-
Notifications
You must be signed in to change notification settings - Fork 15
Minutes Of The Team Meeting
Purpose: This document provides a consistent and organized summary of our weekly DevSecOps team meetings, outlining key discussions, participants, decisions made, and follow-up actions. Its aim is to promote transparency, support accountability, and ensure alignment across the team’s ongoing efforts.
Scope & Accessibility: Meeting summaries will be regularly documented and added to the Wiki section of the project repository. These records will remain publicly accessible to encourage collaboration and maintain visibility into team progress.
Date & Time: Friday (Weekly) - 04:30 PM PST - Pacific Time (USA)
Attendees: Rao, Varunprakash, Rajas, Charvitha, Monica
Topics Discussed: Reviewed the project tracker, updated outstanding issues, and accurately categorized them for improved tracking and resolution.
Action Items: [List of action items with assigned owners and deadlines, if applicable]
Meeting - 09/11/2025
Date & Time: September 11, 2025 – 4:00 PM PT
Attendees:
Anisha Kaul, Divya Tanwar, Krishna Chaitanya, Rohit Ganesh, Sai Putha, Aishwarya Jadhav, Anmol Bhatta, Shweta Badagu, Ashirwad Srivastava, Nolan Serrao, Harshitha Gavvala, Sathya Gundla, Mohammad Nadeem, Rakesh Vasa
-
CI/CD Pipeline Prioritization:
- All CI/CD pipeline issues are now considered P0 priority.
- Nolan picked up one of the CI/CD issues during the call.
- Divya shared a reference link in GitHub which Anisha updated in the tasks.
- Contributors encouraged to work in groups of 2–3 for faster resolution.
- Anisha will update backlog issues to reflect new tasks.
-
Lambda Layer Standardization:
- Standardization required to group similar Python versions where possible, separate others as needed.
- Coordination with WebApp team will be necessary for smooth implementation.
-
Security & IAM Access:
- Krishna was provided temporary IAM access to check Cognito logs.
- Decision made to grant temporary IAM access instead of full PowerUser privileges going forward.
- Anisha to adjust access groups accordingly.
-
CloudWatch Integration:
- Need to ensure CloudWatch connection to capture metrics effectively.
- Implement a metrics cap if required.
-
Infrastructure as Code (IaC):
- Blocker: No response from Open Source team regarding free Pulumi access.
- Nolan following up; plan to wait another week before exploring alternatives.
-
Onboarding & Documentation:
- Anisha collaborating with Product PM to improve onboarding with orientation issues for new volunteers.
-
Issue #39: Documentation for onboarding
- Frontend documentation completed.
- Backend documentation pending — Nanditha assigned.
- Backend systems to document: DynamoDB, Aurora, Redis, Route 53, Cognito, Lambda, S3, API Gateway, CloudWatch.
- Nanditha to sync with Anmol and Ashirwad for context and updates.
-
Playwright Testing:
- Playwright test status set to Testing so QA can validate before deployment.
-
Anisha:
- Update backlog with new CI/CD tasks.
- Adjust access groups to grant temporary IAM access where needed.
- Create new issue for onboarding process.
-
Divya:
- Shared reference documentation (link already updated in GitHub tasks).
-
Nolan:
- Continue follow-ups on Pulumi free access for another week.
-
Krishna:
- Use temporary IAM access to complete Cognito security checks.
-
Nanditha:
- Complete backend documentation for Issue #39 and sync with Anmol + Ashirwad.
-
Ashirwad:
- Assist Nanditha with backend documentation for Issue #39.
-
Rohit:
- Move Playwright testing issue status to “Testing” for QA handoff.
Meeting - 08/28/2025
Date & Time: Thursday (Weekly) - 4:00 PM PT (28th August 2025)
Attendees: Anisha Kaul, Sathwik, Rakesh Vasa, Sathya Gundla, Pavan Pallapu, Rohit Ganesh, Anmol Bhatta, Rugved
Topics Discussed:
- Issue #44 (PR created by Rohit & Sathya): Discussed the process for reviewing and getting the code accepted into the test branch. Additional help required from Rao and Leif — Rohit and Anisha will reach out.
