Add Composition Analysis backend codeowners
What does this MR do and why?
This MR adds a section for optional approvals by groupcomposition analysis to backend work. There are two goals of this MR:
- Encourage collaboration when updating a model, service, or worker that's used by groupcomposition analysis. For example, we heavily rely on the
sbom_*
tables and models to perform Continuous Vulnerability Scans, so notifying us of changes to the models would help ensure that this doesn't impact this feature negatively. Alternatively, collaboration here could also let us know if there are any improvements being made that we should take advantage of. - Adds an optional approval for services that are owned by groupcomposition analysis. For example, the
ingest_cvs_slice_service.rb
file has as a lot of domain specific knowledge that would benefit from our team's review.
I also noticed that groupthreat insights section could use an update to the finders, so I added the ee/app/finders/sbom/
directory to the existing section.
Closes #436046 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.