14.10 planning - Composition Analysis (March-April)
🔗
Helpful Links Click to expand...
- How we work
- Slack channel: #g_secure-composition-analysis
- Bug Board
- Performance Indicators
-
Planning Board for checking Deliverable/
Stretch/"Next Patch Release" - Dev workflow Board for checking workflowscheduling and workflowready for development
- Backend Board
- SCA Categories Board
- work type board
- All Secure Issues
- All CA Issues
- All Backend CA issues
- All Frontend CA issues
- CA priorities for the year 2022
Context
Capacity variations
This includes planned OOO, internships, conferences and other initiatives outside of groupcomposition analysis.
-
backend => 62%
- Fabien: 50% (reaction rotation)
- Igor: 100%
- Tetiana: 0%
- Adam: 100%
-
frontend 100%
- Fernando: 100%
-
documentation 75%
- Russell: 75%
Items slipping from the previous release
This is a rough list of the items that may have a significant impact on that release (no need to be an exhaustive list).
...
Product Goals in priority order
Always
Feature | Links | Notes |
---|---|---|
Reaction rotation | triage incoming bugs, security, customers, community contributions. use timeboxing. now must also include checking for new container OSes, tool versions, languages and package managers | |
infradev | must do within SLO | |
security | must do within SLO, start with P1, if none move to P2, if none move to P3. | |
bugs | filled in as we have space |
15.0 timing-critical
Feature | Links | Notes |
---|---|---|
Bump Analyzer Version | in 15.0 | in 15.0 Major+1 |
15.0 Deprecations and Removals - SCA | ||
Merge Request only pipelines | issue |
Major Projects
Feature | Links | Notes |
---|---|---|
EPIC: SBOM MVC - 1: ISBOM | Update rails backend to merge and present CycloneDX artifacts | |
FIPS / UBI | issue |
GOALS
Feature | Links | Notes |
---|---|---|
test work | all issues - this milestone issues | keep incrementally improving out testing, do 1 per |
frontend | issues | UX Improvements (SUS), OKRs (pajamas), Feature Flag survey cleanup, 15.0 cleanup/prep |
Need to pick 1 Customer
Feature | Links | Notes |
---|---|---|
Ignore devDependencies in Dependency Scanning for Node.JS Projects | issue |
OKRs
Feature | Links | Notes |
---|---|---|
Product | sec issue | See above top priority items |
Product | SUS issues | none for CA last i looked |
Product - Pajamas | issues and board and unassigned | If it has group::foundations on it, it can be re-assigned to your own group |
UX | board | many labels, none of which I think we can take on right now |
Engineering | ||
Quality |
UX
UX Secure & Protect Team Planning Issue for 14.10
@willmeek
Quality- quad-planningcomplete-action issues
- quad-planningcomplete-no-action issues
- quad-planningready issues
Remember if you are changing any flows, or need Quality input, boop @willmeek and add quad-planningready
@rdickenson
Technical Writing- Reorganise License Compliance documentation page (gitlab-org/gitlab#346085 - closed)
- Document types of dependencies scanned by Depen... (gitlab-org/gitlab#344415)
Remember if you are working a bug or a feature that will need to change documents, add documentation to your issue! Create the MR and set @rdickenson as reviewer.
Notes
Please work the above in order. If something of a higher category comes in you can feel free to swap it for a lower item (cc Nicole and Oliver). If it does not fall into one of the above and you think it can wait please place in %Backlog.
Feel free to use the following message Product has determined that our current priorities are [15.0](https://gitlab.com/gitlab-org/secure/general/-/issues/214) which connect to our [calendar year 2022 plans](https://gitlab.com/gitlab-org/secure/general/-/issues/187). Upvoting and commenting on issues is the best way to make sure it is considered high priority as backlog items begin to be brought back in.