sovity · SebastianOpriel · Oct 30, 2024 · Oct 28, 2024 · Oct 28, 2024 · Oct 28, 2024
diff --git a/.github/ISSUE_TEMPLATE/epic_template.md b/.github/ISSUE_TEMPLATE/epic_template.md
@@ -13,6 +13,7 @@ assignees: ""
 
 ### Requirements
 <!-- Which requirements do you have to be fulfilled? -->
+<!-- Which security-related requirements must be satisfied? -->
 
 ## Work Breakdown
 <!-- If you already know what needs to be done, plase add a tasklist. -->
@@ -22,14 +23,18 @@ assignees: ""
 - [ ] Create Stories which can be converted into issues
 ```
 
+### Security Constraints
+<!-- Which constraints can be checked that must be covered by the work breakdown? -->
+- [ ] Final solution design has been challenged for security related topics
+
 ## Initiative / goal
 <!-- Describe how this Epic impacts an initiative the business is working on. -->
 
 ### Hypothesis
 <!-- What is your hypothesis on the success of this Epic? Describe how success will be measured and what leading indicators the team will have to know if success has been hit. -->
 
 ## Acceptance criteria and must have scope
-<!-- Define what is a must-have for launch and in-scope. Keep this section fluid and dynamic until you lock-in priority during planning. Please list your criteria below. -->
+<!-- Define what is a must-have for launch and in-scope (e.g. security-related tasks like successful pen-tests). Keep this section fluid and dynamic until you lock-in priority during planning. Please list your criteria below. -->
 
 ## Stakeholders
 <!-- Describe who needs to be kept up-to-date about this Epic, included in discussions, or updated along the way. Stakeholders can be both in Product/Engineering, as well as other teams like Customer Success who might want to keep customers updated on the epic project. -->

diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -31,4 +31,6 @@ assignees: ""
 - [ ] Fix the GitHub Projects Labels, Sprint and other Metadata
 - [ ] Refine a Solution Proposal / Work Breakdown
 - [ ] (For Tech Team): Include acceptance criteria for the sub-tasks of the work breakdown
+- [ ] Add security related tasks and checks
+- [ ] Final solution design has been challenged for security related topics
 ```
diff --git a/.github/ISSUE_TEMPLATE/process.md b/.github/ISSUE_TEMPLATE/process.md
@@ -2,7 +2,7 @@
 name: Refine Process Request
 about: Existing processes must be adapted or new ones created
 title: ""
-labels: "task/documentation"
+labels: ["task/refine-process","task/documentation"]
 assignees: ""
 ---
 

diff --git a/.github/workflows/add_issue_to_project.yml b/.github/workflows/add_issue_to_project.yml
@@ -7,10 +7,11 @@ on:
 
 jobs:
   add_issue_to_project:
+    if: "!(startsWith(github.event.issue.title, '[Zammad Ticket') && github.event.issue.user.login == 'sovitybot')"
     name: add_issue_to_project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/add-to-project@v0.5.0
+      - uses: actions/add-to-project@v1.0.2
         with:
           project-url: https://github.com/orgs/sovity/projects/9
           github-token: ${{ secrets.ADD_ISSUE_TO_PROJECT_PAT }}