FY26Q1 Stage Lead planning issue: Application Security Testing
Issue description
This issue outlines the themes that will be the focus of the Application Security Testing stage lead during Q1 of FY25.
Themes
Improve HOWTO information
- Short description: Improve the HOWTO information on triaging vulnerabilities.
- Reasoning: The individual tasks on the topic are well-documented. However, the documentation lacks guidance on how the tasks should be completed together to maximize efficiency and effectiveness.
- Note: Issues marked
🔵 were carried over from FY25Q4.
| Issue | Group(s) | Status | Effort | Priority | Details |
|---|---|---|---|---|---|
| Document how to remediate leaked secrets (gitlab-org/gitlab#485643 - closed) | groupsecret detection |
|
High | Medium | Target milestone is 17.11. Led by: @phillipwells |
| Create docs page - Remediate (gitlab-org/gitlab#515736 - closed) | groupsecurity insights |
|
High | Medium | Target milestone is 17.10. Led by: @rdickenson |
|
Create docs page - Triage (gitlab-org/gitlab#497276 - closed) |
groupsecurity insights |
|
High | Medium | Target milestone is 17.10. Led by: @rdickenson |
| Create docs page - Analyze (gitlab-org/gitlab#497277 - closed) | groupsecurity insights |
|
High | Medium | Target milestone is 17.10. Led by: @rdickenson |
Clarify conceptual information
- Short description: Improve the conceptual information of several AST features.
- Reasoning: Customer tickets have demonstrated that these concepts are not well understood.
- Note: Issues marked
🔵 were carried over from FY25Q4.
| Issue | Group(s) | Status | Effort | Priority | Details |
|---|---|---|---|---|---|
|
[meta] Feature name: Continuous Vulnerability S... (gitlab-org/gitlab#477593) |
groupcomposition analysis |
|
High | Medium | Target milestone is 17.11. Led by: @rdickenson |
|
Update secret push protection docs to visually ... (gitlab-org/gitlab#474392 - closed) |
groupsecret detection |
|
Low | Low | Target milestone is 17.10. Led by: @phillipwells |
| Pipeline secret detection docs are vague on wha... (gitlab-org/gitlab#505589 - closed) | groupsecret detection |
|
Medium | High | Target milestone is 17.10. Led by: @phillipwells |
Restructure introductory content on application security testing
- Short description: Edit introductory content on application security testing so that users/customers can get started efficiently and effectively.
- Reasoning: Without guidance on getting started with AST customers are worse off than before. With AST being a core Ultimate feature, user frustration risks customers switching to a lower tier or moving to a competitor.
- Note: Issues marked
🔵 were carried over from FY25Q4.
| Issue | Group(s) | Status | Effort | Priority | Details |
|---|---|---|---|---|---|
| Edit docs page - Application security (gitlab-org/gitlab#497274 - closed) | groupstatic analysis |
|
Medium | Medium | Target milestone is 18.1. Led by: @rdickenson |
| Docs: Move content outside scope of an overview (gitlab-org/gitlab#525635 - closed) | groupstatic analysis |
|
Medium | Medium | Target milestone is 18.0 Led by: @rdickenson |
Legend:
-
⏳ Waiting for<...>.technical writer, orPM input, orEngineering input -
🚧 : In progress -
✅ : Complete -
🏋🏽 : Stretch goal (add next to any item that is aspirational this quarter)
Edited by Russell Dickenson