Skip to content

FY26Q3 Stage Lead planning issue: Application Security Testing

Issue description

This issue outlines the themes that will be the focus of the Application Security Testing stage lead during Q3 of FY26.

Themes

Standardize configuration docs

  • Short description: Standardize configuration docs content for all application security testing tools.
  • Reasoning: Inconsistency of prerequisites and the configuration options available between tools creates unnecessary friction for users.
Issue Group(s) Status Effort Priority Details
Docs: Add prereqs to application security testi... (gitlab-org/gitlab#536451) devopsapplication security testing Waiting for @phillipwells Medium Medium Target milestone is 18.4.
Docs: Improve the introduction of application s... (gitlab-org/gitlab#568830 - closed) devopsapplication security testing Complete Medium Medium Completed in 18.5.

Standardize feature name spelling

  • Short description: Feature names in the application security testing section use a variety of spellings. We should edit them so each feature is in sentence case and is named consistently.
  • Reasoning: Maintaining docs that differ from our current style is challenging. Customers might also have a hard time finding information if features aren't consistently named.
Issue Group(s) Status Effort Priority Details
Docs: Sentence case Secure section feature names (gitlab-org/gitlab#560856) devopsapplication security testing 🚧 In progress High High Aim to spread work over the quarter.

Ensure screenshots are current

  • Short description: Review screenshots that are likely to be out of date and either update or remove them.
  • Reasoning: Outdated screenshots make it more difficult for users because when they compare what they see against what's in the docs it raises concern over if all the content in a task might be out of date. As a result it adds "friction" to a task and erodes confidence in the product.
Issue Group(s) Status Effort Priority Details
Docs: Review outdated screenshots in AST docume... (gitlab-org/gitlab#540572 - closed) devopsapplication security testing High High

Tutorials

  • Short description: Create tutorials for secret detection features.
  • Reasoning: We have published tutorials for several secret detection features, but not yet one for one of the most-used features - pipeline secret detection.
  • Note: Consider adding links to new tutorial content to the top-level tutorial pages at https://docs.gitlab.com/ee/tutorials/.
Issue Group(s) Status Effort Priority Details
Docs: Create tutorial on pipeline secret detection (gitlab-org/gitlab#526749 - closed) groupsecret detection Complete Medium Medium Target milestone is 18.4. Led by: Technical Writer (@phillipwells )

Quick wins

  • Short description: Easy docs fixes an improvements across the AST docs.
  • Reasoning: While it's important that big cross-stage improvements are planned and tracked, it's also important to recognize small but significant improvements.
display: table
title: Application Security Testing quick wins 🎉
description: Small improvements to the AppSec docs
fields: title, author, milestone, state
limit: 10
query: project = "gitlab-org/gitlab" AND label = (~"quick win" , ~"tw-lead::application security testing") AND type = MergeRequest AND created > 2025-07-01 and created < 2025-10-31

Legend:

  • : Waiting for <...>. technical writer, or PM input, or Engineering input
  • 🚧 : In progress
  • : Complete
  • 🏋🏽 : Stretch goal (add next to any item that is aspirational this quarter)

Retrospective

After the quarter is complete, create discussion threads with the following titles. Use these discussion threads for self-reflection and to note feedback from others about how the quarter went.

## 👍 What went well?
## 👎 What didn't go as well?
## 📈 What could be improved for next time?

Ongoing tasks

Manage TW-DRI assignments for all milestones:

Specific TW milestone planning issues:

  • 18.3. Release date: 2025-08-21
  • 18.4. Release date: 2025-09-18
  • 18.5. Release date: 2025-10-16

References

Edited by Russell Dickenson