Provide an API to manage compliance rules enforcement
Problem to solve
Large, compliance-minded organizations rely on many custom in-house tools and services to run their engineering departments, report on data and customize workflows that exactly match their needs. One element of this ecosystem is leveraging APIs to programmatically enforce compliance requirements, such as stopping deployments that match certain criteria.
Currently, GitLab does not provide a mechanism within the application to take automatic actions based on a rule set defined by the organization. This feature is also missing from the APIs that GitLab provides to control this behavior.
Intended users
- Sidney (Systems Administrator)
- The management stakeholders who adhere to any auditing process. To be defined in a new Compliance Persona
Further details
- An API-driven approach to rule definition and enforcement offers additional flexibility to compliance-minded organizations.
Proposal
Add an API that allows customers to manage compliance rules and the programmatic enforcement of those rules within their DevOps workflows.
Permissions and Security
Only admins
should be able to leverage this API. Ideally, this could be constrained to a service account/user/bot.
Documentation
Availability & Testing
What does success look like, and how can we measure that?
- Volume of API activity for this endpoint(s).