Composition Analysis - Reaction Rotation 18.4
Problem to solve
Track and document activities performed during the Reaction Rotation.
DRI
- Primary engineer: @ifrenkel
- Secondary engineer: @albi.yusupova
- Additional support: @nilieskou
Activity Threads
Please create a thread for each of the following sections. During the rotation, add the relevant updates under each thread. Focus on significant findings, patterns, and actionable insights rather than routine alerts.
1. 🤝 Handover [PREVIOUS_MILESTONE] → [MILESTONE] (Internal)
Maintain continuity between rotations by transferring knowledge and context about ongoing tasks
-
Create an internal thread (as it might contain security updates) -
Ask the previous rotation's primary engineer to do a handover. You can use this template:
@previous-primary-engineer
Could you please share any ongoing tasks, important context, or pending items from your rotation
that I should be aware of?
2. 🔐 Security (Internal)
Security related topics.
-
Create an internal thread
display: table
title: SLA breached vulnerabilities
description: This view shows the first 25 vulnerabilities that have breached SLA
fields: title, state, updated
limit: 20
query: project = "gitlab-org/gitlab" AND label = (~"type::bug", ~"bug::vulnerability", ~"SLA::Breached", ~"group::composition analysis") AND label != (~"Vulnerability::Vendor Base Container::Will Not Be Fixed", ~"Vulnerability::Vendor Package::Will Not Be Fixed", ~"Vulnerability::Vendor Package::Fix Unavailable", ~"Vulnerability::Vendor Base Container::Fix Unavailable", ~"Vulnerability Status::Confirmed", ~"FedRamp::DR Status::Open", ~"FedRamp::Dr::Status::Vuln Remediated") AND state = opened
3. 📞 Support
Support related topics (For example, Requests for Help).
-
Create thread
display: table
title: Open requests for help
description: Currently open requests for help
fields: title, updated, label
query: project = "gitlab-com/request-for-help" AND state = opened AND label = "Help group::composition analysis"
4. 🔧 Maintainership
Maintainership related topics. For example, which docker images have been updated
-
Make operational container scanning severity fi... (gitlab-org/gitlab#559278 - closed) -
Manage changelog with changie in PMDB projects (gitlab-org/gitlab#555407 - closed) -
Update docs with an example on how to add Gitla... (gitlab-org/gitlab#562949 - closed)
4. 📝 Continuous Feedback
Record observations and suggestions throughout the rotation period:
-
What worked well? - What could be improved?
- Bottlenecks identified
- Process improvement suggestions
-
Create a thread
Reference
Edited by Nick Ilieskou