15.3 planning - Composition Analysis (July-August)
Helpful Links 🔗
Click to expand...
- How we work
- Slack channel: #g_secure-composition-analysis
-
Planning Board for checking Deliverable/
Stretch/"Next Patch Release" - Dev workflow Board for checking workflowscheduling and workflowready for development
- Group Assignments Board
- Kickoff Board - direction and release post items
- upcoming milestones board
- [tier board - cleanup](https://gitlab.com/groups/gitlab-org/-/boards/1362488?label_name[]=group%3A%3Acomposition%20analysis]
- SCA Categories Board
- All Secure Issues
- All CA Issues
- All Backend CA issues
- All Frontend CA issues
- CA priorities for the year 2022
Context
Capacity variations
This includes planned OOO, internships, conferences and other initiatives outside of groupcomposition analysis.
-
backend => 64%
- Fabien: 65% (maintainership reaction rotation + PTO)
- Igor: 0% (Continues scanning working group)
- Tetiana: 70% (support reaction rotation and unpredicted duties outside engineering)
- Adam: 85% (security reaction rotation)
- Oscar: 100%
-
- Fernando: 100%
Items slipping from the previous release
This is a rough list of the items that may have a significant impact on that release (no need to be an exhaustive list).
...
Product Goals in priority order
Always
| Feature | Links | Notes |
|---|---|---|
| Reaction rotation - Security | triage incoming bugs, security, customers, community contributions. use timeboxing. now must also include checking for new container OSes, tool versions, languages and package managers | |
| Reaction rotation - Maintainership | triage incoming bugs, security, customers, community contributions. use timeboxing. now must also include checking for new container OSes, tool versions, languages and package managers | |
| Reaction rotation - Support & Bugs | triage incoming bugs, security, customers, community contributions. use timeboxing. now must also include checking for new container OSes, tool versions, languages and package managers | |
| infradev | all infradev issues - this milestone | must do within SLO |
| bugvulnerability | Vulnerability Board - This Milestone | must do within SLO, start with P1, if none move to P2, if none move to P3. |
| security | Security issues - This Milestone | must do within |
| typebug | Bug Board - This Milestone | filled in as we have space |
Major Projects
| Priority | Feature | Links | Notes |
|---|---|---|---|
| DS: Continuous Vulnerability Scans | @ifrenkel | none | |
| LC: Replace License-Finder | @fcatteau | none | |
| DS: Extract SBOM generation | @adamcohen | none | |
| DS: Ignore devDependencies | @hacks4oats | none | |
| OKR Migrate 12 Pajama Components | none | @farias-gl |
We should be working on FIPS as much as possible, if there is no FIPS then we can work on the others, priority order above is important.
GOALS
| Feature | Links | Notes |
|---|---|---|
| 1 test | all - this milestone | keep incrementally improving, do 1 per |
| 1 typemaintenance | all - P1 - this milestone | keep incrementally improving, do 1 per |
| 1 customer | all - this milestone | keep incrementally improving, do 1 per |
Stretch
| Feature | Links | Notes |
|---|---|---|
| frontend | issues | UX Improvements (SUS), OKRs (pajamas), Feature Flag survey cleanup, 15.0 cleanup/prep |
|
|
Unification of backend for CE & EE |
OKRs
| Feature | Links | Notes |
|---|---|---|
| Product | sec issue | See above top priority items |
| Product | SUS issues | none for CA last i looked |
| Product - Pajamas | issues and board and unassigned | If it has group::foundations on it, it can be re-assigned to your own group |
| UX | board | many labels, none of which I think we can take on right now |
| Engineering | ||
| Quality |
UX
Secure & Protect Team Planning Issues
Quality
Technical Writing
| Issue | Technical writing weight |
|---|---|
| Reorganise License Compliance documentation page (gitlab-org/gitlab#346085 - closed) | tw-weight8 |
| TOTAL | 8 |
PM Disscussions
| Feature | Links | Notes |
|---|---|---|
| 16.0 Deprecations and Removals - SCA | make progress so we can deprecate and remove |
Please work the above in order. If something of a higher category comes in you can feel free to swap it for a lower item (cc Nicole and Oliver). If it does not fall into one of the above and you think it can wait please place in %Backlog
Feel free to use the following message These are our current priorities for the [calendar year 2022](https://gitlab.com/gitlab-org/secure/general/-/issues/187). Upvoting and commenting on issues is the best way to make sure it is considered high priority as backlog items begin to be brought back in.