Open sharon-fdm opened 4 months ago
cc: @lukeheath @noahtalerman @mostlikelee Moved to specified per this:
@sharon-fdm This seems valuable because it will give us visibility into what's happening inside the vulnerabilities GitHub workflow. Could we also report how many times the release has been downloaded?
Our ability to work on this will be dependent on the estimate.
@sharon-fdm I'm assigning back to you to take to estimation.
@lukeheath
how many times the release has been downloaded
Good metric. Added.
Vuln Repo: 5 points Heroku + Datadog : 1 point
@sharon-fdm It won't be easy to prioritize this soon at a 5-point estimate. Can we reduce scope and not include datadog at all? What if we just fire a Slack notification to #help-engineering if the job fails? Seems like we could do that in 1-2 hours.
@lukeheath makes sense to shoot critical alerts only. @mostlikelee, two questions:
TMWYH
@sharon-fdm we already have failures posting to the P1-Help channel. We could timebox the metric effort to 2-3 points.
Goal
Context
We currently collect metrics and send it to DataDog. Use the same mechanism to send info from the GitHub action on the vuln repo directly to DataDog. Collect:
Changes
Product
Engineering
QA
Risk assessment
Manual testing steps
Testing notes
Confirmation