- Cost issues: Revisited the ongoing AWS cost concerns. Anmol reiterated the importance of using only our existing VPCs.
- Issue #46: Rakesh is currently working on this after successfully finishing Issue #37; team waiting to see how to close it out.
- Issue #43: Reopened due to errors seen after initial closure. Sathwik is in contact with Arjun to help resolve and close it.
- Team engagement: Discussed the need to engage more members in the DevSecOps group to have more capacity for issue resolution.
Action Items:
- Anisha to reach out to Leif and Rao for clarity on how to close issues in the DevSecOps team. Scrum calls are also a place to raise such concerns.
- Issue #49 identified as a high-priority issue (AWS cost increases) and requires more contributors.
- Issue #51 Uzair to reach out to Anmol to figure out CloudWatch access issues.
- Reminder: The only networks we use are in Virginia or Ireland regions. All other VPCs will be deleted. Within those regions, only saayam-vpc should be used.
- New volunteers should be onboarded to take up older issues like Issue #1 and Issue #5, which are on the In-Progress board but haven’t moved in over a month.
Meeting - 08/21/2025
Date & Time: Thursday (Weekly) - 4:00 PM PT (21st August 2025)
Attendees: Rao, Varunprakash, Anisha, Anmol, Nandhiniumesh, Rohit, Sathya, Asmita, Krishna, Mohammed Kaleem, Rakesh Vasa
Topics Discussed:
- With Varun offboarding, new points of contact will be the Project Managers (PjMs) and Product Managers (PMs). New onboardees should reach out to these members for queries.
- Reviewed the current architecture of the DevSecOps system, including AWS systems being split across Europe and the US. Highlighted the need to handle data differently due to data privacy rules like GDPR.
- Introduced Pulumi and the concept of Infrastructure as Code (IaC) for consistent instance duplication. PjMs and PMs are seeking members with Pulumi experience or interest in learning it.
- Emphasized the need for DevSecOps members to follow consistent nomenclature aligned with standard practices, and to encourage other members to do the same.
Action Items:
- PjM is looking for 2 members with SonarQube experience to work on Issue #47.
- PjM is also looking for 2 members to take up Issue #49 related to IAM on AWS using scripts (Python, Boto3, or AWS CLI).
- All members should update the Kanban board appropriately:
- In Progress → Issues you are actively working on (including pre-readings).
- Blocked → Issues where you need support.
- To Do → Leave only if you are not actively working on the task.
Meeting - 08/18/2025
Date & Time: Monday (Weekly) - 4:00 PM PST (18th August 2025)
Attendees: Anisha, Mrunali, Rao, Varun, Sai Charan, Bharath, Sai Srenivas, Devansh, Miloni, Aditya, Samanvitha, Sindhu, Shubh, Md Ishar, Srijith, Leif
Topics Discussed:
- New volunteer onboarding: Rao led a discussion to help new members understand the current architecture of the Saayam system.
- DevSecOps focus areas: Broke down into three parts — Build, Infrastructure, and QA.
- Explanations given: Pulumi, SonarQube (SAST/DAST), and GitHub Actions were explained at a high level for the benefit of new members.
- Test/Dev: Discussed S3 → Lambda functions integration.
- Build support: Need for a new wiki page covering repo name, programming language, and pending issues.
- PMs poll: Sai Radey and Bharath volunteered to help with coordination.
- QA: Leif to work with WebApp’s QA team; documentation to be routed to DevSecOps.
Action Items:
- Create a new wiki page for build support details.
- PjMs to follow up with members to accurately understand the status of each issue.
Meeting - 08/14/2025
Date & Time: Thursday (Weekly) - 4:00 PM PST (14th August 2025)
Attendees: Anisha, Varunprakash, Anmol, Samanvitha, Rohit, Sathya, Harshitha, Rakesh
Topics Discussed:
- Reviewed the project tracker.
- Issue #40: Worked on resolving access issues and clarifying instance usage.
- Issue #49: Discussed automating the removal of access for users inactive for over 100 days.
- Some access issues were identified and resolved during the call.
- An additional issue from the WebApp team was raised and redirected to a WebApp team member for further clarification.
Action Items:
- Issue #44: Rohit and Sathya to work together on this item (assigned earlier in the week).
