GitLab issueshttps://gitlab.com/gitlab-org/gitlab/-/issues2024-03-26T22:45:43Zhttps://gitlab.com/gitlab-org/gitlab/-/issues/326650Group Jira integration isn't properly applied to new project created from a t...2024-03-26T22:45:43ZSokunrotanak Srey (Rotanak)Group Jira integration isn't properly applied to new project created from a template<!---
Please read this!
Before opening a new issue, make sure to search for keywords in the issues
filtered by the "regression" or "bug" label:
- https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=regression
- https://gitlab....<!---
Please read this!
Before opening a new issue, make sure to search for keywords in the issues
filtered by the "regression" or "bug" label:
- https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=regression
- https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=bug
and verify the issue you're about to submit isn't a duplicate.
--->
### Summary
<!-- Summarize the bug encountered concisely. -->
When a subgroup Jira integration is setup and a new project is created from a template that doesn't have the same Jira integration configured, the newly created project has the inherited Jira configuration from its parent subgroup in the UI but the Jira integration doesn't actually work.
### Steps to reproduce
<!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. -->
1. Have parent group `Pgroup`
1. Setup a `template` subgroup under `Pgroup` with template projects, we do not configure Jira integration for this subgroup
1. Setup a new subgroup `jira-integration` under `Pgroup`
1. Configure Jira integration for the `jira-integration` subgroup
1. Create a new project under `jira-integration` subgroup using blank project
1. Observe the project having Jira integration setup inherited from the `jira-integration` group and mentioning Jira issue actually links to the said Jira issue. There's a Jira icon in the left panel.
1. Create a new project under `jira-integration` subgroup using the template project from the `template` subgroup
1. Observe the project having Jira integration setup inherited from the `jira-integration` group **_but_** mentioning the Jira issue doesn't links to the a proper Jira issue and there's no Jira icon on the left panel as if Jira integration was not configured.
### Example Project
<!-- If possible, please create an example project here on GitLab.com that exhibits the problematic
behavior, and link to it here in the bug report. If you are using an older version of GitLab, this
will also determine whether the bug is fixed in a more recent version. -->
Project that's not working: https://gitlab.com/gitlab-gold/rabbit-hole-1/rabbit-hole/jira-int-4/-/issues/1
Working project: https://gitlab.com/gitlab-gold/rabbit-hole-1/rabbit-hole/jira-test-3-int/-/issues/2
### What is the current *bug* behavior?
<!-- Describe what actually happens. -->
Project created from template that doesn't have Jira integration setup causes the created project that reside under a group with Jira integration to have Jira integration appear configured but doesn't work.
### What is the expected *correct* behavior?
<!-- Describe what you should see instead. -->
Jira integration work for new project created under group with Jira integration configured.
### Relevant logs and/or screenshots
<!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code
as it's tough to read otherwise. -->
### Output of checks
This bug happens on GitLab.com ; GitLab Enterprise Edition 13.11.0-pre 8a31782a417
#### Results of GitLab environment info
<!-- Input any relevant GitLab environment information if needed. -->
<details>
<summary>Expand for output related to GitLab environment info</summary>
<pre>
(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)
(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
</pre>
</details>
#### Results of GitLab application Check
<!-- Input any relevant GitLab application check information if needed. -->
<details>
<summary>Expand for output related to the GitLab application check</summary>
<pre>
(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:check SANITIZE=true`)
(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`)
(we will only investigate if the tests are passing)
</pre>
</details>
### Possible fixes
<!-- If you can, link to the line of code that might be responsible for the problem. -->
### Workaround
Configure the Jira integration for the template groupAwaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/19398Update JIRA settings to include "Issues url" and "New issue url"2024-03-26T22:30:22ZEric Eastwoodcontact@ericeastwood.comUpdate JIRA settings to include "Issues url" and "New issue url"Update JIRA settings to include the following options,
- Issues url
- New issue url
---
Continuation of https://gitlab.com/gitlab-org/gitlab-ce/issues/31448
Follow-up from https://gitlab.com/gitlab-org/gitlab-ce/issues/25775#note_3...Update JIRA settings to include the following options,
- Issues url
- New issue url
---
Continuation of https://gitlab.com/gitlab-org/gitlab-ce/issues/31448
Follow-up from https://gitlab.com/gitlab-org/gitlab-ce/issues/25775#note_39516597
cc @wwongAwaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/14347Allow multiple services of the same type2024-03-26T22:28:55ZDrew BlessingAllow multiple services of the same typeZendesk: https://gitlab.zendesk.com/agent/tickets/18840
This customer is requesting the ability to set up multiple JIRA services at the global level. Projects can then choose the service, which is already pre-populated with credentials....Zendesk: https://gitlab.zendesk.com/agent/tickets/18840
This customer is requesting the ability to set up multiple JIRA services at the global level. Projects can then choose the service, which is already pre-populated with credentials. They have 7 instances of JIRA just in their team, and 20-30 throughout the company. Configuring per project, each time, is annoying for them.
