2022-05-23 Recently delivered features and high-priority bugs
Hi, @gitlab-org/secure/managers.
Here is the list of features and high-priority bugs delivered in the last 7 days.
Please copy the list to the Sec Section weekly meeting agenda, and close this issue.
- (confidential)
- gemnasium-dependency_scanning job runs gemnasium-python
- On-demand scans: Adjust placement of alert banner
- Follow-up from "Add group-level policy informational banner"
- Manual migration from Vulnerability-Check rules to Scan Result Policies
- Remove Vulnerability-Check migration
- Add In-use labels for DAST profile card [UI Enhancement]
- Raise error when an unversioned schema is used
- Follow-up from "Remove support for Cluster Image Scanning Analyzer"
- Gemnasium - Investigate and configure bundle on CI to disallow any changes to Gemfile.lock
- (confidential)
- (confidential)
- PLACEHOLDER 15.5
- PLACEHOLDER 15.4
- PLACEHOLDER 15.3
- PLACEHOLDER - timebox to Create Plan (epics and issues) for this epic
- Bump major version of Container Scanning analyzer
- BE: Interactive validation in security policy editor
- (confidential)
- Security report warnings that will become errors in 15.0
- License Compliance rework 'license approvals are active` into warning alert
- Remove support for the cluster image scanning analyzer
- Follow-up from "Add new page for policy selection": Migrate utility classes to gitlab-ui
- DAST Profile Selector Component with new layout and drawer compatibility
- Remove dependency on Starboard for Cluster Image Scanning
- Merge Request page says
Security scanning detected no vulnerabilitiesbut Security tab of pipeline shows otherwise - Remove Network Policies
- Remove Container Security helm charts from cluster-management template
- 2 - Update rails backend to merge and present CycloneDX artifacts
- Move Secret Detection script logic into the analyzer
- Cheap Scans - Placeholder Dependency Scanning
- Enable the GitLab Agent for Kubernetes to initiate vulnerability scans
- Update Security Policy GraphQL mutations to work with group-level policies
- Provide vulnerability file language type
- Create
Group => Security => Policiespage and create:group_security_policiesfeature flag - FE: Disable "Edit Policy" button for inherited policies
- Follow-up from "Add module to create Starboard vulnerabilities"
- Add filters to the Dependency List page
- Reconsider the UX of interacting with Vulnerabilities in the MR
- Warn in logs about Dependency Scanning jobs security risks
- Improve usability for DAST Configuration UI
- Add inline forms support in DAST profile selector component
- Search on dependency list
- SAST scanning in auto devops doesn't support GRADLE_OPTS
- License Compliance - defining Policies list (design proposal)
- discuss adding database for dependency scanning results
- Ability to mass dismiss vulnerabilities in the Secure Dashboard Vulnerability Report
- Show ZAP rule execution time in scan summary
- Introduce group license compliance - Provide side panel data for list page - Frontend
- Introduce group license compliance - Provide side panel data for list page - Backend
- Elixir Offline License Compliance
- Erlang offline license compliance
- Fuzz test suites and their location that already exist in the repo
- Group dependencies by location in the Dependency List
- Group license compliance: show policies set per project
- Display License Compliance enable/configuration status at group level
- Group dependencies by directory
- Allow edits by project or instance to the security approver threshold
- (confidential)
- (confidential)
- Engineering Discovery: mutualize Dependency Scanning and License Compliance
- blocklist (not blacklist) and allowlist (not whitelist) licenses across an entire instance
- Reduce license_management image weight
- Problem Validation: What do users want and expect from managing License Compliance at the Group / Instance level
- poetry.lock support for Dependency Scanning
- Show Security Dashboard as the default project overview content
- Set Security Dashboard as default from the dashboard itself
Job URL: https://gitlab.com/gitlab-org/quality/triage-ops/-/jobs/2490976441