- All major access issues resolved during the meeting.
- No significant blockers identified beyond the resolved access issues.
Meeting - 07/25/2025
- 07/25/2025 | 04:30PM PST
- Charvitha
- Rao
- Varun
- Monica
- Rajas
- Rugved
- Rohit
- The meeting discussed the high-level architecture of the infrastructure, which spans two AWS regions: Virginia and Ireland, with environments including dev, QA, staging, and production. Emphasis was placed on the importance of using Pulumi scripts for infrastructure as code, particularly for database instances. The team is transitioning from GitHub Actions to GitHub compute for build processes due to Netlify's build time limits. SonarQube is being used for static application security testing. Task assignments were reviewed, including those for build support, SonarQube integration, and collaboration with the QA team. The team was advised to maintain a mix of USA and India engineers for 24/7 support.
- Assign a task to Arjun Pati to update the GitHub Actions for the web app repository to use GitHub's compute resources instead of Netlify.
- Monica to Create a table on the wiki page with details on the build support, test support, and code coverage for each repository and branch.
- Check with Siva and others on the progress of integrating SonarQube and the status of SAST and DAST coverage.
- Varun and Nanditha Design a form to collect ID proofs from users who are granted admin access to GitHub or AWS, and store the information in a secure S3 bucket.
- Rakesh and Varun to Collaborate with the QA team to integrate their test automation scripts into the build process and generate code coverage.
Meeting - 07/18/2025
- 07/18/2025 | 04:30PM PST
Charvitha Kota
- Charvitha
- Rao
- Varun prakash
- Rajas
- Monica
- Rugved
- Introduction of new members
- Overview of DevSecOps goals & responsibilities
- Wiki and documentation practices
- DevSecOps CI/CD architecture using GitHub Actions
- Tools in use: GitHub, Netlify, SonarQube, AWS S3, Route53, Netigrity
- MVP 0.5 hosting plan
- Static Application Security Testing (SAST)
- Code coverage expectations and practices
- SonarQube EC2 setup
- Overview of DevSecOps concepts for new members
- How the CI/CD pipeline works (test → dev → main)
- GitHub Actions vs Jenkins
- Hosting infrastructure and flow for web and mobile apps
- Code coverage tools for JavaScript (React) and Java
- Difference between web app and mobile app delivery
- Understanding SAST integration (SonarQube)
- Transition deployment from Netlify to AWS S3 for MVP 0.5
- Enforce code coverage and security testing across all repos
- Maintain descending order of meeting notes in the wiki
- Formalize access request tracking using GitHub Issues
- Limited compute resources with free-tier services like Netlify
- Ensuring uniform SAST and test coverage across multiple microservices
- Manual management of access requests (Google Form)
- Low QA representation in DevSecOps discussions
- Monica & Rugved to support SonarQube integration
- Rashmi to assist in AWS S3 bucket access
- Charvita & QA team to collaborate on test automation
- Varun to manage access and transition request tracking
- Update GitHub Actions for test/dev/main
- Add SonarQube into CI pipelines
- Move meeting notes into separate wiki pages
- Create GitHub Issues page for DevSecOps access requests
- Improve documentation around architecture and build
- Use SonarQube Community Edition for SAST
- Host final production build on AWS S3 with Route53
- Use GitHub Issues for access request management
- Maintain 80–90% code coverage minimum per repo
Meeting - 05/13/2025
- 05/13/2025 | 03:00PM PST
Aditya Bhinge
- Aditya Bhinge
- Rao
- Varunprakash
- Divya
- Rajas
- Harshitha
-
Reviewed the project tracker and moved issues according to their statuses
-
Onboarded new members by making them understand about their roles and responsibilities and assigned them tasks
-
Discussion on Pulumi scripts to switch regions to Virginia and Ireland based on need.
-
Questions were answered by Rao on various topics such as architecture, console, Pulumi scripts, and resource consumption.
-
A demo was given by Rao explaining the behind-the-scenes processes and architecture of the new user login/signup page.
-
Next Steps: Clean current issues and decide next area of contribution next week.
