2020-10-05 - Triage report for "group::compliance"
Hi, @mattgonzales @djensen @dennis @aregnery @mikelong
This is a group or stage level triage report that aims to summarize the feature proposals and bugs which have not been scheduled or triaged. For more information please refer to the handbook:
Scheduling the workload is a collaborative effort by the Product Managers and Engineering Managers for that group. Please work together to provide a best estimate on priority and milestone assignments. For each issue please:
- Determine if the issue should be closed if it is no longer relevant or a duplicate.
- If it is still relevant please assign either a best estimate versioned milestone, the %Backlog or the %Awaiting further demand milestone.
- Specifically for ~bug, if there is no priority or clarity on a versioned milestone, please add a Priority label. Priority labels have an estimate SLO attached to them and help team members and the wider community understand roughly when it will be considered to be scheduled.
- Once a milestone has been assigned please check off the box for that issue.
- Please work with your team to complete the list by the due date set.
Feature Proposal Section
For the following feature proposals. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.
Unscheduled feature with customer
-
#239349 (closed) Instance-level MR approval settings are blocking editing project approval rules Category:Compliance Management, Enterprise Edition, GitLab Premium, Next Up, Technical Writing, UI text, backend, customer, devopsmanage, feature, groupcompliance, priority2, sectiondev, twdoing, workflowplanning breakdown -
#238218 (closed) Chain of Custody Report - User feedback for iteration 2 ~"Category:Audit Reports", Enterprise Edition, GitLab Ultimate, backend, customer, devopsmanage, ~"enhancement", feature, frontend, groupcompliance, sectiondev -
#235616 (closed) Make the process of associating a Jira issue with a merge request more clear and reliable Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, atlassian, customer, devopsmanage, feature, frontend, groupcompliance, priority1, sectiondev, workflowplanning breakdown -
#234740 Add Secure Functionality to Auditor Role Secure UXCompliance & Auditing, customer, devopssecure, feature, groupcompliance -
#230932 (closed) Ability to modify user access level via users API customer, devopsmanage, feature, groupcompliance, sectiondev -
#225352 Allow Access to Project Information via CI_JOB_TOKEN api, customer, devopsmanage, feature, groupcompliance, sectiondev -
#207539 (closed) GitLab integration with Netskope Alliances, customer, ~"devops::defend", feature, groupcompliance -
#39139 (closed) Display project deletion in group audit event log Enterprise Edition, GitLab Starter, backend, customer, devopsmanage, feature, groupcompliance, missed-deliverable, missed:12.9, priority2, sectiondev, severity4, workflowblocked -
#26383 (closed) Transfering groups does not warn in the same way than transfering projects does ~"Category:Subgroups", customer, devopsmanage, feature, frontend, groupcompliance, sectiondev, workflowdesign -
#20603 (closed) Feature Request: Activity log should contain changes to project/group settings Manage [DEPRECATED], UX, backend, customer, devopsmanage, feature, groupcompliance, priority4, sectiondev, security, severity4, user profile
Unscheduled feature (non-customer)
-
#260380 (closed) Bring Audit Events CSV export to groups and gitlab.com Category:Audit Events, Enterprise Edition, GitLab Premium, backend, devopsmanage, feature, groupcompliance, sectiondev, workflowplanning breakdown -
#257890 (closed) Add 'Push events' sub-nav item under 'Audit Events' Category:Audit Events, UX, devopsmanage, feature, frontend, groupcompliance, sectiondev, workflowproblem validation -
#255340 (closed) Add ability to create/edit/assign compliance frameworks Category:Compliance Management, GitLab Ultimate, backend, devopsmanage, feature, groupcompliance, priority1, sectiondev, workflowblocked -
#254822 Add credential inventory widget to admin dashboard Category:Compliance Management, UX, devopsmanage, feature, groupcompliance, sectiondev -
#254817 (closed) Provide a regular email digest for the Compliance Dashboard to group owners Category:Compliance Management, devopsmanage, feature, groupcompliance, sectiondev -
#254655 (closed) Remove deprecated scss files for audit controls Category:Audit Events, devopsmanage, feature, ~"feature::maintenance", frontend, groupcompliance, sectiondev -
#254389 (closed) Add 'compliance pipeline configuration location' value to custom compliance framework labels Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, devopsmanage, feature, groupcompliance, priority1, sectiondev, workflowdesign -
#250663 (closed) Add audit event for downloading CI artifacts Category:Audit Events, backend, devopsmanage, feature, groupcompliance, sectiondev -
#250480 (closed) Optional enforcement of SSH key expiration Category:Compliance Management, Enterprise Edition, GitLab Premium, backend, devopsmanage, feature, featureaddition, groupcompliance, priority3, sectiondev, workflowscheduling -
#249563 (closed) Remove usages of dropdown-menu-close from specs and QA tests Category:Code Testing and Coverage, Icon, backend, devopsverify, feature, ~"feature::maintenance", frontend, groupcompliance, sectionops -
#249243 Add additional audit event detail to user access report ~"Category:Audit Reports", Enterprise Edition, devopsmanage, feature, groupcompliance, sectiondev -
