Add a 'regulated' setting to compliance frameworks for compliance management and reporting

Problem to solve

In %12.10 we introduced compliance framework labels for projects to help customers delineate between regulated and non-regulated projects. This is a way for customers to provide a passive notice to users in their groups and projects about a project's special requirements, but it also allows GitLab to provide specific reporting or settings inheritance for only projects with these compliance requirements.

Currently, there's no way to support organizations who wish to enforce settings using the paradigm established in #213601 (closed), but who may not comply with specific frameworks or frameworks currently supported in GitLab.

Intended users

Cameron (Compliance Manager)

User experience goal

Cameron should be able to navigate to a group and toggle a compliance framework that identifies as regulated, which would then enforce settings like Merge Request approvals in Projects using that compliance framework.

Proposal

Note: The form this is being added to is available on GitLab Premium, this control is only available for GitLab Ultimate

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Implementation

Estimated weight 3:

backend

Add the regulated field to the ComplianceFrameworks type

frontend

Update the read & modify queries to include regulated
Add the setting to the compliance label to the form #287827 (closed) using GlButtonGroup

Links / references

Edited Feb 16, 2021 by Austin Regnery