2025-10-10 — Application Security Testing weekly updates

Process

Each week, groups in Application Security Testing are expected to provide updates on roadmap initiatives which are underway. Updates can be delegated as needed. Please add/remove projects as necessary.

Updates are to be added as new threads on this issue.

Meta

Issue title format: 2025-10-10 — Application Security Testing weekly updates
Assignee: Whomever is responsible for ensuring updates have been submitted for each group. (Default: @rvider)
Update dates in Closed issues this week GLQL views to match the weeks in which this issue covers.
- Default: Friday to Friday.

Weekly update format

# Topic: <group-name /> - <name />

- On-track projects
  - [Project name](url)
    - What happened last week
    - Plan for this coming week
- Needs Attention/At Risk Projects
  - [Project name](url) — Status
    - Reason:
    - Mitigation:
    - What happened last week
    - Plan for this coming week
- Unplanned work
  - Concise summary of unplanned work - number of people involved + number of days or weeks involved

Roadmap status updates

We have status meeting updates each Tuesday at 7 a.m. PST. As a stage, we are responsible for updating the corresponding breakout slide with the content generated in this weekly issue. Each group is expected to update the Sec Section Planning and Execution Weekly agenda in advance of this sync.

Closing comment

@maw, @oazaria, @connorgilbert, @rvider - :waves:

FYI on this week's report from engineering teams in Application Security Testing. Summary can be found at <summary-section-url />

FYI: @dagron1, @mmishaev

Closed issues this week

Composition Analysis

display: table
title: Closed issues in Composition Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::composition analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10

Dynamic Analysis

display: table
title: Closed issues in Dynamic Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::dynamic analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10

Secret Detection

display: table
title: Closed issues in Secret Detection
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::secret detection" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10

Static Analysis

display: table
title: Closed issues in Static Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::static analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10

Vulnerability Research

display: table
title: Closed issues in Vulnerability Research
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::vulnerability research" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10

Checklist

@efeller -- Static Analysis
@amarpatel -- Secret Detection
@nilieskou -- Composition Analysis
@dabeles -- Vulnerability Research
@mikeeddington -- Dynamic Analysis
@rvider -- Closing remarks and stage productivity