cc/ @JobV @DouweM What do you think?Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/19272When activating an external issue tracker, automatically de-activate all othe...2024-03-26T21:56:10ZVictor Wuvictor@gitlab.comWhen activating an external issue tracker, automatically de-activate all other ones- Inside the project integration settings, when activating one external issue tracker, automatically de-activate all other external issue trackers.
- Note that this is fully independent of the internal GitLab issue tracker.
- In particul...- Inside the project integration settings, when activating one external issue tracker, automatically de-activate all other external issue trackers.
- Note that this is fully independent of the internal GitLab issue tracker.
- In particular, "activating" means turning "on" that particular integration with the checkbox in the settings and persisting that flag. When that happens, all the other flags of all other issue trackers are automatically switched off.
- Need some UI to tell the user that is the case when this happens.
- We should _not_ delete any settings in this scenario (in any of the issue tracker integration settings). So that this is minimally impactful for users, but still maintains that we only have to ever deal with one external issue tracker in all our features.
- Note that this constraint and condition happens when a user activates any given issue tracker. When this feature is released, and your GitLab instance _already_ has multiple issue trackers enabled, this release doesn't change that fact. (We aren't doing any backfilling / changing of data.) If we get reports of errors / bugs, we will refer users to the documentation (and blog post) explaining what they should do, i.e., just toggle off/on their desired external issue tracker.
- The external trackers are:
- Bugzilla, e.g.: https://gitlab.com/gitlab-org/gitlab-ce/services/bugzilla/edit
- Custom Issue Tracker, e.g.: https://gitlab.com/gitlab-org/gitlab-ce/services/custom_issue_tracker/edit
- JIRA, e.g.: https://gitlab.com/gitlab-org/gitlab-ce/services/jira/edit
- Redmine, e.g.: https://gitlab.com/gitlab-org/gitlab-ce/services/redmine/editAwaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/385184Fixed horizontally scrollbar at end of wiki table is inconvenient for large t...2024-03-26T19:39:05ZStephan SchreiberFixed horizontally scrollbar at end of wiki table is inconvenient for large tablesProblem:
In the GitLab wiki I noticed that navigation in large tables is difficult (view mode). The problem is that when the table gets too wide, you have to scroll sideways. But the scrollbar is always at the very end (bottom) of the ta...Problem:
In the GitLab wiki I noticed that navigation in large tables is difficult (view mode). The problem is that when the table gets too wide, you have to scroll sideways. But the scrollbar is always at the very end (bottom) of the table. So you have to scroll all the way down to be able to scroll to the right. This is somehow cumbersome and makes it difficult to get to the table content in the upper right corner. Especially with very large tables. Would it be possible to implement the scrollbar for right/left in a way that it is always visible and usable (even if I am not yet at the end of the table).
Objective:
A horizontal scrollbar that is always displayed.
Example:
| Column-1 | Column-2 | Column-3 | Column-4 | Column-5 | Column-6 | Column-7 | Column-8 | Column-9 | Column-10 | Column-11 | Column-12 | Column-13 | Column-14 | Column-15 | Column-16 | Column-17 | Column-18 | Column-19 | Column-20 |
|----------|----------|----------|----------|----------|----------|----------|----------|----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|
| A2 | B2 | C2 | D2 | E2 | F2 | G2 | H2 | I2 | J2 | K2 | L2 | M2 | N2 | O2 | P2 | Q2 | R2 | S2 | T2 |
| A3 | B3 | C3 | D3 | E3 | F3 | G3 | H3 | I3 | J3 | K3 | L3 | M3 | N3 | O3 | P3 | Q3 | R3 | S3 | T3 |
| A4 | B4 | C4 | D4 | E4 | F4 | G4 | H4 | I4 | J4 | K4 | L4 | M4 | N4 | O4 | P4 | Q4 | R4 | S4 | T4 |
| A5 | B5 | C5 | D5 | E5 | F5 | G5 | H5 | I5 | J5 | K5 | L5 | M5 | N5 | O5 | P5 | Q5 | R5 | S5 | T5 |
| A6 | B6 | C6 | D6 | E6 | F6 | G6 | H6 | I6 | J6 | K6 | L6 | M6 | N6 | O6 | P6 | Q6 | R6 | S6 | T6 |
| A7 | B7 | C7 | D7 | E7 | F7 | G7 | H7 | I7 | J7 | K7 | L7 | M7 | N7 | O7 | P7 | Q7 | R7 | S7 | T7 |
| A8 | B8 | C8 | D8 | E8 | F8 | G8 | H8 | I8 | J8 | K8 | L8 | M8 | N8 | O8 | P8 | Q8 | R8 | S8 | T8 |
| A9 | B9 | C9 | D9 | E9 | F9 | G9 | H9 | I9 | J9 | K9 | L9 | M9 | N9 | O9 | P9 | Q9 | R9 | S9 | T9 |
| A10 | B10 | C10 | D10 | E10 | F10 | G10 | H10 | I10 | J10 | K10 | L10 | M10 | N10 | O10 | P10 | Q10 | R10 | S10 | T10 |
| A11 | B11 | C11 | D11 | E11 | F11 | G11 | H11 | I11 | J11 | K11 | L11 | M11 | N11 | O11 | P11 | Q11 | R11 | S11 | T11 |
| A12 | B12 | C12 | D12 | E12 | F12 | G12 | H12 | I12 | J12 | K12 | L12 | M12 | N12 | O12 | P12 | Q12 | R12 | S12 | T12 |
| A13 | B13 | C13 | D13 | E13 | F13 | G13 | H13 | I13 | J13 | K13 | L13 | M13 | N13 | O13 | P13 | Q13 | R13 | S13 | T13 |
| A14 | B14 | C14 | D14 | E14 | F14 | G14 | H14 | I14 | J14 | K14 | L14 | M14 | N14 | O14 | P14 | Q14 | R14 | S14 | T14 |
| A15 | B15 | C15 | D15 | E15 | F15 | G15 | H15 | I15 | J15 | K15 | L15 | M15 | N15 | O15 | P15 | Q15 | R15 | S15 | T15 |
| A16 | B16 | C16 | D16 | E16 | F16 | G16 | H16 | I16 | J16 | K16 | L16 | M16 | N16 | O16 | P16 | Q16 | R16 | S16 | T16 |
| A17 | B17 | C17 | D17 | E17 | F17 | G17 | H17 | I17 | J17 | K17 | L17 | M17 | N17 | O17 | P17 | Q17 | R17 | S17 | T17 |
| A18 | B18 | C18 | D18 | E18 | F18 | G18 | H18 | I18 | J18 | K18 | L18 | M18 | N18 | O18 | P18 | Q18 | R18 | S18 | T18 |
| A19 | B19 | C19 | D19 | E19 | F19 | G19 | H19 | I19 | J19 | K19 | L19 | M19 | N19 | O19 | P19 | Q19 | R19 | S19 | T19 |
| A20 | B20 | C20 | D20 | E20 | F20 | G20 | H20 | I20 | J20 | K20 | L20 | M20 | N20 | O20 | P20 | Q20 | R20 | S20 | T20 |
| A21 | B21 | C21 | D21 | E21 | F21 | G21 | H21 | I21 | J21 | K21 | L21 | M21 | N21 | O21 | P21 | Q21 | R21 | S21 | T21 |
| A22 | B22 | C22 | D22 | E22 | F22 | G22 | H22 | I22 | J22 | K22 | L22 | M22 | N22 | O22 | P22 | Q22 | R22 | S22 | T22 |
| A23 | B23 | C23 | D23 | E23 | F23 | G23 | H23 | I23 | J23 | K23 | L23 | M23 | N23 | O23 | P23 | Q23 | R23 | S23 | T23 |
| A24 | B24 | C24 | D24 | E24 | F24 | G24 | H24 | I24 | J24 | K24 | L24 | M24 | N24 | O24 | P24 | Q24 | R24 | S24 | T24 |
| A25 | B25 | C25 | D25 | E25 | F25 | G25 | H25 | I25 | J25 | K25 | L25 | M25 | N25 | O25 | P25 | Q25 | R25 | S25 | T25 |
| A26 | B26 | C26 | D26 | E26 | F26 | G26 | H26 | I26 | J26 | K26 | L26 | M26 | N26 | O26 | P26 | Q26 | R26 | S26 | T26 |
| A27 | B27 | C27 | D27 | E27 | F27 | G27 | H27 | I27 | J27 | K27 | L27 | M27 | N27 | O27 | P27 | Q27 | R27 | S27 | T27 |
| A28 | B28 | C28 | D28 | E28 | F28 | G28 | H28 | I28 | J28 | K28 | L28 | M28 | N28 | O28 | P28 | Q28 | R28 | S28 | T28 |
| A29 | B29 | C29 | D29 | E29 | F29 | G29 | H29 | I29 | J29 | K29 | L29 | M29 | N29 | O29 | P29 | Q29 | R29 | S29 | T29 |
| A30 | B30 | C30 | D30 | E30 | F30 | G30 | H30 | I30 | J30 | K30 | L30 | M30 | N30 | O30 | P30 | Q30 | R30 | S30 | T30 |
| A31 | B31 | C31 | D31 | E31 | F31 | G31 | H31 | I31 | J31 | K31 | L31 | M31 | N31 | O31 | P31 | Q31 | R31 | S31 | T31 |
| A32 | B32 | C32 | D32 | E32 | F32 | G32 | H32 | I32 | J32 | K32 | L32 | M32 | N32 | O32 | P32 | Q32 | R32 | S32 | T32 |
| A33 | B33 | C33 | D33 | E33 | F33 | G33 | H33 | I33 | J33 | K33 | L33 | M33 | N33 | O33 | P33 | Q33 | R33 | S33 | T33 |
| A34 | B34 | C34 | D34 | E34 | F34 | G34 | H34 | I34 | J34 | K34 | L34 | M34 | N34 | O34 | P34 | Q34 | R34 | S34 | T34 |
| A35 | B35 | C35 | D35 | E35 | F35 | G35 | H35 | I35 | J35 | K35 | L35 | M35 | N35 | O35 | P35 | Q35 | R35 | S35 | T35 |
| A36 | B36 | C36 | D36 | E36 | F36 | G36 | H36 | I36 | J36 | K36 | L36 | M36 | N36 | O36 | P36 | Q36 | R36 | S36 | T36 |
| A37 | B37 | C37 | D37 | E37 | F37 | G37 | H37 | I37 | J37 | K37 | L37 | M37 | N37 | O37 | P37 | Q37 | R37 | S37 | T37 |
| A38 | B38 | C38 | D38 | E38 | F38 | G38 | H38 | I38 | J38 | K38 | L38 | M38 | N38 | O38 | P38 | Q38 | R38 | S38 | T38 |
| A39 | B39 | C39 | D39 | E39 | F39 | G39 | H39 | I39 | J39 | K39 | L39 | M39 | N39 | O39 | P39 | Q39 | R39 | S39 | T39 |
| A40 | B40 | C40 | D40 | E40 | F40 | G40 | H40 | I40 | J40 | K40 | L40 | M40 | N40 | O40 | P40 | Q40 | R40 | S40 | T40 |
| A41 | B41 | C41 | D41 | E41 | F41 | G41 | H41 | I41 | J41 | K41 | L41 | M41 | N41 | O41 | P41 | Q41 | R41 | S41 | T41 |
| A42 | B42 | C42 | D42 | E42 | F42 | G42 | H42 | I42 | J42 | K42 | L42 | M42 | N42 | O42 | P42 | Q42 | R42 | S42 | T42 |
| A43 | B43 | C43 | D43 | E43 | F43 | G43 | H43 | I43 | J43 | K43 | L43 | M43 | N43 | O43 | P43 | Q43 | R43 | S43 | T43 |
| A44 | B44 | C44 | D44 | E44 | F44 | G44 | H44 | I44 | J44 | K44 | L44 | M44 | N44 | O44 | P44 | Q44 | R44 | S44 | T44 |
| A45 | B45 | C45 | D45 | E45 | F45 | G45 | H45 | I45 | J45 | K45 | L45 | M45 | N45 | O45 | P45 | Q45 | R45 | S45 | T45 |
| A46 | B46 | C46 | D46 | E46 | F46 | G46 | H46 | I46 | J46 | K46 | L46 | M46 | N46 | O46 | P46 | Q46 | R46 | S46 | T46 |
| A47 | B47 | C47 | D47 | E47 | F47 | G47 | H47 | I47 | J47 | K47 | L47 | M47 | N47 | O47 | P47 | Q47 | R47 | S47 | T47 |
| A48 | B48 | C48 | D48 | E48 | F48 | G48 | H48 | I48 | J48 | K48 | L48 | M48 | N48 | O48 | P48 | Q48 | R48 | S48 | T48 |
| A49 | B49 | C49 | D49 | E49 | F49 | G49 | H49 | I49 | J49 | K49 | L49 | M49 | N49 | O49 | P49 | Q49 | R49 | S49 | T49 |
