Migrate compliance violations to using audit events
Problem to solve
Compliance report gives you the ability to see a group’s merge request activity. https://docs.gitlab.com/ee/user/compliance/compliance_report/
This currently uses its own database table called merge_requests_compliance_violations
, and is a seperate system to audit events https://docs.gitlab.com/ee/administration/audit_events.html#audit-events. This means that 2 systems need to be managed by the compliance group.
Proposal
Implement a new parameter in audit events called violation
which can be used to dictate whether the event is a violation (Critical, High, Medium, Low, Info). It could default to info
When a violation is triggered it sends an audit event and the Auditor service sends violation events to both streaming audit events and the violations table
Not only would this consolidate violations to the audit events system and all of the current and upcoming functionality, we can also added to streaming audit events and allow users to better create automation from the violations in real-time
Related links
- Completed violations Compliance report merge request violations fron... (&6870 - closed)
- Need to add violations Add additional compliance report violation types (&7774 - closed)