2023-06-26 - Quad Planning Issues for Sec

Hi @gl-quality/sec-qe 👋

Please quad-plan the following issues:

Group: groupcompliance

• gitlab-org/gitlab#415770 (closed) Add GraphQL destroy API for event filters for instance level external audit event destinations Category:Audit Events, GitLab Ultimate, backend, devopsgovern, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415769 (closed) Add GraphQL list API for event filters for instance level external audit event destinations Category:Audit Events, GitLab Ultimate, backend, devopsgovern, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415768 (closed) Add GraphQL create API for event filters for instance level external audit event destinations Category:Audit Events, GitLab Ultimate, backend, devopsgovern, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415339 (closed) [Documentation] Add documentation for instance level audit event streaming headers Category:Audit Events, Next Up, backend, customer, devopsgovern, documentation, groupcompliance, missed:16.1, priority2, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#415336 (closed) Follow up update for streaming event UI Next Up, UX, devopsgovern, featureenhancement, frontend, groupcompliance, priority4, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415268 (closed) Add ability to activate/deactivate headers using the UI Category:Audit Events, GraphQL, Next Up, auto updated, devopsgovern, documentation, featureaddition, frontend, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415091 (closed) Drop index index_events_on_project_id_and_id_desc_on_merged_action form events table database, devopsgovern, groupcompliance, maintenanceperformance, priority2, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#415013 (closed) [Frontend] Add a section in admin settings for instance-level streaming filtering Category:Audit Events, GitLab Ultimate, devopsgovern, documentation, frontend, groupcompliance, missed:16.0, priority2, sectionsec, self-managed, self-managed, typefeature, workflowready for development %16.2
• testcases#4103 (closed) E2E test for Group-level Audit Event Streaming Enterprise Edition, QA, Quality, devopsgovern, groupcompliance, priority1, sectionsec, test, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#414351 (closed) Update compliance violation date picker labels Next Up, UX, devopsgovern, frontend, groupcompliance, priority4, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#413894 (closed) Add name field to streaming audit events API Next Up, backend, devopsgovern, documentation, groupcompliance, priority3, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#413790 (closed) [Backend] Run compliance standards checks when new projects are created backend, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#413723 (closed) Create pending status check responses on MR creation backend, devopsgovern, groupcompliance, missed:16.1, priority2, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#413717 (closed) Adherence Report List UX, automation:ml, automation:ml wrong, devopsgovern, documentation, frontend, groupcompliance, priority1, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#413343 (closed) Fix spec violations in ee/spec/frontend/license_compliance/components/license_component_links_spec.js devopsgovern, frontend, frontend-initiative, groupcompliance, maintenancerefactor, sectionsec, test, typemaintenance, vue3-migration, workflowin dev %16.2
• gitlab-org/gitlab#413236 (closed) [Backend] Create GraphQL APIs for adherence report GraphQL, backend, devopsgovern, documentation, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#413235 (closed) [Backend] Backfill compliance standards adherence for existing projects backend, database, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#413234 (closed) [Backend] Add check for committer approved MR backend, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#413231 (closed) [Backend] Add check for fewer than two approvals backend, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#411610 (closed) Add url tooltip to external status checks devopsgovern, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#411595 (closed) Add event type information for audit events using AuditEventService in Group creation Deliverable, automation:ml, backend, devopsgovern, groupcompliance, missed-deliverable, missed:16.1, priority2, sectionsec, typefeature, workflowready for development %16.2
• testcases#4080 (closed) E2E test for Instance-level Audit Event Streaming Enterprise Edition, QA, Quality, devopsgovern, groupcompliance, priority1, sectionsec, test, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#411357 (closed) Add name field to streaming audit events Next Up, devopsgovern, frontend, groupcompliance, priority3, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#409424 (closed) Add fields for GCP config to streaming form design-weight2, devopsgovern, documentation, frontend, groupcompliance, priority3, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#408315 [default branch protection] remove and drop default_branch_protection column Next Up, backend, devopsgovern, documentation, groupcompliance, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %16.3
• gitlab-org/gitlab#408314 (closed) [default branch protection] deprecate default_branch_protection Next Up, backend, devopsgovern, featureenhancement, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#408153 (closed) [default branch protection] Backfill existing settings to new jsonb column Next Up, automation:ml, automation:ml wrong, backend, devopsgovern, featureenhancement, groupcompliance, missed:16.1, priority2, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#408151 (closed) [default branch protection] Update settings API to accept a protected branches payload Category:Source Code Management, Next Up, automation:ml, automation:ml wrong, backend, devopsgovern, featureenhancement, groupcompliance, priority2, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#404730 (closed) [Backend] Add audit events on change in instance level external audit event destinations Category:Audit Events, GitLab Ultimate, backend, devopsgovern, documentation, groupcompliance, missed:15.11, missed:16.0, missed:16.1, priority2, sectionsec, self-managed, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#393772 (closed) [Feature flag] Rollout of ff_external_audit_events Category:Consumables Cost Management, automation:ml, devopsgovern, feature flag, groupcompliance, missed:16.1, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#389467 (closed) Remove Required Pipeline Configuration Category:Continuous Integration, GitLab Ultimate, Technical Writing, breaking change, deprecation, devopsgovern, documentation, groupcompliance, sectionsec, typemaintenance, workflowready for development %17.0
• gitlab-org/gitlab#374110 (closed) Add event type information for audit events using AuditEventService in CI Runner Category:Audit Events, GitLab Ultimate, Hacktoberfest, Next Up, [deprecated] Accepting merge requests, backend, devopsgovern, documentation, groupcompliance, missed:15.10, missed:15.11, missed:16.0, missed:16.1, priority2, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#370349 (closed) Don't create compliance framework changes audit events when there is no change Category:Audit Events, GitLab Premium, GitLab Ultimate, [deprecated] Accepting merge requests, backend, devopsgovern, groupcompliance, priority2, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#370342 (closed) Don't create protected branch changes audit events when there is no change Category:Audit Events, GitLab Premium, GitLab Ultimate, [deprecated] Accepting merge requests, backend, devopsgovern, groupcompliance, priority2, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#353356 (closed) Fix N+1 in status checks API Next Up, [deprecated] Accepting merge requests, auto updated, backend, devopsgovern, groupcompliance, maintenancerefactor, missed:15.10, missed:15.11, missed:15.7, missed:15.8, missed:16.0, missed:16.1, priority3, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#233478 (closed) Add the ability for a user to test their API-based approval rules Category:Compliance Management, Deliverable, Enterprise Edition, GitLab Ultimate, Next Up, devopsgovern, documentation, frontend, groupcompliance, missed-deliverable, missed:15.11, missed:16.0, priority3, sectionsec, typefeature, workflowready for development %16.4

Group: groupcomposition analysis

• gitlab-org/gitlab-vscode-extension#796 (closed) [FE] - Render skeketon app for security findings devopssecure, groupcomposition analysis, sectionsec, workflowready for development %16.2
• gitlab-org/gitlab-vscode-extension#795 (closed) [FE] - Rename issuable directories and file names, update build config file paths and imports. Ensure app compiles and builds. devopssecure, groupcomposition analysis, sectionsec, workflowready for development %16.2
• gitlab-org/gitlab-vscode-extension#794 (closed) [FE] - Add mocked PipelineSecurityFinding data devopssecure, groupcomposition analysis, sectionsec, workflowready for development %16.2
• gitlab-org/gitlab#416018 (closed) Advisory-feeder fails due to renamed advisory Category:Software Composition Analysis, License-DBdevelopment, backend, devopssecure, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#415759 (closed) Export of advisories fails because of unsupported identifiers (Rubygem) Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, License-DBdevelopment, SCA:Dependency Scanning, backend, devopssecure, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#415158 (closed) Capture metadata about license classification Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:License Scanning, backend, devopssecure, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#412469 (closed) npm feeder job exceeds job timeout: follow-up Deliverable, License-DBdevelopment, SCA:License Scanning, backend, devopssecure, groupcomposition analysis, maintenancerefactor, missed-deliverable, missed:16.1, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#404587 (closed) Add workaround in Container Scanning to allow us to update Trivy without first downloading java-db Category:Container Scanning, Deliverable, backend, customer, devopssecure, groupcomposition analysis, maintenancerefactor, priority1, sectionsec, severity2, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#398680 (closed) Add support for Version 2 of Nuget's packages.lock.json in SCA Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, SCA:License Scanning, automation:ml, automation:self-triage-encouraged, backend, customer, devopssecure, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab-vscode-extension#715 (closed) [FE] Render WebView for VulnFinding automation:ml, automation:ml wrong, devopssecure, groupcomposition analysis, sectionsec, workflowready for development %16.2
• gitlab-org/gitlab#374136 (closed) Re-enable gemnasium tests with timeout issues Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, Deliverable, SCA:Dependency Scanning, backend, devopssecure, groupcomposition analysis, maintenancepipelines, missed-deliverable, missed:16.1, priority1, sectionsec, test, typemaintenance, workflowready for development %16.2

Group: groupstatic analysis

• gitlab-org/gitlab#413878 Prepare secret-detection CI component for GA Category:Secret Detection, devopssecure, featureconsolidation, groupstatic analysis, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#413876 Prepare sast CI component for GA Category:SAST, devopssecure, featureconsolidation, groupstatic analysis, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#413273 (closed) Secret Detection false positive testing Category:Secret Detection, devopssecure, groupstatic analysis, maintenancetest-gap, missed:16.1, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#413067 Prepare code-quality CI component for GA Category:Code Quality, devopssecure, featureconsolidation, groupstatic analysis, sectionsec, typefeature, workflowin dev %16.2
• https://gitlab.com/gitlab-org/gitlab/-/issues/411616 Automate SAST analyzer release process automation:ml, devopssecure, groupstatic analysis, maintenancerelease, missed:16.0, missed:16.1, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#407759 (closed) Explore changelog trailers for SAST projects devopssecure, groupstatic analysis, maintenanceworkflow, missed:16.1, sectionsec, typemaintenance, workflowready for development %16.2
• https://gitlab.com/gitlab-org/gitlab/-/issues/387832 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#385110 (closed) Dogfood bring-your-own Code Quality for gitlab-org/gitlab Category:Code Quality, Deliverable, Dogfooding, devopssecure, groupstatic analysis, missed-deliverable, missed:15.11, missed:15.9, missed:16.1, sectionsec, typefeature, workflowin dev %16.2

Group: groupthreat insights

• gitlab-org/gitlab#415615 (closed) Explain This Vulnerability: Enable FE to set prompt inclusion for AI request backend, devopsgovern, featureaddition, groupthreat insights, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415457 (closed) [MR Widget] Migrate Status Checks to V2 Threat InsightsNavy, devopsgovern, frontend, groupthreat insights, maintenancerefactor, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#415108 (closed) Improve integration tests coverage for VulnerabilityType Category:Vulnerability Management, automation:ml, backend, devopsgovern, groupthreat insights, maintenancetest-gap, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#414861 (closed) Update the Explain this Vulnerability Alert Category:Vulnerability Management, GitLab Ultimate, devopsgovern, frontend, groupthreat insights, sectionsec, workflowin dev %16.2
• gitlab-org/gitlab#413356 (closed) Fix spec violations in ee/spec/frontend/security_dashboard/components/pipeline/security_dashboard_table_row_spec.js devopsgovern, frontend, frontend-initiative, groupthreat insights, maintenancerefactor, sectionsec, test, typemaintenance, vue3-migration, workflowin dev %16.2
• gitlab-org/gitlab#412841 (closed) Provide & edit dismissal reason in finding modal Category:Vulnerability Management, Threat InsightsNavy, UX, devopsgovern, featureenhancement, frontend, groupthreat insights, missed:16.1, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#412602 (closed) Admin interface to delete vulnerabilities in bulk Threat InsightsTangerine, backend, devopsgovern, featureenhancement, groupthreat insights, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#412186 (closed) [Feature flag] Cleanup load_merge_request_via_links backend, devopsgovern, feature flag, groupthreat insights, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#411774 (closed) Expose Dismissal Reason on the VulnerabilityType backend, database, devopsgovern, featureaddition, groupthreat insights, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#411293 Update text for SecureFlag Integration Threat InsightsNavy, backend, devopsgovern, groupthreat insights, missed:16.1, quick win, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#409068 (closed) [FE] Add popover with search for location column Category:Dependency Management, GitLab Ultimate, Threat InsightsTangerine, devopsgovern, frontend, groupthreat insights, sectionsec, typefeature, workflowready for development %16.2

---

Job URL: https://gitlab.com/gitlab-org/quality/triage-ops/-/jobs/4537457416

This report was generated from this policy