12, 2023
as anSeverity 3, Priority 3
, which must be fixed within90
days. To meet theMarch 12, 2023.
due date, the change must make it into the security release byFebruary 22, 2023
. This Issue should have an issue status of closed or a workflow status of ~awaiting security release no later than the end of the15.9
Milestone to avoid being past due.
Note the Release date can be calculated as Month
and Date
in which
Month
= the same month of the due date, if the Day of the due date is >= 22nd, or the previous month of the due date, if the Day of the due date is < 22nd.
Date = 22nd
As a result, the Breaching milestone should also be calculated based on the release date, instead of the due date.
Impacted code to update
- Part 1:
Update the reactive automation in https://gitlab.com/gitlab-org/quality/triage-ops/-/blob/master/triage/processor/vulnerability_issue_slo_reminder.rb
- Part 2:
Update the scheduled automation in https://gitlab.com/gitlab-org/quality/triage-ops/-/blob/master/policies/groups/gitlab-org/hygiene/comment-vulnerability-issue-slo.yml