Group-level setting for default compliance framework to apply to new projects

This issue and linked pages contain information related to upcoming products, features, and functionality. It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes. As with all projects, the items mentioned in this video and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Release notes

Problem to solve

Today users set up compliance frameworks in their groups and apply them to projects. This allows them to segment which projects need additional controls and enforce compliance pipelines where applicable. However, users must manually add the frameworks to projects as they are created. This is time consuming to check when projects are made and to manually set the framework to apply.

Proposal

Provide a group-level setting to specify a default compliance framework that should be added to all newly created projects in the group. See attached design file for UX.

  • Note that there should be an option for None (or similar) to allow the user to not provide any default compliance framework if they do not wish to.

Design

image

List Set default Remove default
image image image

What is the type of buyer?

GitLab Premium

Implementation plan

database 2️⃣

  1. Add a migration to add default_compliance_framework (INT) as a new column to the namespace_settings table.

backend 3️⃣

  1. Update ee/app/services/ee/projects/create_service.rb so that whenever a new project is under a group and the group has set a default compliance framework then create a new ComplianceManagement::ComplianceFramework::ProjectSettings with project_id as the current project and framework_id = project.root_namespace.default_compliance_framework.id). We can define a method default_compliance_framework in group.rb as follows:
def default_compliance_framework
  default_compliance_framework_id = namespace_settings.default_compliance_framework
  ComplianceManagement::Framework.where(id: default_compliance_framework_id)
end
  1. Whenever a framework is deleted check if it is the default framework, in case it is then prevent the deletion and show an error message to the user.

frontend a big 3️⃣ / small 5️⃣

Related issue to update the list to match the designs: Compliance Framework – Update settings (#371013 - closed)

  1. Update the GraphQL query to also fetch the default status of each framework.
  2. Add a mutation to the list view to set the default attribute of a framework.
  3. Add an ellipses icon in a GlButton to the end of the actions.
  4. Move the delete action to the ellipses dropdown.
    • Note: Default frameworks cannot be deleted.
  5. Add an action for marking the framework as default when not default.
  6. Add an action for removing the default status of a framework when it is default.
  7. Update list_item.vue to display a GlBadge when the item is default.
  8. Update specs.
  9. Update documentation.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited by Jiaan Louw