| A50 | B50 | C50 | D50 | E50 | F50 | G50 | H50 | I50 | J50 | K50 | L50 | M50 | N50 | O50 | P50 | Q50 | R50 | S50 | T50 |Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/14957Enable DAST scanning of MFA enabled websites2024-03-26T16:49:47ZSameer KamaniEnable DAST scanning of MFA enabled websites### Problem to solve
Enable Multi-Factor authentication for Authenticated DAST scans
### Intended users
* [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-develop...### Problem to solve
Enable Multi-Factor authentication for Authenticated DAST scans
### Intended users
* [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead)
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer)
* [Sam (Security Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sam-security-analyst)
### Further details
more and more sites are requiring MFA to operate. this is especially true for the High-Risk environments like the Government. As new sites are being developed with MFA, DAST functionality needs to be able to address the use case where a preview application is scanned with appropriate access level so as to not only rely on MFA but also be able to identify any vulnerabilities further in the authenticated areas. Currently the DAST functionalty does not allow configuration of using MFA to scan the target website.
### Proposal
Implement the ability to scan a MFA enabled website by allowing to store ans pass through certain Authentication parameters to the DAST scanner.
### Permissions and Security
Same as Security Dashboard
### Documentation
Documents that will need to be updated:
https://docs.gitlab.com/ee/user/application_security/dast/l
### Testing
Testing should include:
1. Setting up a site with MFA such as a X.509 cert and scanning it with DAST
2. Serting up a site with a test validation code sent to an email that is fed back to the DAST scanner to authenticate with the site.
### What does success look like, and how can we measure that?
Security analyst can fully adopt the GitLab Secure DAST in the Development phase if they are able to get past the MFA requirements of the website. Developers will get a clearer picture of what could happen if/when MFA is compromised or in the case of an insider threat.
### What is the type of buyer?
Ultimate
### Links / referencesAwaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/416771Allow Customers to Bring Internet Connected Custom Models for AI Functionality2024-03-26T12:45:35ZTaylor McCaslinAllow Customers to Bring Internet Connected Custom Models for AI FunctionalityCode Suggestions uses Google Vertex AI Codey APIs. Some customers are interested in bringing their own custom retrained models.
While we likely can't support just any random model off the shelf, we likely can allow customers to bring t...Code Suggestions uses Google Vertex AI Codey APIs. Some customers are interested in bringing their own custom retrained models.
While we likely can't support just any random model off the shelf, we likely can allow customers to bring their own Codey API keys or Codey retrained models.
