Add a 'regulated' setting to compliance frameworks for compliance management and reporting
Problem to solve
In %12.10 we introduced compliance framework labels for projects to help customers delineate between regulated and non-regulated projects. This is a way for customers to provide a passive notice to users in their groups and projects about a project's special requirements, but it also allows GitLab to provide specific reporting or settings inheritance for only projects with these compliance requirements.
Currently, there's no way to support organizations who wish to enforce settings using the paradigm established in #213601 (closed), but who may not comply with specific frameworks or frameworks currently supported in GitLab.
Intended users
User experience goal
Cameron should be able to navigate to a group and toggle a compliance framework that identifies as regulated
, which would then enforce settings like Merge Request approvals in Projects using that compliance framework.
Proposal
Note: The form this is being added to is available on GitLab Premium, this control is only available for GitLab Ultimate
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Implementation
Estimated weight 3
:
- Add the
regulated
field to theComplianceFrameworks
type
- Update the read & modify queries to include
regulated
- Add the setting to the compliance label to the
form
#287827 (closed) usingGlButtonGroup