-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define new incident events for the DORA metrics #59
Comments
Agreed that this would be super helpful, especially for those interested in using CDEvents for DORA metrics. Here's a possible starting point. It's a new {
"context": {
"version": "0.1.x",
"type": "dev.cdevents.incident.reported.0.1.x",
"id": "<incident_id>",
"source": "<source>",
"timestamp": "<reported_time>"
},
"subject": {
"id": "<incident_id>",
"type": "incident",
"content": {
"environment": { "id": "<environment>" },
"artifactId": "some-package-url"
}
}
} And similarly for |
I could see one being able to link an incident to service deployments and artifacts using the |
Notes from the CDEvents WG on Nov 23rd, 2022:
|
@afrittoli Those notes are fantastic! Some really good thoughts in there. It might be good to narrow down what the minimum pieces of data are for the initial hack at this, since we both now that specs are easier to grow than to shrink ;) And since it would be faster to get out. Then incremental additive changes could be driven by feedback (e.g. reported issues/feature requests). I could see the absolute minimum for an incident at this point being:
I agree that you might want an additional predicate to distinguish |
It might be that the way consumers report incidents is so varied that simpler is better here, and there's always |
I believe we also need to have a crisp definition of what an "incident" is. I believe there might be some gray areas there between incidents and issues/requirements. One example could be CVEs. Are they incidents? And what about a "request to step a 3pp" even if there is no CVE related to it? It could be a downstream user that argue that a 3pp should be stepped in the upstream application due to some misbehavior, but not really due to an "incident". How could we capture that? One way around it that could be to go for the GitHub and GitLab nomenclature and call all of them "issues". |
Thanks @menehune23 - yes, definitely I agree we should start small.
I would prefer to use the
+1 I was envisioning including a |
Thanks @e-backmark-ericsson for highlighting this, I agree there are grey areas and we should have a clear definition.
A CVE being exploited could be the root cause of an incident but I would not consider it an incident in itself.
I think I would prefer incidents to be separated from issues. An issue could be used to report an incident. |
@menehune23 you're very welcome to join the CDEvents WG if that is something of interest.
|
Ok, so "bugs" are not necessarily incidents either then, but could be used as a type on an issue reporting an incident potentially? |
@e-backmark-ericsson @menehune23 @erkist @salaboy I started detailing the new incident events in an hackmd - please let me know if you have comments. If we can get some agreement on this as a starting point, I'd be happy to create a PR for it. |
Introduce incident events. TBD: schema and README updates Partially-fixes: cdevents#59 Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
Introduce incident events. TBD: schema and README updates Partially-fixes: cdevents#59 Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
Introduce incident events. Partially-fixes: cdevents#59 Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
Introduce incident events. Partially-fixes: #59 Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
No description provided.
The text was updated successfully, but these errors were encountered: