Retrospectives

This page contains executive summaries of retrospectives done by the Secure::static analysis group. The purpose of these summaries is to externalize lessons learned during the retrospective process.

Access to internal retrospective documentation is available to the team and their immediate counterparts only.

17.0

This milestone focused on the deprecation and migration of functionality from various SAST analyzers to the semgrep based analyzer.

During this milestone the following concerns were raised in no particular order:

  1. Lack of awareness of QA processes that failed during the final moments of the milestone caused confusion.

  2. The release process for the sast-rules/semgrep pair is cumbersome and needs streamlining.

  3. Implementation plans were not kept up to date during the milestone and caused unnecessary difficulty during the review process.

Specific Remediations raised during the discussion:

  1. Undertake maintenance tasks to reduce complexity of semgrep & sast-rules release.

  2. Apply strict review processes for implementation plans, and refer to the MVC principle more frequently

Last modified June 18, 2024: Add relative links rule (cd96f133)
View page source - Edit this page - please contribute. Creative Commons License