Allow user to add and edit license policies
#14061 (closed)
blocked byProblem to solve
Follow up to: #14061 (closed). Policy tab was added, but maintainer is unable to edit/add policy from the policies section.
Context: This issue is based on discovery work done in https://gitlab.com/gitlab-org/gitlab-ee/issues/12941. We now have a dedicated license compliance section, that shows licenses detected in a project per the license scan. Currently, adding a license and classification policy is done in Project>Settings>CI/CD>License Compliance. This means the licenses detected are visible to all users, but the policies are not (unless a newly detected license appears in an MR).
Intended users
- Compliance Role wants to see that they are following policies that have been set, edit policies as needed, and set policies for unclassified licenses.
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Sam (Security Analyst)\
- Legal and/or person responsible for orgs compliance
Further details
- Upon completion of this MVC, the former LC section located in settings > CI/CD > LC will be removed
- Next MVC will be to allow user to apply a policy to a license already detected in the project #33870 (closed)
Proposal
Maintainer UI | Adding license and policy |
---|---|
Permissions and Security
- Developer view may view policies, but can't adjust them
- Maintainer may view/add/edit/delete policies
- Public projects policy section is not visible to non-project participants (#33659 (closed))
Documentation
- License compliance foundations document
- Updated classification names issue #12937 (closed)
- Update docs https://docs.gitlab.com/ee/user/application_security/license_compliance/#project-policies-for-license-compliance with additional way to see policies
Testing
TBD
What does success look like, and how can we measure that?
- User navigates to this section when tasked with adding a license policy
- User is able to successfully add a license policy
What is the type of buyer?
Links / references
- Discovery issue: #12941 (closed)
- Question for scoping: can #12685 (closed) be captured by this issue or should it be separate?
Implementation Plan
UX
Backend - person
Frontend - person
Documentation - person
@NicoleSchwartz
Product Management -This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.