2024-11-04 - Quad Planning Issues for Sec

Hi @gl-quality/sec-qe 👋

Please quad-plan the following issues:

Group: groupcompliance

• gitlab-org/gitlab#498527 [feature flag] Cleanup ff_require_saml_auth_to_approve devopsgovern, feature flag, groupcompliance, maintenanceremoval, priority2, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#486877 (closed) Improve url generation devopsgovern, frontend, groupcompliance, maintenancerefactor, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#482499 Store results of compliance checks conditionally ~"analytics instrumentation", backend, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#482489 (closed) Add expression and requirement type columns to compliance requirements table backend, database, devopsgovern, featureaddition, groupcompliance, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#478095 (closed) Requirement creation and edit UX, devopsgovern, documentation, frontend, groupcompliance, priority2, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#477394 (closed) Speed up compliance frameworks report UX Tech Debt, devopsgovern, documentation, frontend, groupcompliance, internal customer, priority2, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/govern/compliance/engineering/snowflake-connector#40 Upgrade to version 2.1.0 of the Native SDK for Connectors devopsgovern, groupcompliance, sectionsec, typemaintenance, workflowready for development %17.4
• gitlab-org/gitlab#474297 Follow-up from "Add "source" property of jobs to GraphQL" WorkingGroupSSCS, devopsgovern, groupcompliance, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#468399 (closed) Filter by 'sub-groups' in the Projects tab on the Compliance Center Category:Compliance Management, UX, backend, customer, devopsgovern, documentation, frontend, groupcompliance, priority3, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#464719 Make target_project_id as sharding_key for merge_requests_compliance_violations backend, devopsgovern, groupcompliance, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#456894 (closed) Create MVC for fine grained access controls of tokens ProdSecEngMetricDefense in Depth, automation:ml, devopsgovern, groupcompliance, sectionsec, teamProduct Security Engineering, workflowin dev %17.6
• gitlab-org/gitlab#454158 Creating migration for new audit events table backend, devopsgovern, documentation, groupcompliance, priority2, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#440922 (closed) Move compliance pipeline UI editing to accordion Stretch, UX, UX Tech Debt, devopsgovern, documentation, frontend, groupcompliance, priority1, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#440150 (closed) [Feature flag] Enable ff_complliance_pipeline_deprecation automation:ml, devopsgovern, feature flag, groupcompliance, sectionsec, typemaintenance, workflowready for development %18.0
• gitlab-org/gitlab#436617 (closed) Enable streaming of audit events to consolidated instance level destinations Deliverable, backend, devopsgovern, groupcompliance, missed-deliverable, missed:17.4, priority2, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#436616 (closed) Enable streaming of audit events to consolidated group level destinations Deliverable, backend, devopsgovern, groupcompliance, missed-deliverable, missed:17.4, priority2, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#435514 Follow-up from "Add pagination to compliance framework report" ~"analytics instrumentation", devopsgovern, featureaddition, frontend, groupcompliance, missed:16.8, missed:16.9, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#431346 Rename require_password_to_approve backend, devopsgovern, frontend, groupcompliance, missed-deliverable, missed:17.1, priority3, sectionsec, typemaintenance, workflowin dev %17.10
• gitlab-org/gitlab#424179 (closed) Documentation for API changes for group/project filters backend, devopsgovern, documentation, groupcompliance, priority3, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#408315 [default branch protection] remove and drop default_branch_protection column Next Up, backend, breaking change, devopsgovern, documentation, groupcompliance, maintenanceremoval, sectionsec, typemaintenance, workflowin dev %18.0
• gitlab-org/gitlab#374110 (closed) Add event type information for audit events using AuditEventService in CI Runner Category:Audit Events, GitLab Ultimate, Hacktoberfest, Next Up, [deprecated] Accepting merge requests, backend, devopsgovern, documentation, groupcompliance, missed:16.6, missed:16.7, missed:16.8, priority2, sectionsec, typefeature, workflowin dev %17.6

