Project status?

[pieterlange]

Description

Project is open sourced only to be immediately abandoned.

What type of issue is this? (place an x in one of the [ ])

• [ ] bug
• [ ] enhancement (feature request)
• [x] question
• [ ] documentation related
• [ ] testing related
• [x] discussion

Requirements (place an x in each of the [ ])

• [x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
• [x] I've read and agree to the Code of Conduct.
• [x] I've searched for any related issues and avoided creating a duplicate issue.

---

Bug Report

Reproducible in:

github.

Steps to reproduce:

1. Open pull request
2. Have it sit idle for months
3. :skull_and_crossbones:

Expected result:

Some @slackhq teammember to respond to open issues/PR's.

Actual result:

What actually happened: nothing

Attachments:

https://github.com/slackhq/goSDL/pulls https://github.com/slackhq/goSDL/issues

[anroots-tw]

I'm interested in what ever happened to this tool, a year later - is it still actively used in Slack? What are development plans? Will it continue to get support and features?

[hybridwise]

Yes, please update on the plans! We would like to use this tool with Jira cloud for example.

[D-3lf]

Looks like it's been abandoned. Maybe someone can fork it and maintain that version?

[pieterlange]

On github, that someone can be you :) But it won't be me, im not even sure if there are any active users. But the project looked cool anyway, if only for the delivery structure ideas it provided.

[Ian1324]

I asked Kelly Ann, Product Security Engineer at Slack, for the status of this project. She's rewriting the app in Python using their latest Python SDK to make it easier to read and customize for other folks. Once it's done it will be shared with the world.

[FYJen]

Went to a security conference in Sept. and heard Kelly talk about a security checklist that Slack is about to open source. Looks like it is this project. It seems like a good start for companies that want to promote security awareness and distribute responsibilities.

Looking forward to the Python version of this app and giving it a try.

[Ian1324]

Latest status found here: https://locomocosec.com Have to wait a little longer i guess.

Slack’s security team has been famous for our Secure Development Lifecycle process for rapidly growing startups, and our associated tool, /go SDL. We proudly exported our process to our appsec peers, and have loved hearing about the ways people adopted this as a new standard for appsec at scale.

However, more than four years have passed since this process has been introduced, and it would be naive to think that we’ve perfected it, and that there’s nothing more to learn. We gathered a lot of feedback - we found out what engineers loved and hated about the process. And we created a wishlist of new features.

So we built a new app that kept everything we loved about the old tool, and added crucial new features that we’re excited to share. We hope to address issues that are universal in appsec -

• How do we prioritize our security review efforts?
• How do we keep engineers informed on the status of our review, and make our work more visible to the engineering team?
• How can we automate checking in with the developers to find out if anything has changed in their project?
• How do we keep relevant security documentation easily accessible for engineers?

We hope you’ll join us to hear about what we’re working on, and the tool we plan to open source this year as we strive to make the security review process simpler, more pleasant, and more productive.

[mini-corn-dogs]

Any news on the status of goSDL? Has they Python app come out? Looks like Kelly Ann was the lead for rewriting goSDL into Python but went to Apple in August. Not sure how that impacted the project?