Continuous Scanning Working Group
Implement continuous scanning for GitLab projects
Attributes
| Property | Value |
|---|---|
| Date Created | 2022-05-23 |
| End Date | 2022-10-03 |
| Slack | #wg_continuous_vuln_scans (only accessible from within the company) |
| Google Doc | Event Stream Working Group Agenda (only accessible from within the company) |
| Issue Label | ~WorkingGroup::ContinuousScanning |
Goals
The goal for this working group is to complete the work described in this Epic.
Exit Criteria
Our exit criteria maps to the proposal found in this Epic:
- SBOM information is ingested and stored in the database
Advisory DB information is ingested and stored the databaseScans are triggered automatically when any changes are detected for either the SBOM information or the Advisory DB information
Outcome
When the group was started, the target features were in categories spread across different stages and groups. With the creation of the Govern Stage the remaining two items are wholly within the responsibilities of the Composition Analysis group in the Secure stage, and as such they’re best completed as business-as-usual features in the owner group.
Roles and Responsibilities
| Working Group Role | Person | Title |
|---|---|---|
| Executive Sponsor | Hillary Benson | Director of Product Management, Sec & Data Science |
| Engineering DRI | Thiago Figueiró | Backend Engineering Manager, Govern:Threat Insights, Govern:Security Policies |
| Product DRI | Matt Wilson | Senior Product Manager, Govern |
| Member | Igor Frenkel | Senior Backend Engineer, Secure:Composition Analysis |
| Member | Brian Williams | Senior Backend Engineer |
| Advisor | Mehmet Emin Inac | Staff Backend Engineer, Govern:Threat Insights |
Last modified June 27, 2024: Fix various vale errors (
46417d02)