Group: groupcomposition analysis

• gitlab-org/gitlab#494254 (closed) Broken scheduled pipeline dev licenses exporter v1 (PMDB) Category:Software Composition Analysis, License-DBinfra, devopssecure, groupcomposition analysis, maintenancepipelines, missed:17.5, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#480139 (closed) Add KEV to GitLab database Category:Software Composition Analysis, ~"analytics instrumentation", backend, database, devopssecure, featureaddition, groupcomposition analysis, sectionsec, typefeature, workflowready for development %17.6
• https://gitlab.com/gitlab-org/gitlab/-/issues/480133 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#478041 (closed) Extend advisory-processor for KEV License-DBdevelopment, ~"analytics instrumentation", backend, devopssecure, featureaddition, groupcomposition analysis, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#474470 Extend gitlab-agent and trivy-k8s-wrapper to trigger OCS pipeline Category:Container Scanning, Category:Software Composition Analysis, ~"Composition analysis:OCS", Deliverable, Enterprise Edition, backend, devopssecure, groupcomposition analysis, missed-deliverable, missed:17.5, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#474464 Create test pipeline for the OCS test project Category:Container Scanning, Category:Software Composition Analysis, ~"Composition analysis:OCS", Deliverable, Enterprise Edition, backend, devopssecure, groupcomposition analysis, missed-deliverable, missed:17.5, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#469035 Establish and Implement Versioning Strategy for PM (License DB) Projects Category:Software Composition Analysis, Enterprise Edition, GitLab Ultimate, SCA:License Scanning, devopssecure, groupcomposition analysis, maintenancerefactor, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#468131 (closed) Export EPSS scores Category:Software Composition Analysis, Deliverable, ~"analytics instrumentation", backend, devopssecure, featureaddition, groupcomposition analysis, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#467647 Run Package Metadata DB (License DB) schema migrations as a pipeline job Category:Software Composition Analysis, License-DBdevelopment, backend, devopssecure, groupcomposition analysis, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#465860 Track License Scanning scan results Category:Software Composition Analysis, backend, devopssecure, featureenhancement, groupcomposition analysis, product metrics, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#440535 Remove license data V1 format backend, breaking change, devopssecure, groupcomposition analysis, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %18.0
• gitlab-org/gitlab#438478 Remove support for V1 license format Category:Software Composition Analysis, backend, breaking change, devopssecure, groupcomposition analysis, maintenanceremoval, sectionsec, typemaintenance, workflowready for development %18.0
• gitlab-org/gitlab#427248 Implement Monitoring and Alerts for Package Metadata DB (License DB) Upstream Data Sources Category:Container Scanning, Category:Software Composition Analysis, Enterprise Edition, ~"analytics instrumentation", backend, devopssecure, featureaddition, groupcomposition analysis, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#415946 (closed) [Feature flag] Rollout of license_scanning_with_sbom_licenses Category:License Compliance [DEPRECATED], Category:Software Composition Analysis, GitLab Ultimate, SCA:License Scanning, backend, customer, devopssecure, feature flag, featureenhancement, groupcomposition analysis, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#413637 Add Integration tests for License Exporter in Package Metadata DB (License DB) Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, SCA:Dependency Scanning, backend, devopssecure, groupcomposition analysis, maintenancetest-gap, sectionsec, test, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#229814 (closed) Report vulnerable dependency paths for Composer (PHP) AST Leadership, CA PM Priority, Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, [deprecated] Accepting merge requests, backend, devopssecure, groupcomposition analysis, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#229812 (closed) Report vulnerable dependency paths for Bundler (Ruby) AST Leadership, CA PM Priority, Category:Dependency Scanning [DEPRECATED], Category:Software Composition Analysis, Deliverable, Enterprise Edition, GitLab Ultimate, SCA:Dependency Scanning, [deprecated] Accepting merge requests, ~"analytics instrumentation", backend, devopssecure, featureaddition, groupcomposition analysis, sectionsec, typefeature, workflowin dev %17.6

Group: groupstatic analysis

• gitlab-org/gitlab#500648 (closed) GLAS - SECURE_LOG_LEVEL should enable lightz debug logs ~"AdvancedSast::EngineNiceToHave", Category:SAST, devopssecure, featureenhancement, groupstatic analysis, onboarding, sectionsec, typefeature, workflowready for development %17.7
• https://gitlab.com/gitlab-org/gitlab/-/issues/500231 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#499979 (closed) Add count_distinct_projects_with_resolved_REPORT_TYPE_vulnerabilities metric definitions Category:SAST, devopssecure, groupstatic analysis, instrumentation, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#498665 (closed) Lightz-AIO | Refactor "--test" to be not dependent on file names Category:SAST, Deliverable, GitLab Ultimate, devopssecure, groupstatic analysis, sectionsec, typemaintenance, workflowready for development %17.7
• https://gitlab.com/gitlab-org/gitlab/-/issues/497934 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/493284 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#488045 (closed) Pass production readiness review SAST in the IDE, devopssecure, groupstatic analysis, priority1, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#480617 (closed) Vulnerability Resolution - Implement Functional tests Category:SAST, automation:ml, devopssecure, groupstatic analysis, missed:17.5, sectionsec, workflowin dev %17.6
• https://gitlab.com/gitlab-org/gitlab/-/issues/480217 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/479667 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#474602 (closed) Use non-root users in SAST analyzers Stretch, devopssecure, groupstatic analysis, sectionsec, typemaintenance, workflowin dev %17.6
• https://gitlab.com/gitlab-org/gitlab/-/issues/474030 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/474029 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/473993 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/463928 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/463754 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/461779 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/459064 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/456480 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#440373 Support changelog trailers in sast-rules Category:SAST, Stretch, devopssecure, groupstatic analysis, maintenancerelease, missed:16.11, missed:17.1, missed:17.2, missed:17.4, missed:17.5, sectionsec, typemaintenance, workflowin dev %17.6

