2025-10-10 — Application Security Testing weekly updates
Process
Each week, groups in Application Security Testing are expected to provide updates on roadmap initiatives which are underway. Updates can be delegated as needed. Please add/remove projects as necessary.
Updates are to be added as new threads on this issue.
Meta
- Issue title format:
2025-10-10 — Application Security Testing weekly updates
- Assignee: Whomever is responsible for ensuring updates have been submitted for each group. (Default: @rvider)
- Update dates in
Closed issues this week
GLQL views to match the weeks in which this issue covers.- Default: Friday to Friday.
Weekly update format
# Topic: <group-name /> - <name />
- On-track projects
- [Project name](url)
- What happened last week
- Plan for this coming week
- Needs Attention/At Risk Projects
- [Project name](url) — Status
- Reason:
- Mitigation:
- What happened last week
- Plan for this coming week
- Unplanned work
- Concise summary of unplanned work - number of people involved + number of days or weeks involved
Roadmap status updates
We have status meeting updates each Tuesday at 7 a.m. PST. As a stage, we are responsible for updating the corresponding breakout slide with the content generated in this weekly issue. Each group is expected to update the Sec Section Planning and Execution Weekly agenda in advance of this sync.
Closing comment
@maw, @oazaria, @connorgilbert, @rvider - :waves:
FYI on this week's report from engineering teams in Application Security Testing. Summary can be found at <summary-section-url />
FYI: @dagron1, @mmishaev
Closed issues this week
Composition Analysis
display: table
title: Closed issues in Composition Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::composition analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10
Dynamic Analysis
display: table
title: Closed issues in Dynamic Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::dynamic analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10
Secret Detection
display: table
title: Closed issues in Secret Detection
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::secret detection" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10
Static Analysis
display: table
title: Closed issues in Static Analysis
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::static analysis" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10
Vulnerability Research
display: table
title: Closed issues in Vulnerability Research
fields: title, epic, closed, health, milestone
limit: 5
query: project = "gitlab-org/gitlab" and label = ~"group::vulnerability research" and state = closed and closed > 2025-10-10 and closed <= 2025-10-10
Checklist
-
@efeller -- Static Analysis -
@amarpatel -- Secret Detection -
@nilieskou -- Composition Analysis -
@dabeles -- Vulnerability Research -
@mikeeddington -- Dynamic Analysis -
@rvider -- Closing remarks and stage productivity