Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / GitLab Group Kickoffs - Secure: Static Analysis / 17 Feb 2021
GitLab / GitLab Group Kickoffs - Secure: Static Analysis / 17 Feb 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: GitLab 13.10 Kickoff - Secure: Static Analysis

Description

GitLab Secure: Static Analysis Product Manager, Taylor McCaslin, provides an Overview of 13.10 release plans.

Content from the video:
- 13.10 Planning Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/301217
- Static Analysis Team Development Process: https://about.gitlab.com/handbook/engineering/development/secure/static-analysis/
- Replacing SAST Analyzers with Semgrep: https://gitlab.com/gitlab-org/gitlab/-/issues/262068
- 14.0 Removals and Deprecations: https://gitlab.com/gitlab-org/gitlab/-/issues/273620#static-analysis
- Improved Vulnerability Tracking - https://gitlab.com/groups/gitlab-org/-/epics/5144

A

Hi everyone, my name, is taylor, mccaslin and I'm a principal product manager here, working with our static analysis team and today, I'm going to give you a quick overview of our 13.10 plan to start off we're moving forward with our replacement of sas analyzers with sim grip. So this transition is been explored and we're moving forward to to transition some of our scanners. To this.

A

This will provide us new flexibility with writing rules both internally for gitlab, but as well as for you, our customers. Next we've got a large focus on our deprecations and removals leading up to 14.0.

A

So if you have not definitely go read the 13.9 release post, which includes all of the information about these deprecations, which we announced in 13.9 we'll be implementing these in 13.10 and we'll be removing these changes in 14.0.

A

So you've got about two releases to adjust and fix anything before these removals happen in our next major release and then finally, we're also working on improving the accuracy of tracking for sas and secret detection findings. This is using a new fingerprinting solution that we've been working on, we're being very careful as we roll this out.

A

So it's something that's happening in the background as we collect data to ensure that this new fingerprinting solution does actually produce more accurate results and remove duplicates.

A

So that's something that we're looking forward to continuing working on in 13.10, and that is a quick overview of our plans and I think it'll be a great release. Thanks, bye.