2025-10-17 — Application Security Testing weekly updates

Process

Each week, groups in Application Security Testing are expected to provide updates on roadmap initiatives which are underway. Updates can be delegated as needed. Please add/remove projects as necessary.

Updates are to be added as new threads on this issue.

Meta

Issue title format: 2025-10-17 — Application Security Testing weekly updates
Assignee: Whomever is responsible for ensuring updates have been submitted for each group. (Default: @rvider)
Update dates in Closed issues this week GLQL views to match the weeks in which this issue covers.
- Default: Friday to Friday.

Weekly update format

# Topic: <group-name /> - <name />

- On-track projects
  - [Project name](url)
    - What happened last week
    - Plan for this coming week
- Needs Attention/At Risk Projects
  - [Project name](url) — Status
    - Reason:
    - Mitigation:
    - What happened last week
    - Plan for this coming week
- Unplanned work
  - Concise summary of unplanned work - number of people involved + number of days or weeks involved

Roadmap status updates

We have status meeting updates each Tuesday at 7 a.m. PST. As a stage, we are responsible for updating the corresponding breakout slide with the content generated in this weekly issue. Each group is expected to update the Sec Section Planning and Execution Weekly agenda in advance of this sync.

Closing comment

@maw, @oazaria, @connorgilbert, @rvider - :waves:

FYI on this week's report from engineering teams in Application Security Testing. Summary can be found at <summary-section-url />

FYI: @dagron1, @mmishaev

Closed issues this week

Composition Analysis

display: table
title: Closed issues in Composition Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::composition analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-17

Dynamic Analysis

display: table
title: Closed issues in Dynamic Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::dynamic analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-17

Secret Detection

display: table
title: Closed issues in Secret Detection
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::secret detection" and state = closed and closed > 2025-10-10 and closed <= 2025-10-17

Static Analysis

display: table
title: Closed issues in Static Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::static analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-17

Vulnerability Research

display: table
title: Closed issues in Vulnerability Research
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::vulnerability research" and state = closed and closed > 2025-10-10 and closed <= 2025-10-17

Checklist

@efeller -- Static Analysis
@amarpatel -- Secret Detection
@nilieskou -- Composition Analysis
@dabeles -- Vulnerability Research
@mikeeddington -- Dynamic Analysis
@rvider -- Closing remarks and stage productivity

Auto-Summary 🤖

Discoto Usage

Points

Discussion points are declared by headings, list items, and single lines that start with the text (case-insensitive) point:. For example, the following are all valid points:

#### POINT: This is a point

* point: This is a point

+ Point: This is a point

- pOINT: This is a point

point: This is a **point**

Note that any markdown used in the point text will also be propagated into the topic summaries.

Topics

Topics can be stand-alone and contained within an issuable (epic, issue, MR), or can be inline.

Inline topics are defined by creating a new thread (discussion) where the first line of the first comment is a heading that starts with (case-insensitive) topic:. For example, the following are all valid topics:

# Topic: Inline discussion topic 1

## TOPIC: **{+A Green, bolded topic+}**

### tOpIc: Another topic

Quick Actions

Action Description

/discuss sub-topic TITLE Create an issue for a sub-topic. Does not work in epics

/discuss link ISSUABLE-LINK Link an issuable as a child of this discussion

Action	Description
`/discuss sub-topic TITLE`	Create an issue for a sub-topic. Does not work in epics
`/discuss link ISSUABLE-LINK`	Link an issuable as a child of this discussion

Last updated by this job

Discoto Settings

---
summary:
  max_items: -1
  sort_by: created
  sort_direction: ascending

See the settings schema for details.

Edited Oct 16, 2025 by Lucas Charles