Proposal:
- allow configurable AI endpoint
- allow customers to have their own instance of Codey models
- consider how this could work with other vendorsAwaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/15676Create "Content Pack" for Microsoft Power BI2024-03-26T10:42:53ZEirik LygreCreate "Content Pack" for Microsoft Power BIMicrosoft Power BI is a sky-based business intelligence platform. The Power BI platform provides a number of SaaS Content Pakcs (https://powerbi.microsoft.com/en-us/documentation/powerbi-content-packs-services/):
>>>
You can connect to ...Microsoft Power BI is a sky-based business intelligence platform. The Power BI platform provides a number of SaaS Content Pakcs (https://powerbi.microsoft.com/en-us/documentation/powerbi-content-packs-services/):
>>>
You can connect to content packs for a number of services you use to run your business, such as Salesforce, Microsoft Dynamics, and Google Analytics. Power BI starts by using your credentials to connect to the service, and then creates a Power BI dashboard and a set of Power BI reports that automatically show your data and provide visual insights about your business.
>>>
There is such a Content Pack for GitHub, providing access to GitHub data.
It would be very useful to have a similar Content Pack for GitLab, usable both for the central GitLab.com, and for self hsoted GitLab repositories. There is a process: https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-content-pack-overview/Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/427431Allow for custom tabs in pipeline (over)view2024-03-26T09:17:44ZlfvjimisolaAllow for custom tabs in pipeline (over)view<!-- This template is a great use for issues that are feature::additions or technical tasks for larger issues.-->
### Proposal
We would like to add custom tabs in the pipeline (over)view. Is there a way to do this already?
![image](/u...<!-- This template is a great use for issues that are feature::additions or technical tasks for larger issues.-->
### Proposal
We would like to add custom tabs in the pipeline (over)view. Is there a way to do this already?
![image](/uploads/cb053f105539a502ad197c86ef6e5a30/image.png)Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/431414Ability to send vulnerability reports automatically2024-03-26T07:14:11ZNhan DaoAbility to send vulnerability reports automatically### Problem to solve
Right now there is no way to send vulnerability reports automatically. You will need to sign to GL to view the report or send it manually.
### Proposal
Ability to send vulnerability reports automatically.
### In...### Problem to solve
Right now there is no way to send vulnerability reports automatically. You will need to sign to GL to view the report or send it manually.
### Proposal
Ability to send vulnerability reports automatically.
### Intended users
Executives
### Feature Usage Metrics
### Does this feature require an audit event?
<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->
*This page may contain information related to upcoming products, features and functionality.
It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes.
Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.*
<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/427647Increase the 1,000 project limit for Security Dashboard2024-03-26T07:14:10ZAlexandra PhamIncrease the 1,000 project limit for Security Dashboard### Proposal
Currently, Self-Managed customers with multiple top groups do not have a way to [manage vulnerabilities at an organization level](https://gitlab.com/groups/gitlab-org/-/epics/10048). While this feature is on the roadmap, on...### Proposal
Currently, Self-Managed customers with multiple top groups do not have a way to [manage vulnerabilities at an organization level](https://gitlab.com/groups/gitlab-org/-/epics/10048). While this feature is on the roadmap, one [workaround](https://gitlab.com/groups/gitlab-org/-/epics/10048#current-work-arounds) is for customers to add each project to the Security Dashboard via the API. However, there is a hard-coded limit of [1,000 project](https://docs.gitlab.com/ee/user/application_security/security_dashboard/#add-projects-to-the-security-center) that can added to the Security Dashboard. This is a problem for customers with over 1,000 projects because they're not able able to get a full view of the security health of their organization. This request is open the discussion to allow self-managed customers the ability to increase the limit within their instance.
**Requesting customers**
1. [Salesforce](https://gitlab.my.salesforce.com/00161000002xBeCAAU) (internal only)Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/419676Intelligent Dependency Management with AI: Dependency updates and code change...2024-03-26T07:14:09ZMichael FriedrichIntelligent Dependency Management with AI: Dependency updates and code change suggestions (on breaking changes, etc.)<!-- The first section "Release notes" is required if you want to have your release post blog MR auto generated. Currently in BETA, details on the **release post item generator** can be found in the handbook: https://about.gitlab.com/ha...<!-- The first section "Release notes" is required if you want to have your release post blog MR auto generated. Currently in BETA, details on the **release post item generator** can be found in the handbook: https://about.gitlab.com/handbook/marketing/blog/release-posts/#release-post-item-generator and this video: https://www.youtube.com/watch?v=rfn9ebgTwKg. The next four sections: "Problem to solve", "Intended users", "User experience goal", and "Proposal", are strongly recommended in your first draft, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. -->
### Release notes
<!-- What is the problem and solution you're proposing? This content sets the overall vision for the feature and serves as the release notes that will populate in various places, including the [release post blog](https://about.gitlab.com/releases/categories/releases/) and [Gitlab project releases](https://gitlab.com/gitlab-org/gitlab/-/releases). " -->
### Problem to solve
<!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
Dependency lifecycle integrations such as Renovate or Dependabot provide automated updates for package version bumps, security updates, etc. in the form of MRs.
