Create a compliance status report for GitLab groups
Summary
This is a placeholder issue to document a vision item for groupcompliance.
In support of ~"Category:Audit Reports", GitLab should build a PDF-style report Cameron (Compliance Manager) can deliver to an executive within their organization.
This report should provide a high-level summary of a GitLab group (eventually instance) with key detail they need to drive internal decisions about their compliance programs, where to invest in these programs, gaps in their processes, etc. A few key compliance details that would make sense in this report:
- Compliance posture represented as a percentage relative to a compliance framework of their choosing
- Total number of policy violations across the group (to be defined later)
- Number of regulated projects with compliance oversight
- A mapping of GitLab settings to compliance controls, e.g. "MR approval rules - PCI X.YYY"
- Total number of security incidents
- Mean time to resolution for
High
andCritical
vulnerabilities
To be completed