Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3538

Update our release documentation with new SSDLC-related stuff

    • Type: Icon: Task Task
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 100.11.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • 3
    • TAR 2024-08-19
    • Tools and Replicator
    • 0.5
    • Not Needed

      Problem

      See design doc for details.

      Solution & Acceptance Criteria

      This should cover the following topics:

      • How to fill out the SSDLC report template.
      • How to generate the SBOM augmented file for the release.
      • The SBOM augmented file should be merged back to the main branch after release
      • How to determine that we’ve met our SLA regarding issues found via third-party vulnerability and static analysis scanning.
      • How to generate the SARIF file for the release using gosec.
      • Add documentation of who is allowed to release the project.
        • In our case this is "all engineers on the Tools and Replicator" team.

      We also need this to include some information about our development practices, per our SSDLC Policy.

            Assignee:
            dave.rolsky@mongodb.com Dave Rolsky
            Reporter:
            dave.rolsky@mongodb.com Dave Rolsky
            Craven Huynh (Inactive), Jian Guan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: