Move Group.projectComplianceRequirementsStatus GraphQL field out of experimental status

Summary

The Group.projectComplianceRequirementsStatus GraphQL field was introduced in GitLab 17.10 as an experimental feature. This field provides compliance statuses for projects in a group and its subgroups, which is essential for customers who need to query projects where specific compliance requirements (like dependency scanning) have successfully run based on compliance framework requirements.

Problem

Currently, the field is marked as experimental, which means:

  • It's exempt from the breaking changes policy and can be changed or removed without notice
  • It appears as deprecated in the GraphQL schema
  • It's not suggested by GraphiQL autocomplete
  • Customers are hesitant to rely on it for production use cases

Customer Impact

We have customers (like the Ultimate GitLab.com customer mentioned in this Slack thread) who need to:

  • Query projects where dependency scanning successfully ran based on compliance framework requirements
  • Build automated compliance reporting and monitoring systems
  • Integrate compliance status data into their governance workflows

The experimental status is blocking adoption of this critical compliance functionality.

Proposal

Move Group.projectComplianceRequirementsStatus from experimental to general availability status by:

  1. Removing the experimental marker from the GraphQL field definition
  2. Updating documentation to reflect the stable status
  3. Ensuring comprehensive test coverage for the field and its functionality
  4. Validating the API design is stable and meets customer needs

Background Context

  • The compliance standards adherence dashboard was deprecated in GitLab 17.11 and is planned for removal in GitLab 18.6
  • The new compliance status report was introduced as the replacement
  • The projectComplianceRequirementsStatus field aligns with this new compliance status reporting approach

Acceptance Criteria

  • Remove experiment: { milestone: '17.10' } from the GraphQL field definition
  • Update GraphQL documentation to reflect stable status
  • Ensure comprehensive test coverage exists (tests already exist in ee/spec/requests/api/graphql/group/project_compliance_requirement_status_spec.rb)
  • Validate API design with compliance team and customers
  • Update any related documentation that references the experimental status
  • Consider if any breaking changes are needed before making it stable

Related Issues

  • Original implementation: (link to original implementation issue if available)
  • Compliance status report: #535563 (closed)

Labels

groupcompliance sectionsec devopssoftware supply chain security typefeature GraphQL compliance experimental