2023-09-04 - Quad Planning Issues for Sec
Hi @gl-quality/sec-qe
Please quad-plan the following issues:
groupcompliance
Group:- gitlab-org/gitlab#423229 (closed) [Backend] CRUD GraphQL APIs for audit event destinations for AWS S3 GraphQL, backend, devopsgovern, featureaddition, ~"goal::stretch", groupcompliance, sectionsec, typefeature, workflowready for development %16.4
- gitlab-org/gitlab#421959 (closed) [BE] Add optional SAML auth flow to MergeRequest Approvals devopsgovern, groupcompliance, priority1, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#421944 (closed) [BE] Add setting for SAML based MR approval devopsgovern, groupcompliance, missed:16.3, priority1, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#421327 (closed) Add alert for standards adherence ui when graphql queries fail devopsgovern, featureenhancement, frontend, groupcompliance, sectionsec, typefeature, workflowin dev %16.4
- testcases#4135 (closed) E2E test for SAML SSO authentication for merge request password approval QA, Quality, devopsgovern, groupcompliance, sectionsec, test, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#419855 (closed) ClickHouse production readiness devopsgovern, groupcompliance, missed:16.3, priority1, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#418096 (closed) Migrate ee/app/assets/javascripts/compliance_dashboard/components/violations_report/shared/merge_commits_export_button.vue to GlDisclosureDropdown or GlCollapsibleListbox Pajamas, Pajamas Migration Day, SUSImpacting, component:dropdown, devopsgovern, ~"goal::planning", groupcompliance, maintenancerefactor, pajamasintegrate, sectionsec, severity4, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#418038 (closed) Migrate ee/app/assets/javascripts/compliance_dashboard/components/violations_report/violations/branch_dropdown_filter.vue to GlDisclosureDropdown or GlCollapsibleListbox Pajamas, Pajamas Migration Day, SUSImpacting, component:dropdown, devopsgovern, groupcompliance, maintenancerefactor, pajamasintegrate, sectionsec, severity4, typemaintenance, workflowready for development %16.5
- gitlab-org/gitlab#418048 (closed) Migrate ee/app/assets/javascripts/audit_events/components/sorting_field.vue to GlDisclosureDropdown or GlCollapsibleListbox Pajamas, Pajamas Migration Day, SUSImpacting, component:dropdown, devopsgovern, ~"goal::development", groupcompliance, maintenancerefactor, pajamasintegrate, sectionsec, severity4, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#416988 (closed) [Feature flag] Rollout of compliance_adherence_report backend, devopsgovern, feature flag, featureaddition, groupcompliance, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#414495 (closed) [Feature flag] Enable the adherence report UI in the compliance center automation:ml, devopsgovern, feature flag, ~"goal::development", groupcompliance, sectionsec, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#413736 (closed) Export Adherence Report UX, devopsgovern, documentation, frontend, groupcompliance, priority3, sectionsec, typefeature, workflowready for development %16.5
- gitlab-org/gitlab#413734 (closed) Adherence Report Filtering Deliverable, UX, devopsgovern, documentation, frontend, groupcompliance, missed-deliverable, missed:16.3, priority3, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#413723 (closed) Create pending status check responses on MR creation backend, devopsgovern, groupcompliance, missed:16.1, missed:16.2, missed:16.3, priority2, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#412450 (closed) Follow up: Clean up redundant tests in audit worker automation:ml, automation:ml wrong, devopsgovern, ~"goal::stretch", groupcompliance, priority3, sectionsec, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#411610 (closed) Add url tooltip to external status checks devopsgovern, ~"goal::stretch", groupcompliance, sectionsec, typefeature, workflowready for development %16.4
