2022-04-25 Recently delivered features and high-priority bugs
Hi, @gitlab-org/secure/managers.
Here is the list of features and high-priority bugs delivered in the last 7 days.
Please copy the list to the Sec Section weekly meeting agenda, and close this issue.
- Document _IMAGE_SUFFIX CI variable
- Add identifier field to securityTrainingUrls GraphQL Query
- Add new variable DAST_API_EXCLUDE_URLS which mirrors DAST_EXCLUDE_URLS
- List scan result policies under project settings approvals
- [Feature flag] Rollout of vulnerability_report_page_size_selector
- Rails route update for DAST Profile library
- Add page size selector to vulnerability list
- Support scan result policies for group level policy project
- FIPS compliant Secret Detection template
- FIPS compliant SAST template
- (confidential)
- Replace SpotBugs analyzer with semgrep rules (for Java)
- Design: Add "Show items" number control to Vulnerability Report
- Pass metric identifier for training link clicked on vulnerability modal
- Pass metric identifier for training link clicked on vulnerability details page
- Determine ISBOM manifest file structure
- [Feature flag] Rollout of vulnerability_report_pagination
- Where and How best to raise Dependency Scanning configuration risks or other information (depreciation, removal)
- Matchers must provide a value so that uniqueness can be determined
- [Feature flag] Rollout of
secure_vulnerability_training
- Allow spaces to appear between number and unit in formatter in corpus management
- Make secondary identifier matching if there is no signatures match and no uuid match
- Add Secure and Protect SMAU
- Plan and Refine: Add scan.messages to SAST, CS, DS reports
- Evaluate Early Alerting for UEBA
- Incorporate ML model for CI abuse
- Engineering Discovery: Is there a standard replacement for our common security format?
Job URL: https://gitlab.com/gitlab-org/quality/triage-ops/-/jobs/2370567866