Group: groupthreat insights

• gitlab-org/gitlab#501984 (closed) Fix background migration table helper automatically selecting the wrong database for data creation. backend, database, devopsgovern, groupthreat insights, maintenanceperformance, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#499612 (closed) [backend] Adjust state changing services to unset auto_resolved boolean flag Category:Vulnerability Management, ~"analytics instrumentation", backend, devopsgovern, featureaddition, groupthreat insights, sectionsec, typefeature, workflowin dev %17.7
• gitlab-org/gitlab#497797 (closed) Finalize BBM UpdateOwaspTop10DefaultOfVulnerabilityReads and remove FF Threat InsightsProjects, automation:ml, backend, devopsgovern, groupthreat insights, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#496481 (closed) [backend] Make sure that Security Policy Bot can create Vulnerabilities::StateTransition objects Category:Vulnerability Management, ~"analytics instrumentation", backend, devopsgovern, featureaddition, groupthreat insights, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#496269 (closed) VR Alerting Threat InsightsAI, backend, devopsgovern, groupthreat insights, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#489254 (closed) Resolve vulnerability_namspace_historical_statistics cross join issues backend, database, devopsgovern, groupthreat insights, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#486250 (closed) Resolve cross DB issues in ee/spec/models/vulnerabilities/stat_diff_spec.rb backend, database, devopsgovern, groupthreat insights, maintenanceperformance, missed:17.5, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#485658 (closed) Resolve cross DB issues in ee/app/models/instance_security_dashboard.rb backend, database, devopsgovern, groupthreat insights, maintenanceperformance, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#483554 (closed) Write decomposition validation spec backend, database, devopsgovern, groupthreat insights, maintenanceperformance, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#481330 (closed) Resolve any remaining cross DB operations reported through Sentry backend, database, devopsgovern, groupthreat insights, maintenanceperformance, sec-decomposition, sectionsec, typemaintenance, workflowready for development %17.7
• gitlab-org/gitlab#480882 Resolve cross DB issues in ee/spec/requests/api/graphql/vulnerabilities/issue_links_spec.rb backend, database, devopsgovern, groupthreat insights, maintenanceperformance, missed:17.5, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#480549 (closed) Resolve cross join issues in ee/app/models/ee/vulnerability.rb backend, database, devopsgovern, groupthreat insights, maintenanceperformance, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#480173 Recheck query count specification in ee/spec/graphql/types/vulnerability_type_spec.rb backend, database, devopsgovern, groupthreat insights, maintenanceperformance, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#479147 (closed) Add gitlab_sec to Database Dictionary documentation Category:Database, automation:ml, automation:ml wrong, backend, devopsdata stores, documentation, frontend, groupthreat insights, missed:17.4, missed:17.5, sectioncore platform, workflowready for development %17.6
• gitlab-org/gitlab#478468 Evaluate fallback plan for Vulnerability Resolution Category:Vulnerability Management, GitLab Ultimate, backend, devopsgovern, groupthreat insights, missed:17.2, missed:17.4, missed:17.5, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#478017 (closed) Resolve vulnererability scanners model cross join issues backend, database, devopsgovern, groupthreat insights, maintenanceperformance, missed:17.5, sec-decomposition, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#475034 Download partial report files concurrently for segmented dependency list export Category:Dependency Management, backend, devopsgovern, groupthreat insights, maintenanceperformance, missed:17.4, missed:17.5, sectionsec, typemaintenance, workflowready for development %17.6
• https://gitlab.com/gitlab-org/modelops/ai-model-validation-and-research/ai-evaluation/prompt-library/-/work_items/378 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#471634 Update multiple database development docs for managing gitlab_sec database Category:Vulnerability Management, backend, devopsgovern, documentation, groupthreat insights, maintenanceworkflow, missed:17.4, missed:17.5, sec-decomposition, sectionsec, typemaintenance, workflowin dev %17.6