- testcases#4082 E2E test for Chain of custody report for all commits QA, Quality, devopsgovern, groupcompliance, priority2, sectionsec, test, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#411502 (closed) Add "Add Compliance Framework to a project" as a customizable permission backend, customer, devopsgovern, documentation, ~"goal::planning", groupcompliance, missed:16.3, priority3, sectionsec, typefeature, workflowready for development %16.4
-
gitlab-org/gitlab#408315 [default branch protection] remove and drop
default_branch_protection
column Next Up, backend, breaking change, devopsgovern, documentation, groupcompliance, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %17.0 -
gitlab-org/gitlab#408314 (closed) [default branch protection] deprecate
default_branch_protection
Next Up, backend, devopsgovern, featureenhancement, ~"goal::complete", groupcompliance, missed:16.3, sectionsec, typefeature, workflowready for development %16.4 -
gitlab-org/gitlab#408152 (closed) [default branch protection] Update
ProtectDefaultBranchService
to use new settings column Next Up, automation:ml, automation:ml wrong, backend, devopsgovern, ~"goal::complete", groupcompliance, priority2, sectionsec, typefeature, workflowin dev %16.4 - gitlab-org/gitlab#389467 (closed) Remove Required Pipeline Configuration Category:Continuous Integration, GitLab Ultimate, Technical Writing, breaking change, deprecation, devopsgovern, documentation, groupcompliance, sectionsec, typemaintenance, workflowready for development %17.0
- gitlab-org/gitlab#377762 (closed) (confidential) ~"(confidential)" %"(confidential)"
- gitlab-org/gitlab#377758 (confidential) ~"(confidential)" %"(confidential)"
- gitlab-org/gitlab#377633 (confidential) ~"(confidential)" %"(confidential)"
-
gitlab-org/gitlab#374110 (closed) Add event type information for audit events using AuditEventService in
CI Runner
Category:Audit Events, Deliverable, GitLab Ultimate, Hacktoberfest, Next Up, [deprecated] Accepting merge requests, backend, devopsgovern, documentation, ~"goal::development", groupcompliance, missed-deliverable, missed:15.10, missed:15.11, missed:16.0, missed:16.1, missed:16.2, missed:16.3, priority2, sectionsec, typefeature, workflowready for development %16.4 - gitlab-org/gitlab#370701 (closed) Don't create IP restriction audit events when there is no change Category:Audit Events, GitLab Premium, GitLab Ultimate, [deprecated] Accepting merge requests, backend, devopsgovern, groupcompliance, priority2, sectionsec, typemaintenance, workflowready for development %16.5
- gitlab-org/gitlab#370697 (closed) Don't create DAST site profile audit events when there is no change Category:Audit Events, GitLab Premium, GitLab Ultimate, [deprecated] Accepting merge requests, backend, devopsgovern, ~"goal::complete", groupcompliance, priority3, sectionsec, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#370696 (closed) Don't create DAST scanner profile audit events when there is no change Category:Audit Events, GitLab Premium, GitLab Ultimate, [deprecated] Accepting merge requests, backend, devopsgovern, ~"goal::complete", groupcompliance, priority3, sectionsec, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#370695 (closed) Don't create DAST profile schedule update audit events when there is no change Category:Audit Events, GitLab Premium, GitLab Ultimate, [deprecated] Accepting merge requests, backend, devopsgovern, ~"goal::complete", groupcompliance, priority3, sectionsec, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#370371 (closed) Don't create DAST profile update audit events when there is no change GitLab Premium, GitLab Ultimate, [deprecated] Accepting merge requests, backend, devopsgovern, ~"goal::complete", groupcompliance, priority2, sectionsec, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#333372 (closed) [Backend] Send namespace-level audit events to S3 destination Category:Audit Events, backend, devopsgovern, ~"goal::development", groupcompliance, sectionsec, typefeature, workflowready for development %16.4