- ML repo progress halted due to incomplete Unit testing from ML team
-
Varun to create documentation about all the policies and services to be created
-
Dhruva to work with Harshitha and Sam on issue#27
-
Divya to connect with Sugandha to resolve issues in file for code coverage
Meeting - 05/06/2025
- 05/06/2025 | 03:00PM PST
Aditya Bhinge
- Aditya Bhinge
- Sam
- Varunprakash
- Divya
- Rajas
- Harshitha
-
Reviewed the project tracker and moved issues according to their statuses
-
Onboarded new members by making them understand about their roles and responsibilities and assigned them tasks
-
Next Steps: Clean current issues and decide next area of contribution next week.
-
Delays in approvals of access for IAM permissions
-
Issues in file for code coverage
-
Varun to assign IAM permissions to all resources
-
Sam and Harshitha to work on creating CI Pipeline for ML repo
-
Divya to connect with Sugandha to resolve issues in file for code coverage
Meeting - 04/29/2025
- 04/29/2025 | 03:00PM PST
Aditya Bhinge
- Aditya Bhinge
- Sudarshan
- Varunprakash
- Divya
- Bharath
-
Reviewed the project tracker and moved issues according to their statuses
-
Facilitated discussion how to create your own branch to push code to the repository
-
Additionally it was also discussed on how to test code in the repository directly
-
Everyone presented their work(code and its functioning)
-
Rearrangement of permissions and creation of more user jobs for specific services
-
Next Steps: Clean current issues and decide next area of contribution next week.
- Minor bugs in the code, which would be fixed soon
-
Sudarshan to deploy his code into the repository by today EOD
-
Bharath to perform testing of the code by this week
-
Divya to connect with ML team for unit testing understanding for the ML repo
Meeting - 04/22/2025
- 04/22/2025 | 03:00PM PST
Aditya Bhinge
- Aditya Bhinge
- Krishnakanth
- Varunprakash
- Rajas
-
Reviewed the project tracker and moved issues according to their statuses
-
Rajas presented a demo of the pulumi automation scripts, where how a user can perform manipulation using Create, edit and delete scripts through AWS console without the need of Access
-
Provided an overview of the team structure and responsibilities to new joiner Varunprakash, introducing him to the ongoing initiatives of the DevSecOps team.
-
Next Steps: Clean current issues and decide next area of contribution next week.
-
Sudarshan and Krishnkanth are curently stuck with creation of CD pipeline for the Mobile App Repository
-
Rajas facing issue with gaining the access key from the AWS IAM Admin Account
-
Sudarshan and Krishnakanth will have a meeting with Divya to solve the issue with creation of CD pipeline for the Mobile App repository
-
Rajas to contact Mr. Rao as he is the only one to have access for the AWS IAM Admin Account
-
Rajas would also resolve the bugs and create a demo video recording of his work and post in the group for everyone's understanding.
Meeting - 04/15/2025
- Aditya, Divya, Sudarshan, Rajas, Bharath, Ganesh.
- Assigned project-specific tasks to newly onboarded team members.
- Facilitated a discussion to address ongoing issues reported by team members, with a focus on resolving blockers and maintaining project momentum.
- Divya is currently still working on developing a pulumi script for issue 8 and has started working on the new AI repository
- Sudarshan has no issue assigned currently as he is still learning about CI pipeline's commands through tutorials.
- Rajas is almost done with the issue number 10 and will need access to AWS to test out his script for Saayam's AWS users.
- Ganesh has joined today and needs Github access, post which he would be working on the ML repository.
Meeting - 04/08/2025
- Aditya, Divya, Sudarshan, Krishnakanth, Rajas, Sam.
- Assigned project-specific tasks to newly onboarded team members.
- Facilitated a discussion to address ongoing issues reported by team members, with a focus on resolving blockers and maintaining project momentum.
- Divya is developing a Pulumi script to provision an AWS Lambda function for the Volunteer repository.
- Sudarshan and Krishnakanth are collaboratively working on implementing a CI pipeline for the Request Microservices repository.
- Rajas is creating an automation script and is currently troubleshooting a bug related to location creation. Divya will share two instructional videos that address the issue.
- Sam is working on automation for the Volunteer repository and has a query regarding SonarQube integration.