Engineering Design - Secure - Composition Analysis - Metrics - Record Found License, and it's policy
Problem to solve
As part of our metrics, we need to record licenses, and what they identified as (allowed, denied, unknown).
If engineering believes this should be 3 issues we can break this into 3 issues (allowed, denied, unknown).
We also need to record what scanner it's associated with (licenses obviously, but this is going into an aggregate data store).
Work with telemetry @sid_reddy / @hilaqu on how to implement, we must implement and send to telemetry data store.
We should work closely with @matt_wilson to use the same scanner identifier as they do because we are combining metrics with theirs for our ratio.
Intended users
Internal GitLab team-members, like Product Management and Engineering
Proposal
Further details
Permissions and Security
We will send to the telemetry system, they will handle permissions
Documentation
We MUST document what we are recording, using what terms, and where we are sending it, and why, we need to ask telemetry team where this should be recorded. This is so that in the future it is easy for us to figure out what metrics we have, how / when they are captured, where they are sent.
Availability & Testing
What does success look like, and how can we measure that?
our metrics are available in the telemetry systems, we can make multiple dashboards (category, contributing data, stage), they can be aggregated across the stage into a north star metric.
Is this a cross-stage feature?
yes
Links / references
https://about.gitlab.com/direction/telemetry/#telemetry-guides