15.3 Planning for Compliance

This issue and linked pages contain information related to upcoming products, features, and functionality. It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes. As with all projects, the items mentioned in this video and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Once moved out of draft, update the kickoff issue

Table of Contents

Boards

Different boards we use for planning and organization

Capacity notes

  • Milestone runs from 2022-07-22 to 2022-08-22

Capacity by team member

  • Rob - 6w
  • Huzaifa - 2w
  • Max - 9w
  • Harsimar - 7w
  • Jiaan - 4w
  • Michael - 4w

Objectives & Themes

Product prioritized typefeature list

  1. Any %15.2 carry-over
    1. https://gitlab.com/groups/gitlab-org/-/epics/7611+
      1. Consider the tasks active in this coverage issue
    2. Specific event shortlist to add event type info... (gitlab-org&8118 - closed)
    3. Add event type information for all streaming au... (gitlab-org&8057 - closed)
    4. UI screens to specify custom HTTP headers for s... (gitlab-org&7975 - closed)
    5. Optimize compliance violations query (gitlab-org/gitlab#363357 - closed)
    6. Handle missing gitlab-ci.yml files using compli... (gitlab-org/gitlab#364131 - closed)
    7. 🔍 New Audit Event: Custom HTTP headers changed fo... (gitlab-org/gitlab#366350 - closed)
  2. New feature work
    1. MVP filter violations by all branches or all pr... (gitlab-org&7916 - closed)
      1. 3️⃣ [Backend] Filter compliance violations by all p... (gitlab-org/gitlab#358412 - closed)
      2. 1️⃣ [Frontend] Allow filtering compliance violation... (gitlab-org/gitlab#358414 - closed)
    2. 2️⃣ Allow user to specify verificationToken value a... (gitlab-org/gitlab#360813 - closed)
    3. 3️⃣ Generate chain of custody CSV reports asyncrono... (gitlab-org/gitlab#342594 - closed)
    4. 2️⃣ [Chain of Custody Report] Expand the scope from... (gitlab-org/gitlab#267601 - closed)

Engineering prioritized typemaintenance list

  1. Any %15.2 carry-over
    1. 1️⃣ Migrate deletion adjourned period after admin s... (gitlab-org/gitlab#363858 - closed)
    2. 1️⃣ Add new inactive project params to application ... (gitlab-org/gitlab#358777 - closed)
  2. New maintenance work.
Issue Priority Weight Discipline
Don't create audit events when there is no change (gitlab-org/gitlab#365896 - closed) in workflowplanning breakdown TBA TBA backend
Define compliance code owner rules (gitlab-org/gitlab#359376 - closed) P2 1 * backend frontend
Update status checks widget screenshots in docu... (gitlab-org/gitlab#366323 - closed) P3 1 frontend documentation
Remove streaming_audit_event_headers feature flag (gitlab-org/gitlab#366524 - closed) P3 1 backend

* This is a nominal weight to represent groupcompliance's assistance in refining the pattern for code owners.

Quality prioritized typebug list

LINKED_ISSUE_TITLE BUG_AGE SEVERITY_TAG PRIORITY_TAG MILESTONE_TITLE
Content injection via `Status checks` widget in... (gitlab-org/gitlab#367408 - closed) sev 2 prio 2
Sometimes the chain of custody report returns an empty CSV 7 severity 2 priority 2
Group Level Audit Logging shows incorrect IP address when SAML a 638 severity 3 priority 2
Compliance pipelines do not expand .extends blocks before incl 335 severity 3 priority 2
Filter bar missing for developers in audit events 244 severity 3 priority 2
audit_json.log does not contain all audit events 43 severity 3 priority 2
Compliance report does not always show properly... (gitlab-org/gitlab#367675 - closed) 1 severity 3 priority 2
Missing group audit log when project is added to existing group 1031 severity 3 undefined Backlog

Deferred Items

Deferred items from previous and the current milestone

Consider moving to following iteration and/or moving to workflow::scheduling

From %15.2 (consider moving to following iteration and/or moving to workflow::scheduling)

From this milestone (consider moving to following iteration and/or moving to workflow::scheduling)

Release Post Items

Status Issue Release Post MR
RP is Ready , need to confirm what the feature will ship in Add event type information for all streaming au... (gitlab-org&8057 - closed) Draft: Release post item: Event type informatio... (gitlab-com/www-gitlab-com!105376 - closed)
RP is Ready [Feature flag] Rollout of `project_approval_rul... (gitlab-org/gitlab#364091 - closed) Release post for all protected branches MR appr... (gitlab-com/www-gitlab-com!102853 - merged)
Not likely to make 15.3 MVP filter violations by all branches or all pr... (gitlab-org&7916 - closed) Release post item: Filter for all protected bra... (gitlab-com/www-gitlab-com!103826 - closed)
RP is Ready UI screens to specify custom HTTP headers for s... (gitlab-org&7975 - closed) Release post item: Custom HTTP headers UI for s... (gitlab-com/www-gitlab-com!108460 - merged)
RP is Ready New Audit Event: Custom HTTP headers changed fo... (gitlab-org/gitlab#366350 - closed) Release post item: Audit event for custom http ... (gitlab-com/www-gitlab-com!108465 - merged)
Did not make 15.3 Allow user to specify verificationToken value a... (gitlab-org/gitlab#360813 - closed) Release post item: Custom verification token fo... (gitlab-com/www-gitlab-com!108825 - merged)
RP is Ready [Chain of Custody Report] Expand the scope from... (gitlab-org/gitlab#267601 - closed) Release post item: Chain of Custody Report for ... (gitlab-com/www-gitlab-com!108824 - merged)
Edited by Sam Kerr