Continuous Scanning Working Group

Implement continuous scanning for GitLab projects


Property Value
Date Created 2022-05-23
End Date 2022-10-03
Slack #wg_continuous_vuln_scans (only accessible from within the company)
Google Doc Event Stream Working Group Agenda (only accessible from within the company)
Issue Label ~WorkingGroup::ContinuousScanning


The goal for this working group is to complete the work described in this Epic.

Exit Criteria

Our exit criteria maps to the proposal found in this Epic:

  1. SBOM information is ingested and stored in the database
  2. Advisory DB information is ingested and stored the the database
  3. Scans are triggered automatically when any changes are detected for either the SBOM information or the Advisory DB information


When the group was started, the target features were in categories spread across different stages and groups. With the creation of the Govern Stage the remaining two items are wholly within the responsibilities of the Composition Analysis group in the Secure stage, and as such they’re best completed as business-as-usual features in the owner group.

Roles and Responsibilities

Working Group Role Person Title
Executive Sponsor Hillary Benson Director of Product Management, Sec & Data Science
Engineering DRI Thiago Figueiró Backend Engineering Manager, Govern:Threat Insights, Govern:Security Policies
Product DRI Matt Wilson Senior Product Manager, Govern
Member Igor Frenkel Senior Backend Engineer, Secure:Composition Analysis
Member Brian Williams Senior Backend Engineer
Advisor Mehmet Emin Inac Staff Backend Engineer, Govern:Threat Insights