- gitlab-org/gitlab#333371 (closed) [Backend] Set audit event destination settings for S3 for a Group Category:Audit Events, GitLab Ultimate, GraphQL, backend, database, devopsgovern, featureaddition, ~"goal::complete", groupcompliance, sectionsec, typefeature, workflowready for development %16.4
- gitlab-org/gitlab#250663 (closed) Add audit event for downloading CI artifacts Category:Audit Events, audit_eventshigh_volume_event, backend, customer, devopsgovern, groupcompliance, priority4, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#8070 (closed) Add project, group and instance-level variable changes to audit events Category:Audit Events, Category:Secrets Management, Enterprise Edition, [deprecated] Accepting merge requests, audit_eventskeys_and_tokens, backend, customer, devopsgovern, ~"goal::development", groupcompliance, ~"ideal for new hires", priority2, sectionsec, typefeature, workflowready for development %16.4
groupcomposition analysis
Group:- gitlab-org/gitlab#423307 (closed) Technical evaluation: each_batch does not work with preloaded associations Deliverable, backend, devopssecure, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#385176 (closed) [Feature flag] Cleanup license_scanning_sbom_scanner Category:License Compliance [DEPRECATED], Category:Software Composition Analysis, Deliverable, GitLab Ultimate, SCA:License Scanning, backend, devopssecure, feature flag, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowready for development %16.4
groupstatic analysis
Group:- gitlab-org/gitlab#424022 (closed) Analyze impact of refactoring Secure inline findings to use a GraphQL query instead of an internal Rails controller endpoint backend, devopssecure, discoto, groupstatic analysis, sectionsec, typeignore, workflowin dev %16.4
- gitlab-org/gitlab#422799 (closed) Update layout for SAST Configuration form Static Analysis Next StepEM, UX, devopssecure, featureenhancement, frontend, groupstatic analysis, sectionsec, typefeature, workflowin dev %16.4
- https://gitlab.com/gitlab-org/gitlab/-/issues/420829 (confidential) ~"(confidential)" %"(confidential)"
- gitlab-org/gitlab#413273 (closed) Secret Detection false positive testing Category:Secret Detection, Deliverable, devopssecure, groupstatic analysis, maintenancetest-gap, missed-deliverable, missed:16.1, missed:16.2, missed:16.3, sectionsec, typemaintenance, workflowin dev %16.4
- gitlab-org/gitlab#410169 (closed) Sobelow: Upgraded Elixir support for 1.13 on SAST Category:SAST, backend, devopssecure, featureaddition, groupstatic analysis, sectionsec, typefeature, workflowin dev %16.4
- gitlab-org/gitlab#395487 (closed) Migrate NodeJS scan rules to Semgrep-based analyzer Category:SAST, Deliverable, devopssecure, featureconsolidation, groupstatic analysis, missed-deliverable, missed:16.0, priority2, sectionsec, typefeature, workflowin dev %16.4
- https://gitlab.com/gitlab-org/gitlab/-/issues/387832 (confidential) ~"(confidential)" %"(confidential)"
groupthreat insights
Group:- gitlab-org/gitlab#424021 (closed) Adjust vulnerabilities ingestion pipeline to accept CVSS fields backend, devopsgovern, featureaddition, groupthreat insights, sectionsec, typefeature, workflowready for development %16.5
- gitlab-org/gitlab#424020 (closed) Add model-level validations for CVSS vector backend, devopsgovern, featureaddition, groupthreat insights, sectionsec, typefeature, workflowready for development %16.5
- gitlab-org/gitlab#424019 (closed) Create database columns to store CVSS vector backend, database, devopsgovern, featureaddition, frontend, groupthreat insights, sectionsec, typefeature, workflowready for development %16.5
-
gitlab-org/gitlab#423466 (closed) [Feature flag] Rollout of
ingest_sbom_licenses