This only covers bumping the version in the dependency package manager file, and does not come with required code changes. Major version updates might break compatibility with APIs or ABIs, that require developers and DevOps engineers to refactor the code after updating the dependencies.
From a personal experience, I really disliked reading changelogs and re-learning the implementation on breaking changes every time we bumped a dependency to a new major version. Sometimes, minor versions also broke the code.
### Requirements
1. Dependency management built into GitLab, or by leveraging an integration with Renovate (https://blog.jdriven.com/2022/08/running-renovate-on-gitlab-com/)
1. Consider building a dependency management system powered by AI, and combined with the plans for threat insights in https://about.gitlab.com/direction/govern/threat_insights/dependency_management/ - Remediation.
### Intended users
<!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later.
Personas are described at https://about.gitlab.com/handbook/product/personas/
* [Parker (Product Manager)](https://about.gitlab.com/handbook/product/personas/#parker-product-manager)
* [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/product/personas/#delaney-development-team-lead)
* [Presley (Product Designer)](https://about.gitlab.com/handbook/product/personas/#presley-product-designer)
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/product/personas/#sasha-software-developer)
* [Priyanka (Platform Engineer)](https://about.gitlab.com/handbook/product/personas/#priyanka-platform-engineer)
* [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/product/personas/#sidney-systems-administrator)
* [Rachel (Release Manager)](https://about.gitlab.com/handbook/product/personas/#rachel-release-manager)
* [Simone (Software Engineer in Test)](https://about.gitlab.com/handbook/product/personas/#simone-software-engineer-in-test)
* [Allison (Application Ops)](https://about.gitlab.com/handbook/product/personas/#allison-application-ops)
* [Ingrid (Infrastructure Operator)](https://about.gitlab.com/handbook/product/personas/#ingrid-infrastructure-operator)
* [Dakota (Application Development Director)](https://about.gitlab.com/handbook/product/personas/#dakota-application-development-director)
* [Dana (Data Analyst)](https://about.gitlab.com/handbook/product/personas/#dana-data-analyst)
* [Eddie (Content Editor)](https://about.gitlab.com/handbook/product/personas/#eddie-content-editor)
* [Amy (Application Security Engineer)](https://about.gitlab.com/handbook/product/personas/#amy-application-security-engineer)
* [Isaac (Infrastructure Engineer)](https://about.gitlab.com/handbook/product/personas/#isaac-infrastructure-security-engineer)
* [Alex (Security Operations Engineer)](https://about.gitlab.com/handbook/product/personas/#alex-security-operations-engineer)
* [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/product/personas/#cameron-compliance-manager)
-->
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/product/personas/#sasha-software-developer)
* [Priyanka (Platform Engineer)](https://about.gitlab.com/handbook/product/personas/#priyanka-platform-engineer)
* [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/product/personas/#sidney-systems-administrator)
* [Simone (Software Engineer in Test)](https://about.gitlab.com/handbook/product/personas/#simone-software-engineer-in-test)
* [Allison (Application Ops)](https://about.gitlab.com/handbook/product/personas/#allison-application-ops)
* [Ingrid (Infrastructure Operator)](https://about.gitlab.com/handbook/product/personas/#ingrid-infrastructure-operator)
* [Amy (Application Security Engineer)](https://about.gitlab.com/handbook/product/personas/#amy-application-security-engineer)
* [Isaac (Infrastructure Engineer)](https://about.gitlab.com/handbook/product/personas/#isaac-infrastructure-security-engineer)
* [Alex (Security Operations Engineer)](https://about.gitlab.com/handbook/product/personas/#alex-security-operations-engineer)
### User experience goal
<!-- What is the single user experience workflow this problem addresses?
