MVC: Chain of custody report, list of commits
Problem to solve
Compliance-minded organizations need a way to show their internal teams or external auditors a holistic view of the components involved with any particular commit. Within GitLab, this means connecting all of the dots: MRs, issues, pipelines, security scans, and other data about a commit. Currently, piecing this information together has a large time and cost requirement either in digging through the GitLab application and/or building custom tooling to aggregate the information. There's no existing feature to programmatically collect and export this data to enable users to satisfy their internal or external auditing requirements.
- Sidney (Systems Administrator)
- The management stakeholders who adhere to any auditing process. To be defined in a new Compliance Persona
A common evidence artifact for many audits is a documented chain of custody for changes that made it into
production. Some organizations will also need this artifact for all environments or some combination of staging, production, test, etc.
- In the Compliance Dashboard, add a new button for Merge Commits Export
- This action should communicate that it will only download the most recent merge commits from the parent group, capped at 15 MB
- This should be a streaming download
The export should provide a CSV of all merge commits to the maximum 15MB file size limit.
|Merge Commit||Author||Merge Request||Merged By||Pipeline||Group||Project||Approver(s)|
Permissions and Security
This would be accessible only to
Group Owners and
Availability & Testing
What does success look like, and how can we measure that?
- Number of times this report is exported