Skip to content

Update CODEOWNERS to require static analysis review for secrets check

What does this MR do and why?

This merge request follows the process outlined in code owners guideline to add the groupstatic analysis as a code owner of the following files:

  • /ee/lib/gitlab/checks/secrets_check.rb
  • /ee/spec/lib/gitlab/checks/secrets_check_spec.rb
  • /ee/spec/support/shared_contexts/secrets_check_shared_contexts.rb
  • /ee/spec/support/shared_examples/lib/gitlab/secrets_check_shared_examples.rb
  • /lib/gitlab/checks/changed_blobs.rb
  • /spec/lib/gitlab/checks/changed_blobs.rb

To ensure a review by the group is required when those files are changed in any subsequent merge request.

This is not to claim full ownership of the files or of the secrets push check, but to ensure the team is involved and consulted on any changes that could affect the pre-receive secret detection feature which is a performance-critical feature as we want to exercise carefulness with how it is modified or updated at this point in time.

cc/ @amarpatel As discussed in our 1:1, here is the merge request updating the codebase's CODEOWNERS file. As part of the process (linked above), I also have to invite the @gitlab-org/secure/static-analysis group to the gitlab-org/gitlab project as a members:

For approval to be required, groups as Code Owners must have a direct membership (not inherited membership) in the project. Approval can only be optional for groups that inherit membership. Members in the Code Owners group also must be direct members, and not inherit membership from any parent groups.

Therefore, if you receive any notifications about being added as members to the gitlab-org/gitlab project, this is the reason.

MR acceptance checklist

I have evaluated this MR against the MR acceptance checklist.

Merge request reports

Loading