Skip to content

Composition Analysis - Reaction Rotation 18.3

Problem to solve

Track and document activities performed during the Reaction Rotation.

DRI

  • Primary engineer: [@primary-engineer]
  • Secondary engineer: [@secondary-engineer]

Activity Threads

Please create a thread for each of the following sections. During the rotation, add the relevant updates under each thread. Focus on significant findings, patterns, and actionable insights rather than routine alerts.

1. 🤝 Handover [PREVIOUS_MILESTONE] → [MILESTONE] (Internal)

Maintain continuity between rotations by transferring knowledge and context about ongoing tasks

  • Create an internal thread (as it might contain security updates)
  • Ask the previous rotation's primary engineer to do a handover. You can use this template:
@previous-primary-engineer
Could you please share any ongoing tasks, important context, or pending items from your rotation
that I should be aware of?

2. 🔐 Security (Internal)

Security related topics.

display: table
title: SLA breached vulnerabilities
description: This view shows the first 25 vulnerabilities that have breached SLA
fields: title, state, updated
limit: 20
query: project = "gitlab-org/gitlab" AND label = (~"type::bug", ~"bug::vulnerability", ~"SLA::Breached", ~"group::composition analysis") AND label != (~"Vulnerability::Vendor Base Container::Will Not Be Fixed", ~"Vulnerability::Vendor Package::Will Not Be Fixed", ~"Vulnerability::Vendor Package::Fix Unavailable", ~"Vulnerability::Vendor Base Container::Fix Unavailable", ~"Vulnerability Status::Confirmed", ~"FedRamp::DR Status::Open", ~"FedRamp::Dr::Status::Vuln Remediated") AND state = opened

3. 📞 Support

Support related topics (For example, Requests for Help).

display: table
title: Open requests for help
description: Currently open requests for help
fields: title, updated, label
query: project = "gitlab-com/request-for-help" AND state = opened AND label = "Help group::composition analysis"

4. 🔧 Maintainership

Maintainership related topics. For example, which docker images have been updated

4. 📝 Continuous Feedback

Record observations and suggestions throughout the rotation period:

  • What worked well?

  • What could be improved?

  • Bottlenecks identified

  • Process improvement suggestions

  • Create a thread

Reference

Edited by Oscar Tovar