automation:ml, devopsgovern, feature flag, groupthreat insights, maintenancerelease, sectionsec, typemaintenance, workflowin dev %16.4 - gitlab-org/gitlab#422353 (closed) Add filter UI-component to group-level dependencies app Category:Dependency Management, Deliverable, automation:ml, devopsgovern, featureenhancement, frontend, groupthreat insights, sectionsec, typefeature, workflowready for development %16.4
- gitlab-org/gitlab#422254 (closed) Add GraphQL support for license data in relation to sbom_occurrences Deliverable, backend, devopsgovern, featureaddition, groupthreat insights, missed-deliverable, missed:16.3, sectionsec, typefeature, workflowin dev %16.4
-
gitlab-org/gitlab#422086 (closed) Add
&sort_by=license
query string parameter to sort dependencies from<group>/-/dependencies.json
Category:Dependency Management, Deliverable, backend, devopsgovern, featureenhancement, groupthreat insights, sectionsec, typefeature, workflowin dev %16.4 - gitlab-org/gitlab#422031 (closed) Add support for CVSS vectors in the security report schemas automation:ml, backend, devopsgovern, featureaddition, groupthreat insights, sectionsec, typefeature, workflowready for development %16.5
- gitlab-org/gitlab#421736 (closed) Database 2/2: Add hasMergeRequest filter to VulnerabilityReport Deliverable, database, devopsgovern, groupthreat insights, sectionsec, workflowin dev %16.4
-
gitlab-org/gitlab#421478 (closed) [Feature flag] Rollout of
admin_merge_request
Category:Software Bill of Materials, devopsgovern, feature flag, groupthreat insights, maintenancerelease, sectionsec, typemaintenance, workflowin dev %16.4 - gitlab-org/gitlab#420617 (closed) Database: Add hasRemediations filter to Vulnerability Report Deliverable, backend, database, devopsgovern, groupthreat insights, sectionsec, workflowin dev %16.4
- gitlab-org/gitlab#420372 (closed) [Feature flag] Cleanup standalone_finding_modal Deliverable, backend, devopsgovern, feature flag, frontend, groupthreat insights, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#420006 (closed) Include user in the cache key for explain vulnerability LLM cache Deliverable, backend, devopsgovern, groupthreat insights, maintenancerefactor, sectionsec, typemaintenance, workflowready for development %16.4
-
gitlab-org/gitlab#419672 (closed) Use the
link_to
helper in place of manually constructed links Deliverable, automation:ml, backend, devopsgovern, documentation, groupthreat insights, maintenancerefactor, missed-deliverable, missed:16.3, quick win, sectionsec, typemaintenance, workflowready for development %16.4 -
gitlab-org/gitlab#416424 (closed) Remove the usage of the
confidence
attribute for findings backend, devopsgovern, groupthreat insights, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %17.0 -
gitlab-org/gitlab#409963 (closed) Run migration to set
finding_data
for security_findings Category:Vulnerability Management, Deliverable, backend, database, devopsgovern, frontend, groupthreat insights, missed-deliverable, missed:16.0, missed:16.1, missed:16.2, missed:16.3, sectionsec, typemaintenance, workflowready for development %16.4 - gitlab-org/gitlab#395015 Feature specs for Vulnerability state transitions Category:Vulnerability Management, Deliverable, backend, devopsgovern, groupthreat insights, maintenancetest-gap, missed-deliverable, missed:16.2, missed:16.3, sectionsec, typemaintenance, workflowready for development %16.4
- gitlab-org/gitlab#390200 (closed) Warn user in the MR Widget about erroneous schema reports Deliverable, Threat InsightsNavy, backend, devopsgovern, featureenhancement, groupthreat insights, ready to pull, sectionsec, typefeature, workflowready for development %16.4
- gitlab-org/gitlab#390024 (closed) Security MR widget shows all findings as new when default branch has missing security reports (including when the CI is configured to make multiple pipelines) backend, customer, devopsgovern, featureenhancement, groupthreat insights, merge request widget, sectionsec, typefeature, workflowready for development %16.5
Job URL: https://gitlab.com/gitlab-org/quality/triage-ops/-/jobs/5006732849
This report was generated from this policy