12.10 planning - Composition Analysis
Links
-
12.10 - Planning Board for checking Deliverable/
Stretch/"Next Patch Release" -
12.10 - Dev workflow Board for checking workflowscheduling and workflowready for development
Context
Capacity variations
This includes planned OOO, internships, conferences and other initiatives outside of groupcomposition analysis.
Items slipping from previous release
This is a rough list of the items that may have a significant impact on that release (no need to be an exhaustive list).
...
Product Goals in priority order
Please work them in order! If you feel I should add priority labels like ~P1 or something to them instead let me know!
Epic: Limited Connectivity vulnerability analysis and license compliance for on-prem instances
1.Also known as offline, air-gap, local area network, etc.
This spans across teams, but this is part of being the boring solution that helps you be more secure and we need to keep moving the needle
2. Remove DinD
- epic: Make Docker-in-Docker (DinD) optional (not a requirement) for security products
- When the above is complete we'll move to epic: Remove the Docker-in-Docker requirement for security products
3. Performance, Reliability, Availability and Quality
We should be a stable and not buggy experience. period. we should have tests to help us avoid regressions and benchmark ourselves I try to put in a few of each of the below to keep slow and steady progress
- ~P1 ~S1 (~P2 ~S2 if no p1/s2, etc) or any previous placed ~bug bug(s)
- ~performance issue
- reliability issues
- ~availability issues
- ~"technical debt"/~backstage issue(s)
- test (helping quality enhance our testing) issue(s)
- UX debt UI polish or ~"UX Bug" item UX Debt issue(s) or UI Polish issue(s) or UX Bug issue(s)
Epic: Suggested Solution (was Auto Remediation)
This spans across teams, but this is part of being the boring solution that helps you be more secure and we need to keep moving the needle
Epic: User Experience - Minimal to Viable
Epic: Dependency Scanning - Minimal to Viable
Epic:Enable Secure Stage Third Party Integrations
Partner OnboardingThis spans across teams, but this is a really frequent ask and we need to position ourselves to enable these integrations so they are where we want and how we want and aren't disparate and haphazard
Epic: Dependency Scanning category vision
Maturity Level: Viable
Next Maturity Level: 2021-01-31 Epic:Dependency Scanning - Viable to Complete
- dependency list and ~"Category:Dependency Scanning"
Epic: Container Scanning category vision
Maturity Level: Viable
Next Maturity Level: 2021-02-31 Epic: Container Scanning - Viable to Complete
Epic: Security reports: Remodel severity and confidence
UX ImprovementsEpic: License Compliance category vision
License Scanning /Maturity Level: Viable
Next Maturity Level: 2021-02-31 Epic: License Compliance - Viable to Complete
- ~"Category:License Compliance" issue(s)
Product Goals we can't fit in this release
Improve .Net
Improve python
We have a lot of debt around python improvement
Epic:Improve License Compliance support for Python
Epic:Improve Dependency Scanning support for Python
OSS Scanners to Core
Epic: Move selected security features to Core
Dogfooding
Enterprise Readiness
Merge Request Security reports
- ~"MR security reports"
Pipeline Security reports
- ~"pipeline security reports"