I'm thinking about when is the perfect moment to run a SAST review but I am not sure. For me the best moment is before merging my branch to master (on the pull request), due to, you can fix it before putting your code on production. However, imagine, there are two or more branches without any vulnerability (you run your SAST review before merging these branches), is it possible new vulnerabilities appear on the code if you merge these branches without vulnerabilities into master? I mean the combination of different code without vulnerabilities can make you code vulnerable? if yes, could you give an example? does it make sense to run another SAST review on master (after merging any branch)?
In Azure DevOps, is there an easy way to find the total number of commits by developer within a specific time period? Possibly with the number of lines added/removed as well? Based on 1 repo or multiple.
Similar to this image from GitHub...
I think this is a general git question.
What we did in our peoject is similar to Git number of commits per author on all branches
You would go for something like:
git shortlog -s -n --all --no-merges --since="22 Aug 2019" --before="01 Sept 2019"
This would result in:
you could also add the author by adding --author=name like:
I would suggest to read the docs for options.
You could check out the marketplace. A possible extension would be Contributions Graph, which also allows you to select one or more repositories.
If you use VisualStudio, a quick way to achieve the number of commits is to copy and paste the changeset history into excel and filter by user. It's not something I'd want to use regularly but it works.
It's worth mentioning though, that lines of code committed can be misleading and therefore unfair to the coders. Good code can be a lot shorter than bad code. And lots of code might just contain external libraries etc.
I have an issue on gitlab, #1. This issue when it was created it contained two tasks.
Is there a way to mention/reference/close one of the two tasks in a git commit ?
Not yet, but at least you can define tasks in an issue now.
This comes with GitLab 15.3 (Aug. 2022)
Create tasks in issues
Tasks provide a robust way to refine an issue into smaller, discrete work units.
Previously in GitLab, you could break down an issue into smaller parts using markdown checklists within the description.
However, these checklist items could not be easily assigned, labeled, or managed anywhere outside of the description field.
You can now create tasks within issues from the Child Items widget.
Then, you can open the task directly within the issue to quickly update the title, set the weight, or add a description.
Tasks break down work within projects for GitLab Free and increase the planning hierarchy for our GitLab Premium customers to three levels (epic, issue, and task).
In our next iteration, you will be able to add labels, milestones, and iterations to each task.
Tasks represent our first step toward evolving issues, epics, incidents, requirements, and test cases to work items.
If you have feedback or suggestions about tasks, please comment on this issue.
See Documentation and Epic.
While doing some branch maintenance today, I lost a MR and the associated discussion. Not a tragedy but I'd like to get it back if possible. I found an open GitLab enhancement request to undo branch delete but that doesn't quite seem to be what I want. Here's what happened:
Branch A was pushed to our local installation of GitLab, an MR created, and some discussion ensued. We realized that A was a good start but we needed some significant refactoring. We hoped to keep the branch name for the work we'd ultimately merge/ship so we:
Created A-prime on the local system and pushed it to GitLab
Deleted A, hoping that the MR would be associated with the commits, not the branch. But when we deleted A, the MR was no longer accessible.
Recreated A at the same commit as it had been and pushed it to GitLab hoping the MR was hanging out and would get reassociated.
Clearly our mental model of GitLab is wrong. It seems that a post-commit hook or something deletes MRs as a branch is deleted. My question now is: can I get the deleted MR and its discussion back?
I apologize for wasting the communities time. I'm a GitLab newbie and was stumbling around. I didn't stumble far enough. Today we discovered that you can get to the original MR if you have the URL. When you get there, it's Closed, as you'd expect, I suppose. If you go back to the project level and navigate to MRs, then pick the Closed tab, it's there. It likely was there all along but in our panic and newbiness, we didn't find it.
Deleted A, hoping that the MR would be associated with the commits, not the branch.
That is not indeed how a MR is managed.
I prefer creating a new MR, with as a first comment a link to the previous one, and a summary of the state of the discussion.
However, it does not seem to be possible to rename the branch associated with the MR (issue 32952): this is part of a larger discussion at GitLab, still in progress.
In the meantime, try and contact GitLab support to ask them to restore your old branch (and hopefully its MR)
I've been a JIRA and Bugzilla admin in past jobs, and have quite often had users ask for the ability to have more than one assignee per issue.
I know this is possible in JIRA, but to my mind it never makes sense; an issue should represent a piece of work, and only one person can do a piece of work (at least in software, I've never used an issue tracker for a 2-man bobsled team ;-)) A large piece of work will obviously involve more than one person, but I think in that case it should be split into subtasks to allow for accurate status reporting.
Does anyone have any use cases where it's valid to have multiple assignees ?
The Assignee field means many things to many people. A better name might be "Responsible User". There are three cases I discuss with my clients:
A. number of assignees = 0
JIRA has an Allow Unassigned issues option but I discourage use of that because if a work item isn't owned by anyone it tends to be ignored by everyone.
B. number of assignees = 1
The default case
C. number of assignees > 1
Who is responsible for the work item represented by the issue? The best case I've seen for this is that when an issue can be handled by any one person in a team, so before triage the issue is assigned to everyone in that team. I think a better approach is to create a JIRA user with an email address that sends to the whole team, and assign it to that user. Then a member of the team can have the issue assigned to them in particular.
