Composition Analysis - Reaction Rotation 18.6

Problem to solve

Track and document activities performed during the Reaction Rotation.

DRI

Primary engineer: @nilieskou
Secondary engineer: @onaaman

Activity Threads

Please create a thread for each of the following sections. During the rotation, add the relevant updates under each thread. Focus on significant findings, patterns, and actionable insights rather than routine alerts.

1. 🤝 Handover [18.5] → [18.6] (Internal)

Maintain continuity between rotations by transferring knowledge and context about ongoing tasks

Create an internal thread (as it might contain security updates)
Ask the previous rotation's primary engineer to do a handover. You can use this template:

@previous-primary-engineer
Could you please share any ongoing tasks, important context, or pending items from your rotation
that I should be aware of?

2. 🔐 Security (Internal)

Security related topics.

Create an internal thread

display: table
title: SLA breached vulnerabilities
description: This view shows the first 25 vulnerabilities that have breached SLA
fields: title, state, updated
limit: 20
query: project = "gitlab-org/gitlab" AND label = (~"type::bug", ~"bug::vulnerability", ~"SLA::Breached", ~"group::composition analysis") AND label != (~"Vulnerability::Vendor Base Container::Will Not Be Fixed", ~"Vulnerability::Vendor Package::Will Not Be Fixed", ~"Vulnerability::Vendor Package::Fix Unavailable", ~"Vulnerability::Vendor Base Container::Fix Unavailable", ~"Vulnerability Status::Confirmed", ~"FedRamp::DR Status::Open", ~"FedRamp::Dr::Status::Vuln Remediated") AND state = opened

3. 📞 Support

Support related topics (For example, Requests for Help).

Create thread

display: table
title: Open requests for help
description: Currently open requests for help
fields: title, updated, label
query: project = "gitlab-com/request-for-help" AND state = opened AND label = "Help group::composition analysis"

4. 🔧 Maintainership

Maintainership related topics.

Improve Environment Variable Naming and Error H... (gitlab-org/gitlab#571097 - closed)
Now that PMDB projects use changie we need to ensure that the renovate bot that opens MRs contain a changie entry
Close as many Renovate bot MRs as possible in license-db

4. 📝 Continuous Feedback

Record observations and suggestions throughout the rotation period:

What worked well?
- What could be improved?
- Bottlenecks identified
- Process improvement suggestions
Create a thread

Reference

Edited Oct 29, 2025 by Nick Ilieskou