[Spike] - Determine the unit test coverage of Compliance features
Context
From this RCA 'What can be improved' https://gitlab.com/gitlab-org/govern/compliance/general/-/issues/74+
Ensure that Compliance related features have adequate unit and integration test coverage.
Scope
Investigate and document the unit test coverage of Compliance features.
List of compliance features
https://about.gitlab.com/handbook/product/categories/features/#governcompliance-group
Compliance Frameworks
- https://docs.gitlab.com/ee/user/group/compliance_frameworks.html
- https://www.youtube.com/watch?v=upLJ_equomw
- https://www.youtube.com/watch?v=PsgprvysGjI
Compliance Violation Report
Audit Event Report
- https://docs.gitlab.com/ee/administration/audit_events.html
- There are group/project and instance audit reports
Audit event streaming
- https://docs.gitlab.com/ee/administration/audit_event_streaming.html
- https://about.gitlab.com/blog/2022/06/27/use-streaming-audit-events-to-connect-your-technology-stack-with-gitlab-and-pipedream/
Auditor users
Compliance pipelines
External Status checks
Require JIRA issue before merging a
User and permissions report
Customizable system header and footer
Coming soon: Compliance Framework Report
Ideas
We can possibly use the simplecov gem to find the coverage for the files that are owned by the compliance group. We already use this gem in the undercoverage job.
References
Edited by Huzaifa Iftikhar