14.3 planning - Composition Analysis (August-September)

NEW 14.3 issue #173 (closed)

Secure, Composition Analysis - SCA Kickoff Playlist

devopssecure groupcomposition analysis @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/frontend

Category	Direction	Epic	Maturity	Priority
~"Category:Dependency Scanning"	Direction	Epic	maturityviable -> maturitycomplete	priority3
~"Category:License Compliance"	Direction	Epic	maturityviable	maintenance

Helpful Links 🔗

Click to expand...

• How we work
• Slack channel: #g_secure-composition-analysis
• Bug Board
• Performance Indicators
• Planning Board for checking Deliverable/Stretch/"Next Patch Release"
• Dev workflow Board for checking workflowscheduling and workflowready for development
• Backend Board
• SCA Categories Board
• All Secure Issues
• All CA Issues
• All Backend CA issues
• All Frontend CA issues
• CA priorities for the year 2021
• 13.11 Planning Issue
• 13.12 Planning Issue
• 14.2 Planning Issue

Context

Capacity variations

This includes planned OOO, internships, conferences and other initiatives outside of groupcomposition analysis.

• backend =>

  • Fabien:
  • Igor:
  • Tetiana:
  • Adam:

• frontend

Items slipping from previous release

This is a rough list of the items that may have a significant impact on that release (no need to be an exhaustive list).

...

Product Goals in priority order

Please work them in order! If you feel I should add priority labels or something to them instead let me know!

Always

Feature	Links	Notes
1️⃣Triage incoming issues	security issues bug issues infradev issues	It is important we promptly triage reports. if it isn't infradev, security, or P1/S1 it can wait.
1️⃣infradev	infradev issues	must do within SLO
1️⃣security	security issues	must do within SLO
1️⃣P1/S1 bugs	bug issues	P1/S1 bugs need to be addressed.
⭐️Things we committed to customers	None this release that I know of	It is important we keep to our commitments, if we commit to finishing something for a customer on a specific date it gets top priority. Please do not commit dates to customers without going through @NicoleSchwartz
⭐️GitLab on GitLab Dogfooding	issues	If we can't use our own product, how can we expect customers to? For right now this should focus on Dependency Scanning.

TOP PRIORITIES

Feature	Links	Notes
Data plan MVC		what do we need to do to get into a place to support paths and sbom next?
LC plan POC		POC LC replacement!

STRETCH PRIORITIES

Feature	Links	Notes
show dependency path	mvc epic	make it easier to tell what? where?

15.0 planning

Feature	Links	Notes
	15.0 epic

OKR / Product / Engineering / UX

Feature	Links	Notes
UI polish and system performance to improve SUS	SUS FY22 Q1 - Incomplete Q1 secure Q2 secure SUS FY22 Q2 - Incomplete issue	OKR
OKRs	SCA BE OKRs	OKR
maintenance	performance issue availability issues UI polish UI Polish issue(s) ~"technical debt" issues backstage [DEPRECATED] issue(s) test issue(s) "tooling" issues UX debt UX Debt issue(s)

Rules for Labels

https://gitlab.com/gitlab-org/secure/general/-/blob/master/Software%20Composition%20Analysis/rules-for-labels.md

Issue Prep & Cleanup

https://gitlab.com/gitlab-org/secure/general/-/blob/master/Software%20Composition%20Analysis/milestone-prep.md

Milestone specific cleanup

Issue Cleanup

• Missing devopssecure list
• No Deliverable no Stretch and not in prep so needs to be bumped board
• Missing ~"GitLab Ultimate
• Missing ~"Enterprise Edition"
• Not frontend or backend or assigned to QA, Product or Tech Writing issues
• No type, and also not a meta or cross all secure groups list
• No epic issues
• No category list