Skip to content

Add remind vulnerarbility SLO scheduled automation policy

Jennifer Li requested to merge jennli-fedramp-vuln into master

What does this MR do and why?

Scheduled automation described in https://gitlab.com/gitlab-org/quality/triage-ops/-/issues/1088#note_1086012523 iteration 2

Expected impact & dry-runs

s4 issue breaching in 3 milestones (there is no existing s4 issue so I just picked an arbitrary s3 issue and hardcoded the reminder text to read s4)

# https://gitlab.com/gitlab-org/gitlab/-/issues/368880

@leipert @cdybenko

This ~"FedRAMP Milestone::Vuln Remediation" ~"severity::4" issue will breach its 180 day remediation SLO in %"15.6" in 52 days (2022-10-25). Consider planning for remediation actions soon.

Screen_Shot_2022-09-05_at_12.55.17_AM

1 milestone remaining(current milestone)

# https://gitlab.com/gitlab-org/container-registry/-/issues/750

@michelletorres @trizzi

This ~"FedRAMP Milestone::Vuln Remediation" ~"severity::2" issue will breach its 30 day remediation SLO in the current milestone. Consider taking action before this becomes a ~"Remediation SLO::Breach" in 1 days (2022-09-04).

/label ~"Remediation SLO::Current Milestone"

Screen_Shot_2022-09-05_at_12.49.34_AM

2 weeks (Near Breach)

# https://gitlab.com/gitlab-org/gitlab/-/issues/30073

@m_gill @hsutor

This ~"FedRAMP Milestone::Vuln Remediation" ~"severity::1" issue is approaching its remediation SLO. Consider taking action before this becomes a ~"Remediation SLO::Breach" in 14 days (2022-09-17).


/label ~"Remediation SLO::Near Breach"

Screen_Shot_2022-09-05_at_12.52.38_AM

1 week remaining

# https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3470

@twk3 @dorrino

This ~"FedRAMP Milestone::Vuln Remediation" ~"severity::2" issue is approaching its remediation SLO. Consider taking action before this becomes a ~"Remediation SLO::Breach" in 7 days (2022-09-10).

Screen_Shot_2022-09-05_at_12.53.23_AM

SLO Breached

# https://gitlab.com/gitlab-org/container-registry/-/issues/750

/label ~"Remediation SLO::Breach"

See https://gitlab.com/gitlab-org/quality/triage-ops/-/tree/master/doc/scheduled#testing-with-a-dry-run on how to perform dry-runs.

Action items

  • (If applicable) Add documentation to the handbook pages for Triage Operations =>
  • (If applicable) Identify the affected groups and how to communicate to them:
    • /cc @person_or_group =>
    • Relevant Slack channels =>
    • Engineering week-in-review
Edited by Jennifer Li

Merge request reports