For example, "The user should be able to use the UI/API/.gitlab-ci.yml with GitLab to <perform a specific task>"
https://about.gitlab.com/handbook/product/ux/ux-research-training/user-story-mapping/ -->
### Proposal
<!-- How are we going to solve the problem? Try to include the user journey! https://about.gitlab.com/handbook/journeys/#user-journey -->
AI could help with understanding
1. How the dependencies and their function imports, variables, etc. are being used (different scopes for each programming language)
2. Analyze the dependency version bump, and verify whether breaking changes would cause trouble
MVC idea: Create an MR that triggers CI/CD pipelines that run code tests. If there are no tests yet, generate them with AI help too. If the tests would fail after bumping the
Without the requirement to run CI/CD or unit tests, the "perfect" AI will understand when a version upgrade breaks function interfaces, renames/removes global variables, etc. - anything the current implementation uses.
3. Based on the analysis what could break, or potentially be refactored (for better performance for example), the AI should create code suggestions in the form of an MR for the teams to review.
### Further details
<!-- Include use cases, benefits, goals, or any other details that will help us understand the problem better. -->
Original proposal on [Twitter](https://twitter.com/coinyon/status/1683566446213750784):
>>>
I was thinking about a dependabot-like system that will not only bump the versions but will also migrate your codebase to that new version. While this is not possible now and is probably some time off, these chores are something I want AI to help me with.
>>>
![image](https://gitlab.com/gitlab-org/gitlab/uploads/909a919c7bcb42c83e9a0ebbd412b464/image.png)
### Permissions and Security
<!-- What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)?
Consider adding checkboxes and expectations of users with certain levels of membership https://docs.gitlab.com/ee/user/permissions.html
* [ ] Add expected impact to members with no access (0)
* [ ] Add expected impact to Guest (10) members
* [ ] Add expected impact to Reporter (20) members
* [ ] Add expected impact to Developer (30) members
* [ ] Add expected impact to Maintainer (40) members
* [ ] Add expected impact to Owner (50) members
Please consider performing a threat model for the code changes that are introduced as part of this feature. To get started, refer to our Threat Modeling handbook page https://about.gitlab.com/handbook/security/threat_modeling/#threat-modeling.
Don't hesitate to reach out to the Application Security Team (`@gitlab-com/gl-security/appsec`) to discuss any security concerns.
-->
### Documentation
<!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/workflow.html#for-a-product-change
* Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/workflow.html
* If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html -->
### Availability & Testing
<!-- This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier.
What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing?
Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance.
* Unit test changes
* Integration test changes
* End-to-end test change
See the Quality Engineering quad planning and test planning processes and reach out to your counterpart Software Engineer in Test for assistance.
Quad Planning: https://about.gitlab.com/handbook/engineering/quality/quality-engineering/quad-planning
Test Planning: https://about.gitlab.com/handbook/engineering/quality/quality-engineering/test-engineering/#test-planning -->
### Available Tier
<!-- This section should be used for setting the appropriate tier that this feature will belong to. Pricing can be found here: https://about.gitlab.com/pricing/
* Free
* Premium/Silver
* Ultimate/Gold
-->
~"GitLab Ultimate" because large teams and projects, both efficiency and security features.
### Feature Usage Metrics
<!-- How are you going to track usage of this feature? Think about user behavior and their interaction with the product. What indicates someone is getting value from it?
Create tracking issue using the Snowplow event tracking template. See https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Snowplow%20event%20tracking.md
-->
### What does success look like, and how can we measure that?
<!--
Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this.
Create tracking issue using the Snowplow event tracking template. See https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Snowplow%20event%20tracking.md
-->
### What is the type of buyer?
<!-- What is the buyer persona for this feature? See https://about.gitlab.com/handbook/product/personas/buyer-persona/
In which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#three-tiers -->
Larger teams with projects that have many dependencies, either external or internal projects. Managers that want their developers to work efficiently and not waste time on refactoring code on dependency version bumps.
### Is this a cross-stage feature?
<!-- