2023-07-03 - Quad Planning Issues for Sec

Hi @gl-quality/sec-qe 👋

Please quad-plan the following issues:

Group: groupcompliance

• gitlab-org/gitlab#416573 (closed) Add name field to GCP logging streaming audit events UX, devopsgovern, documentation, frontend, groupcompliance, priority2, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#416450 (closed) Followup changes for event filter model Category:Audit Events, GitLab Ultimate, backend, devopsgovern, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415770 (closed) Add GraphQL destroy API for event filters for instance level external audit event destinations Category:Audit Events, GitLab Ultimate, backend, devopsgovern, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415769 (closed) Add GraphQL list API for event filters for instance level external audit event destinations Category:Audit Events, GitLab Ultimate, backend, devopsgovern, groupcompliance, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#415336 (closed) Follow up update for streaming event UI Next Up, UX, devopsgovern, featureenhancement, frontend, groupcompliance, priority4, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#415268 (closed) Add ability to activate/deactivate headers using the UI Category:Audit Events, GraphQL, Next Up, auto updated, devopsgovern, documentation, featureaddition, frontend, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#415091 (closed) Drop index index_events_on_project_id_and_id_desc_on_merged_action form events table Deliverable, database, devopsgovern, groupcompliance, maintenanceperformance, priority2, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#415013 (closed) [Frontend] Add a section in admin settings for instance-level streaming filtering Category:Audit Events, GitLab Ultimate, devopsgovern, documentation, frontend, groupcompliance, missed:16.0, priority2, sectionsec, self-managed, self-managed, typefeature, workflowready for development %16.2
• testcases#4103 (closed) E2E test for Group-level Audit Event Streaming Enterprise Edition, QA, Quality, devopsgovern, groupcompliance, priority1, sectionsec, test, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#414351 (closed) Update compliance violation date picker labels Next Up, UX, devopsgovern, frontend, groupcompliance, priority4, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#413894 (closed) Add name field to streaming audit events API Deliverable, Next Up, backend, devopsgovern, documentation, groupcompliance, priority3, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#413790 (closed) [Backend] Run compliance standards checks when new projects are created backend, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#413717 (closed) Adherence Report List UX, automation:ml, automation:ml wrong, devopsgovern, documentation, frontend, groupcompliance, priority1, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#413343 (closed) Fix spec violations in ee/spec/frontend/license_compliance/components/license_component_links_spec.js devopsgovern, frontend, frontend-initiative, groupcompliance, maintenancerefactor, sectionsec, test, typemaintenance, vue3-migration, workflowin dev %16.2
• gitlab-org/gitlab#413236 (closed) [Backend] Create GraphQL APIs for adherence report GraphQL, backend, devopsgovern, documentation, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#413235 (closed) [Backend] Backfill compliance standards adherence for existing projects backend, database, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#413234 (closed) [Backend] Add check for committer approved MR backend, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#413231 (closed) [Backend] Add check for fewer than two approvals backend, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#411610 (closed) Add url tooltip to external status checks devopsgovern, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#411595 (closed) Add event type information for audit events using AuditEventService in Group creation Deliverable, automation:ml, backend, devopsgovern, groupcompliance, missed-deliverable, missed:16.1, priority2, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#411357 (closed) Add name field to streaming audit events Next Up, devopsgovern, frontend, groupcompliance, priority3, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#409424 (closed) Add fields for GCP config to streaming form design-weight2, devopsgovern, documentation, frontend, groupcompliance, priority3, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#408315 [default branch protection] remove and drop default_branch_protection column Next Up, backend, devopsgovern, documentation, groupcompliance, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %16.3
• gitlab-org/gitlab#408314 (closed) [default branch protection] deprecate default_branch_protection Next Up, backend, devopsgovern, featureenhancement, groupcompliance, sectionsec, typefeature, workflowready for development %16.3
• gitlab-org/gitlab#408153 (closed) [default branch protection] Backfill existing settings to new jsonb column Next Up, automation:ml, automation:ml wrong, backend, devopsgovern, featureenhancement, groupcompliance, missed:16.1, priority2, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#408151 (closed) [default branch protection] Update settings API to accept a protected branches payload Category:Source Code Management, Next Up, automation:ml, automation:ml wrong, backend, devopsgovern, featureenhancement, groupcompliance, priority2, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#404730 (closed) [Backend] Add audit events on change in instance level external audit event destinations Category:Audit Events, GitLab Ultimate, backend, devopsgovern, documentation, groupcompliance, missed:15.11, missed:16.0, missed:16.1, priority2, sectionsec, self-managed, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#393772 (closed) [Feature flag] Rollout of ff_external_audit_events Category:Consumables Cost Management, automation:ml, devopsgovern, feature flag, groupcompliance, missed:16.1, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#389467 (closed) Remove Required Pipeline Configuration Category:Continuous Integration, GitLab Ultimate, Technical Writing, breaking change, deprecation, devopsgovern, documentation, groupcompliance, sectionsec, typemaintenance, workflowready for development %17.0
• gitlab-org/gitlab#374110 (closed) Add event type information for audit events using AuditEventService in CI Runner Category:Audit Events, GitLab Ultimate, Hacktoberfest, Next Up, [deprecated] Accepting merge requests, backend, devopsgovern, documentation, groupcompliance, missed:15.10, missed:15.11, missed:16.0, missed:16.1, priority2, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#353356 (closed) Fix N+1 in status checks API Next Up, [deprecated] Accepting merge requests, auto updated, backend, devopsgovern, groupcompliance, maintenancerefactor, missed:15.10, missed:15.11, missed:15.7, missed:15.8, missed:16.0, missed:16.1, priority3, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#233478 (closed) Add the ability for a user to test their API-based approval rules Category:Compliance Management, Deliverable, Enterprise Edition, GitLab Ultimate, Next Up, devopsgovern, documentation, frontend, groupcompliance, missed-deliverable, missed:15.11, missed:16.0, priority3, sectionsec, typefeature, workflowready for development %16.4

Group: groupcomposition analysis

• gitlab-org/gitlab#416357 (closed) Drop vulnerability_advisories table Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, SCA:Dependency Scanning, backend, devopssecure, featureenhancement, groupcomposition analysis, missed:16.0, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab-vscode-extension#796 (closed) [FE] - Render skeketon app for security findings devopssecure, groupcomposition analysis, sectionsec, workflowready for development %16.2
• gitlab-org/gitlab-vscode-extension#795 (closed) [FE] - Rename issuable directories and file names, update build config file paths and imports. Ensure app compiles and builds. devopssecure, groupcomposition analysis, sectionsec, workflowready for development %16.2
• gitlab-org/gitlab-vscode-extension#794 (closed) [FE] - Add mocked PipelineSecurityFinding data devopssecure, groupcomposition analysis, sectionsec, workflowready for development %16.2
• gitlab-org/gitlab#415158 (closed) Capture metadata about license classification Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:License Scanning, backend, devopssecure, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#414002 (closed) Add instructions on how to remove v1 package metadata Category:Software Composition Analysis, Deliverable, GitLab Ultimate, SCA:License Scanning, backend, database, devopssecure, feature flag, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#412469 (closed) npm feeder job exceeds job timeout: follow-up Deliverable, License-DBdevelopment, SCA:License Scanning, backend, devopssecure, groupcomposition analysis, maintenancerefactor, missed-deliverable, missed:16.1, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#404587 (closed) Add workaround in Container Scanning to allow us to update Trivy without first downloading java-db Category:Container Scanning, Deliverable, backend, customer, devopssecure, groupcomposition analysis, maintenancerefactor, priority1, sectionsec, severity2, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#398680 (closed) Add support for Version 2 of Nuget's packages.lock.json in SCA Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, SCA:License Scanning, automation:ml, automation:self-triage-encouraged, backend, customer, devopssecure, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#398627 (closed) Exclude Gemnasium's Dependency Scanning reports when scanning SBOM components Category:Container Scanning, Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, WorkingGroupContinuousScanning, backend, devopssecure, featureenhancement, groupcomposition analysis, missed-deliverable, missed:16.0, missed:16.1, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#398992 (closed) Remove git-core from Container Scanning and use diff to create remediation patch Category:Container Scanning, Deliverable, backend, devopssecure, groupcomposition analysis, maintenancerefactor, missed-deliverable, missed:16.1, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab-vscode-extension#715 (closed) [FE] Render WebView for VulnFinding automation:ml, automation:ml wrong, devopssecure, groupcomposition analysis, sectionsec, workflowready for development %16.2
• gitlab-org/gitlab#374136 (closed) Re-enable gemnasium tests with timeout issues Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, Deliverable, SCA:Dependency Scanning, backend, devopssecure, groupcomposition analysis, maintenancepipelines, missed-deliverable, missed:16.1, priority1, sectionsec, test, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#371065 (closed) Add service to match new advisory against the SBOM component corpus Category:Container Scanning, Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, WorkingGroupContinuousScanning, [deprecated] Accepting merge requests, backend, devopssecure, featureenhancement, groupcomposition analysis, missed-deliverable, missed:16.1, sectionsec, typefeature, workflowin dev %16.3
• gitlab-org/gitlab#348538 (closed) Report vulnerable dependency paths for conan (C, C++) AST Leadership, Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, [deprecated] Accepting merge requests, backend, devopssecure, groupcomposition analysis, sectionsec, typefeature, workflowready for development %16.2

Group: groupstatic analysis

• gitlab-org/gitlab#413273 (closed) Secret Detection false positive testing Category:Secret Detection, devopssecure, groupstatic analysis, maintenancetest-gap, missed:16.1, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#407759 (closed) Explore changelog trailers for SAST projects devopssecure, groupstatic analysis, maintenanceworkflow, missed:16.1, sectionsec, typemaintenance, workflowready for development %16.2
• https://gitlab.com/gitlab-org/gitlab/-/issues/387832 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#385110 (closed) Dogfood bring-your-own Code Quality for gitlab-org/gitlab Category:Code Quality, Deliverable, Dogfooding, devopssecure, groupstatic analysis, missed-deliverable, missed:15.11, missed:15.9, missed:16.1, sectionsec, typefeature, workflowin dev %16.2

Group: groupthreat insights

• gitlab-org/gitlab#416612 Follow-up from "Expose dismissal_reason on VulnerabilityType" backend, devopsgovern, documentation, feature flag, groupthreat insights, maintenancerefactor, pipeline:mr-approved, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#416512 (closed) Spike: Investigate deprecation of project.pipeline.securityReportFindings in favour of project.pipeline.vulnerabilities Category:Vulnerability Management, GitLab Core, GitLab Premium, GitLab Ultimate, devopsgovern, frontend, groupthreat insights, maintenancerefactor, sectionsec, spike, typemaintenance, workflowready for development %16.4
• gitlab-org/gitlab#415457 (closed) [MR Widget] Migrate Status Checks to V2 Threat InsightsNavy, devopsgovern, frontend, groupthreat insights, maintenancerefactor, sectionsec, typemaintenance, workflowin dev %16.2
• gitlab-org/gitlab#415108 (closed) Improve integration tests coverage for VulnerabilityType Category:Vulnerability Management, automation:ml, backend, devopsgovern, groupthreat insights, maintenancetest-gap, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#414861 (closed) Update the Explain this Vulnerability Alert Category:Vulnerability Management, GitLab Ultimate, devopsgovern, frontend, groupthreat insights, sectionsec, workflowin dev %16.2
• gitlab-org/gitlab#413356 (closed) Fix spec violations in ee/spec/frontend/security_dashboard/components/pipeline/security_dashboard_table_row_spec.js devopsgovern, frontend, frontend-initiative, groupthreat insights, maintenancerefactor, sectionsec, test, typemaintenance, vue3-migration, workflowin dev %16.2
• gitlab-org/gitlab#412841 (closed) Provide & edit dismissal reason in finding modal Category:Vulnerability Management, Threat InsightsNavy, UX, devopsgovern, featureenhancement, frontend, groupthreat insights, missed:16.1, sectionsec, typefeature, workflowin dev %16.2
• gitlab-org/gitlab#412602 (closed) Admin interface to delete vulnerabilities in bulk Threat InsightsTangerine, backend, devopsgovern, featureenhancement, groupthreat insights, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#412186 (closed) [Feature flag] Cleanup load_merge_request_via_links backend, devopsgovern, feature flag, groupthreat insights, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#411293 Update text for SecureFlag Integration Threat InsightsNavy, backend, devopsgovern, groupthreat insights, missed:16.1, quick win, sectionsec, typemaintenance, workflowready for development %16.2
• gitlab-org/gitlab#410690 Fix injected enabled_reports on page load during active pipeline GraphQL, Threat InsightsTangerine, backend, devopsgovern, frontend, groupthreat insights, missed:16.0, sectionsec, typefeature, workflowready for development %16.2
• gitlab-org/gitlab#409068 (closed) [FE] Add popover with search for location column Category:Dependency Management, GitLab Ultimate, Threat InsightsTangerine, devopsgovern, frontend, groupthreat insights, sectionsec, typefeature, workflowready for development %16.2

---

Job URL: https://gitlab.com/gitlab-org/quality/triage-ops/-/jobs/4580871940

This report was generated from this policy