Details
-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
Assuming that we start to define a ‘due date’ on new security issues (on top of the ‘private’ security level), we could create a job that would report in #pd every day which tickets are getting close to the deadline, and what their status is (is there an assignee, is the ticket in progress).
We could time that message such that it would be just in time for SoS, so that attendees would act on it.
An exemple of ticket that should show up is MGNLVA-20.
Discovery notes
The bot would simply need to forward to Slack the output of a Jira filter such as the following: https://jira.magnolia-cms.com/issues/?jql=status%20NOT%20IN%20(%27Closed%27%2C%20%27Resolved%27)%20AND%20level%20%3D%20Private%20AND%20type%20!%3D%20Sub-task%20AND%20labels%20%3D%20security%20AND%20assignee%20is%20EMPTY%20AND%20created%20%3E%20startOfDay(-90)%20AND%20project%20NOT%20IN%20(%27ONDEMAND%27%2C%20%27SRE%27)
That being said, there's many tickets in there that we don't want to share to #pd every single day. Should we maintain a blacklist so that only recent & untackled security issues show up?