• https://gitlab.com/gitlab-org/gitlab/-/issues/468346 (confidential) ~"(confidential)" %"(confidential)"
• https://gitlab.com/gitlab-org/gitlab/-/issues/464089 (confidential) ~"(confidential)" %"(confidential)"
• gitlab-org/gitlab#458197 (closed) Ignore confidence columns on Vulnerability Category:Vulnerability Management, backend, devopsgovern, groupthreat insights, maintenanceremoval, missed:17.1, missed:17.2, missed:17.3, missed:17.4, missed:17.5, sectionsec, typemaintenance, workflowin dev %17.6
• gitlab-org/gitlab#452492 (closed) [Frontend] Add Identifier filter to the filtered search component Stretch, ~"TW-DRI::Russell", Technical Writing, Threat InsightsNavy, devopsgovern, featureaddition, frontend, groupthreat insights, missed:17.2, missed:17.3, missed:17.4, missed:17.5, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#451109 (closed) [Feature flag] Cleanup of include_manual_to_pipeline_completion backend, devopsgovern, feature flag, groupthreat insights, maintenancerefactor, missed:16.11, missed:17.0, missed:17.1, missed:17.2, missed:17.3, missed:17.4, missed:17.5, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#440865 [Technical Breakdown] - Severity Filter Category:Dependency Management, Deliverable, GitLab Ultimate, backend, devopsgovern, frontend, groupthreat insights, missed-deliverable, missed:17.0, missed:17.1, missed:17.2, missed:17.3, missed:17.4, sectionsec, typefeature, workflowready for development %17.7
• gitlab-org/gitlab#438211 Adding Drill-Down Links from "Security Dashboard" to "Value Streams Dashboard" Vulnerabilities Metrics Category:Vulnerability Management, GitLab Ultimate, backend, cross-group, devopsgovern, frontend, groupthreat insights, missed:17.0, missed:17.1, missed:17.2, missed:17.3, missed:17.4, missed:17.5, priority3, sectionsec, typefeature, workflowready for development %17.6
• gitlab-org/gitlab#432998 Follow-up from "Add dismissal descriptions to vulnerability report pages" Threat InsightsNavy, backend, devopsgovern, groupthreat insights, missed:16.10, missed:16.11, missed:16.9, missed:17.0, missed:17.1, missed:17.2, missed:17.3, missed:17.4, missed:17.5, ready to pull, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#432419 (closed) [Backend] Implement filtering of vulnerabilities by identifier on the vulnerabilities GraphQL query Deliverable, backend, devopsgovern, featureaddition, groupthreat insights, missed-deliverable, missed:17.2, missed:17.3, missed:17.4, sectionsec, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#417536 extractSecurityReportArtifacts is not tested in security_reports/utils.js Category:Vulnerability Management, Threat InsightsNavy, automation:ml, devopsgovern, frontend, groupthreat insights, maintenancetest-gap, missed:16.10, missed:16.11, missed:16.2, missed:16.3, missed:16.4, missed:16.5, missed:16.6, missed:16.7, missed:16.8, missed:16.9, missed:17.0, missed:17.1, missed:17.2, missed:17.3, missed:17.4, missed:17.5, sectionsec, typemaintenance, workflowready for development %17.6
• gitlab-org/gitlab#406653 (closed) Remove temporary index created in gitlab-org/gitlab#405032 (closed) Category:Vulnerability Management, Community contribution, backend, devopsgovern, groupthreat insights, sectionsec, typemaintenance, workflowready for development %16.8
• gitlab-org/gitlab#366770 (closed) Add vulnerabilities as supported webhook events Category:Vulnerability Management, Category:Webhooks, Deliverable, GitLab Ultimate, ProdSecEng Candidate, Technical Writing, ~"analytics instrumentation", customer, devopsgovern, docs-weight5, documentation, featureaddition, groupthreat insights, sectionsec, teamProduct Security Engineering, twtriaged, typefeature, workflowin dev %17.6
• gitlab-org/gitlab#336089 (closed) Backfill detected_at values from created_at column on Vulnerabilites Category:Vulnerability Management, [deprecated] Accepting merge requests, backend, database, devopsgovern, groupthreat insights, maintenancerefactor, sectionsec, typemaintenance, workflowin dev %17.6

---

Job URL: https://gitlab.com/gitlab-org/quality/triage-ops/-/jobs/8257220513

This report was generated from this policy

changed due date to November 12, 2024

added Quality sectionsec triage report labels

closed

added auto closed label