13.1 Planning - Static Analysis
🔒 Secure, Static Analysis - Kickoff Video
Assess your applications and services by scanning your source code for vulnerabilities and weaknesses.
devopssecure groupstatic analysis @gitlab-org/secure/static-analysis-be
Category | Direction | Maturity | Priority |
---|---|---|---|
Category:SAST | Epic | maturityviable | ~P1 |
Category:Secret Detection | Epic |
maturityminimal -> maturityviable |
~P2 |
Category:Malware Scanning | Epic | maturityplanned | ~P4 |
🔗
Helpful Links - How we work
- Slack channel: #g_secure-static-analysis
- Static Group UX issues
-
Planning Workflow Board - overview of all workflow stages
- Delivery Workflow Board - focused on development
- Planning Board - focused on pre-development
Themes
🚧 Simplify & Cleanup
Continued from %13.0 we are focused on improving the quality of all our existing scanners and updating them. Once we are happy with the stability of all our existing scanners, this role will move our our new Community rotation program to ensure we don't regress in the future.
- Update out of date scanners
- Fix bugs directly relating to the quality of scan results
- Cleanup Epic
🚀 Secret Detection to Viable
%13.0 saw a lot of improvements for Secret Detection. We are now at a point where we will declare the Category:Secret Detection as maturityviable
- Update documentation to reflect status
- Handle any bugs related to %13.0 release of Standalone Secret Detection & New Vendored Template
🛠 Configuration UI
With nearly 15 SAST scanners, there are a lot of configuration options for SAST. These can be hard to understand for the first time and to ensure your security scans remain functional over time. A configuration UI will help manage and setup SAST configuration options.
- UX research issue
- Design UI Configuration Architexture
- Impelment a first configuration option
👥 Community Rotation
New in %13.1 we are creating a new community manager to have a dedicated resource to focus on:
- community contributions to static scanners
- handle customer escalations/bugs
- SAST scanners to Core
Community Manager for 13.1: @rossfuhrman