Treat MR integration sources as unified Observability data (test, security, metrics, etc.) and provide correlation & focused views

Release notes

Problem to solve

CI/CD and Merge Requests provide different integrations to provide data important for reviews. This can be unit test reports, security scan results, and Observability metrics.

Data providers use a JSON format from different sources, and often we end up in information overload. What is important to fix or change during review? Are there correlations between these different report types, like influencing each other, or even hiding a much more invasive problem?

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Priyanka (Platform Engineer)
• Sidney (Systems Administrator)
• Sam (Security Analyst)
• Rachel (Release Manager)
• Alex (Security Operations Engineer)
• Simone (Software Engineer in Test)

User experience goal

Immediately see important review tasks or things to fix in the MR views, and reduce the mean-time-to-response (MTTR).

Proposal

The idea is to create a view of important things based on all sources, correlating data using a unified backend. For example, started in groupobservability https://about.gitlab.com/direction/monitor/observability/#unified-data-store

"You should fix this line of code, because it can create a security problem, and production metrics report a memory increase by 10%", or "The unit tests are repeatedly failing for this specific case when the DNS chaos experiments have run."

The full reports are valuable but should be hidden by default, thus providing a more focussed and reduced view that is important for reviews and/or incident handling.

Further details

We had a chat at Open Observability day at KubeCon NA, after my talk about "Confidence with Chaos for your Kubernetes Observability", which touches on the first steps with the Prometheus Operator, many dashboards and alerts out of the box, and how to reduce visible data to make the focus on the important problems even better. Slides: https://docs.google.com/presentation/d/1TBuBCxSnKssZ8SpJS1InGTZIUV_zPQrP5keEixKYC34/edit

The question was how to combine (Unit) test reports with Observability/Security data reports - to make developers see the important things in a combined view. And potentially use the same unified storage to consume the data via API and UI.

Permissions and Security

Documentation

Availability & Testing

Available Tier

TBD

Feature Usage Metrics

What does success look like, and how can we measure that?

TBD

What is the type of buyer?

Unified data store - Free. Advanced correlation and optimized data view for team review productivity - Ultimate.

Is this a cross-stage feature?

Yes, the backend storage DRI is groupobservability while test reports, and other reports come from different groups, ~"group::pipeline insights" ~"group::secure"

What is the competitive advantage or differentiation for this feature?

Treating test reports, security reports and Observability data the same, thus allowing more advanced correlation and asking unknown unknown questions.

Links / references

FYI @kbychu @sebastienpahl @jocelynjane

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.