Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | sbassett | T289290 Design and Build Application Security Pipeline Components for Gitlab | |||
Resolved | brennen | T289292 Create Security Team group within gitlab.wikimedia.org | |||
Resolved | sbassett | T289293 Create initial proof of concept application security pipeline repository | |||
Invalid | None | T294307 Research and design basic ci processing scripts (to exit 1 for tools that report errors and generate report artifacts) |
Event Timeline
It would be nice to have a working example of this, and some accompanying documentation, but I'm not sure if/when this paradigm should be followed. That would likely need to be clarified within a Wikimedia .gitlab-ci.yml style guide. Yes, this will likely always be the "cleanest" approach, but it might also be more of a hassle given the ease and flexibility that most security-related reporting can likely be accomplished by simple shell commands, python -c one-liners, etc. And the fact that, currently, gerrit + jenkins ci tends to favor raw output over report artifact generation for the time being.
I'm going to decline this as invalid for now as I do not believe it is relevant to the work the Security-Team is currently pursuing this quarter (Q2 2021 Oct to Dec). At some point in the future, this task could possibly be re-worded and taken up again.