Problem/Motivation

Security issues can be filed in the drupalcode gitlab instance even if they are not in the scope of getting a security advisory. We need a status for those.

Additionally, it would be great to automatically add this label if a module does not match the policy.

Steps to reproduce

Have a confidential issue in gitlab that is not in the security advisory policy, but it's not easy to see that with a quick glance and the current "security status" values are not applicable.

Proposed resolution

Add a new status to the "security status" grouping called "not in advisory policy"

Remaining tasks

? Gitlab admin needs to do stuff?

User interface changes

yes.

API changes

n/a.

Data model changes

n/a.

Comments

greggles created an issue. See original summary.

drumm’s picture

drumm
he/him
Location NY, US
commented

I’ve added the new label. Leaving open to automatically label new issues with this. (I don’t plan an automated backfill, that can probably done by searching in GitLab and bulk updating.)

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Issue summary: View changes

Thanks, drumm. Added an element to the issue summary to include that.

  • drumm committed 912b2ad4 on 1.0.x 
    feat: #3600605 Use “Security status::not in advisory policy” label when...
drumm’s picture

drumm
he/him
Location NY, US
commented
Assigned: Unassigned » drumm
Status: Active » Fixed

This is now deploying.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

drumm’s picture

drumm
he/him
Location NY, US
commented

For bulk updating, the listing is at https://git.drupalcode.org/groups/security/-/work_items?sort=created_dat...

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

Great, I flagged all those issues.

Appreciate the help!

  • b_man committed dc74a5b1 on case-studies-partner-diversity authored by drumm 
    feat: #3600605 Use “Security status::not in advisory policy” label when...

  • drumm committed 912b2ad4 on case-studies-partner-diversity 
    feat: #3600605 Use “Security status::not in advisory policy” label when...