#247943 (closed) Add Lock/Unlock feature to specific approval rules in group-level MR approval rules settings Category:Compliance Management, Next Up, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247942 (closed) Add Allow/Disable override dropdown selection to group-level MR approval rules Category:Compliance Management, Next Up, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247941 (closed) Add Compliance framework(s) dropdown selection to group-level MR approval rules Category:Compliance Management, Next Up, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247921 (closed) Add inheritance dropdown selection to group-level MR approval rules Category:Compliance Management, Next Up, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247905 Add Approval rules to group level Category:Compliance Management, Next Up, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247904 (closed) Add Require user password to approve to group level Category:Compliance Management, Next Up, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247903 (closed) Add Prevent approval of merge requests by merge request committers to group level Category:Compliance Management, Next Up, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247901 (closed) Add Remove all approvals in a merge request when new commits are pushed to its source branch to group level Category:Compliance Management, Next Up, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247900 (closed) Add Prevent approval of merge requests by merge request author to group level Category:Compliance Management, Next Up, backend, database, devopsmanage, feature, frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown -
#247640 Extend AuthenticationEvent to be an extension of AuditEvent Category:Audit Events, devopsmanage, feature, ~"feature::maintenance", groupcompliance, sectiondev -
#247515 (closed) The SSH Key page at /profile/keysshould mention that expired keys only cause warnings and will continue working Next Up, Technical Writing, UI text, devopsmanage, feature, groupcompliance, priority3, sectiondev, workflowdesign -
#247513 Audit log for CI/CD variables. Protected variable viewed event devopsmanage, feature, groupcompliance, sectiondev -
#247102 (closed) Move list/revoke your own PATs to Core Category:Compliance Management, GitLab Core, backend, devopsmanage, feature, groupcompliance, priority2, sectiondev, workflowscheduling -
#246802 (closed) Add $CI_PROJECT_CONFIG_PATH as a predefined environment variable Next Up, backend, blocked, devopsmanage, feature, groupcompliance, priority1, sectiondev, workflowplanning breakdown -
#245307 (closed) [Audit log] Track login events separately from AuditEvents backend, devopsmanage, feature, groupcompliance, sectiondev, ~"technical debt", workflowproblem validation -
#244353 (closed) Use custom compliance project labels to define standard project settings Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, feature, groupcompliance, sectiondev, workflowproblem validation -
#243836 (closed) Add Runner Token to Credential Inventory Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, devopsmanage, feature, frontend, groupcompliance, priority3, sectiondev, workflowdesign -
#243833 (closed) Add Project Access Tokens to Credential Inventory Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, devopsmanage, feature, frontend, groupcompliance, priority3, sectiondev, workflowdesign -
#243825 Add Deploy Tokens to the Credential Inventory Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, devopsmanage, feature, frontend, groupcompliance, priority3, sectiondev, workflowdesign
Unscheduled UX Debt Issues
-
#231382 (closed) Match Project Pending Removal Behavior to Groups UX debt, devopsmanage, groupcompliance, sectiondev, severity4
Bug Section
For the following bugs. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone and ensure that a priority label is set.
- Engineering Managers: Please add a severity label for those issues without one
- Product Designers: Please add a severity label to UX ~bug issues without one
Heatmap for all bugs
Bugs for their priority and severity label are counted here. Every bug should have severity and priority labels applied. Please take a look at the bugs which fall into the columns indicating that the priority or severity labels are currently missing.
| severity1 | severity2 | severity3 | severity4 | No severity | |
|---|---|---|---|---|---|
| priority1 | 0 | 0 | 0 | 0 | 0 |
| priority2 | 0 | 1 | 0 | 0 | 0 |
| priority3 | 0 | 0 | 0 | 0 | 0 |
| priority4 | 0 | 0 | 0 | 1 | 0 |
| No priority | 0 | 0 | 8 | 3 | 1 |
Unscheduled frontend ~bug (non-customer)
-
#230454 (closed) Admin page tabs overflow and become unusable on small displays UX, ~"bug", devopsmanage, frontend, groupcompliance, sectiondev, severity4
Unscheduled ~bug with customer
-
#259159 (closed) Group Level Audit Logging shows incorrect IP address when SAML actions affect user permissions Category:Compliance Management, backend, ~"bug", customer, devopsmanage, groupcompliance, sectiondev -
#254954 (closed) Pages access level change incorrectly named in Audit Events Category:Audit Events, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3, workflowscheduling -
#213578 (confidential) ~"(confidential)"
Unscheduled ~bug (non-customer)
-
#251151 (closed) Handle group deletion when access level of deleting user changes backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3 -
#246618 (closed) HIPAA audit template logging activity for March 26, 2020 after creation UX, backend, ~"bug", devopsmanage, groupcompliance, priority4, sectiondev, severity4, workflowscheduling -
#237843 (closed) typos when deleting a project repository ~"bug", devopsmanage, groupcompliance, sectiondev, severity4 -
#225550 (closed) Saving HTML/Ruby in AuditEvent details "custom_message" backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity4, workflowproblem validation
Heatmap for ~missed-SLO bugs
| severity1 | severity2 | severity3 | severity4 | No severity | |
|---|---|---|---|---|---|
| priority1 | 0 | 0 | 0 | 0 | 0 |
| priority2 | 0 | 1 | 0 | 0 | 0 |
| priority3 | 0 | 0 | 0 | 0 | 0 |
| priority4 | 0 | 0 | 0 | 0 | 0 |
| No priority | 0 | 0 | 0 | 0 | 0 |
This is a group level triage report that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook:
If assignees or people mentioned in this individual triage report need to be amended, please edit group-definition.yml.