Changing the one assignee case has the history recorded in the History tab. Nothing is lost in that case.
I'll often have a story / feature that can be split across multiple developers. They will have individually assigned subtasks but it would make sense to assign the parent to all involved, unless there's a lead developer. I wasn't actually aware that I could do multiple assignments, so thanks for the tip!
The other case I can think of is pair programming.
I hit upon this question while looking for solutions to doing this. Since I want to do this, I'm guessing my use case counts as an answer to your question: I only really want one assignee in the sense of someone currently working on a problem, but I want to track the whole lifecycle of an issue. For us, that can mean:
A support person receives a report from a customer, creates an issue
An issue-wrangler reviews the issue to make sure it's valid, not duplicated, has all appropriate details, etc.
A developer implements/fixes the issue
A tester performs whatever tests are appropriate (in our case, mostly extending our automated testsuite to additionally test the feature/fix)
An operations person rolls out the new version to a test environment
A support person informs the customer, who does his own tests with the new version in the test environment
An operations person rolls out the new version to production
Not all issues necessarily go through all steps. Some issues have more steps (e.g. a code review between step 3 and 4). Many issues will also move backwards among the steps (developer needs more information, we go from step 3 to 1 or 2; tester spots a problem, we go from 4 to 3).
At each stage, only one person is actually responsible for whatever's got to be done. Nevertheless, there are a whole bunch of people who are associated with the issue. Tracking systems we've used are happy to offer easy changes to previous owners of the issue (shown as a list), but I'd ideally like to go a step further, with the owner automatically reverting to the correct prior owner depending on the issue's status. At step 6, the original support person from step 1 should ideally contact the customer. At step 7, the ops person from step 5 would ideally be the assignee.
In other words, while I don't want multiple assignees for a given step, I do want there to be a "support assignee", a "developer assignee", a "testing assignee", etc.
We can do this with subtasks and we can do it by manually selecting previous owners when changing statuses, but neither is ideal and I think the situation above is one where multiple assignees would make sense.
In my company, we have a similar workflow to Nikhil. We work in a scrum model, with developers, testers and a technical writer on each team.
The workflow of a development task is
Development -> Developer review -> QA testing -> PO Acceptance -> Done
The workflow of a QA task is
QA writes test case / automated test -> QA review -> Done
We had a tool which JIRA replaced that allowed us to assign multiple people to a task, which we found very useful for our workflow. On a QA task, I could easily see if the other tester on my team had already done work and I needed to do the next step.
Without this, I am finding it difficult to quickly identify tasks written by the other tester on my scrum team which are ready for me to review (versus the ones I wrote which they need to review).
So many people have asked for the ability to have multiple assignees since at least 2007. They have varying, valid use cases. I was disappointed that the JIRA development team unilaterally said they won't implement this and would ask them to reconsider.
https://jira.atlassian.com/browse/JRA-12841
While pair-group working (pair programming etc..) it would be nice to assign both persons to the issue.
Tasks move through different steps through development (example: Development, review, testing). Different persons can be responsible for each step. Even though the task may be in review or testing, the reviewer will have stuff fore the developer to fix. Having different roles to assign to would help organizing the work.
In our team we usually develop 1 or 2 persons together.
Then the code is reviewed by around 2-5 persons in individually or in pairs
Then it is tested by 1-2 persons initially, finally tested by the whole team.
Currently our system allows us to assign a single person at a given time. That limits our ability to follow who is working on what without looking through the log for the issue. The benifits of beeing able to assign multiple persons would be good for us.
What happens if John is assigned a task and cannot finish it, and it is moved to Jane's list because John was a slacker?
Are you OK with losing history of who it was originally assigned to, and the hours that were spent / billed on it?
In an e-Learning scenario, it makes sense to have an issue assigned to multiple users.
Here is what I want to do:
I have a storyboard which I want to assign to 3 people at the same time - the animators, the recording artists and the graphic designers. Once these people finish their tasks, they will pass it on to a common reviewer, who will review and close the issue.
Graphically it would look something like this:
Storyboard
/ | \
graphics animator recording
\ | /
reviewer
|
done
The three job roles depend only on one storyboard. The compilation of the three have to go to a reviewer. I'm racking my brains to get this working on redmine. Haven't found a solution yet.
Got this answer from an Atlassian partner https://www.isostech.com/solutions/
and then later from Atlassian
Objective:
Want to set who does the works for each step on an issue
Summary:
Use a plugin to copy values from custom fields into the assignee field whenever the issue transitions to a new step.
How:
1. Install the Suite Utilities plug-in:
This plug-in adds a bunch of new functionalities to workflows.
You will use the plug-in to copy the value of a custom field to the assignee:
Create a custom field as single user picker for each role i.e., dev, tester, reviewer to be assigned at different steps in the issue
Add these fields to the issue type's screen
Modify the post-function on the workflow transition between each step
Add a "Copy Value From Other Field" post function and set it to copy the value from the appropriate user custom field into the assignee field.