Secure for 3rd party SCM

Problem to solve

Customer's organisation does not use GitLab for SCM today - they use another Git server and have no plans to move. Today they are using the GitLab CI support for external repos, however they would now like to secure those pipelines with GitLab CI, rather than integrate multiple 3rd party tools into the SDLC.

Target audience

Delaney, Development Team Lead, https://design.gitlab.com/research/personas#persona-delaney
Devon, DevOps Engineer, https://design.gitlab.com/research/personas#persona-devon
Sam, Security Analyst, https://design.gitlab.com/research/personas#persona-sam

Further details

For the customer, this simplifies their tool chain, secures it and gives them a best of breed CI toolset for their non-GitLab SCM. It makes adoption of GitLab easier.

For GitLab, this means that Secure does not depend on customers using GitLab for SCM and therefore opens up a larger market to go after with Ultimate.

Proposal

Currently Secure only reports back to a GitLab MR. The proposal is to make GitLab's Secure reports available for users in other Git servers, for example in GitHub in the below section:

Documentation

What does success look like, and how can we measure that?

Success looks like the below reports, appearing in a 3rd party SCM (as above) once the pipelines and scans have run.

It would be measured by the number of customers using GitLab CI + Secure, for 3rd party SCM tools.

What is the type of buyer?

(Which leads to: in which enterprise tier should this feature go see https://about.gitlab.com/handbook/product/pricing/#four-tiers )

Security

DevOps Lead

Links / references

Edited Feb 21, 2019 by Simon Williams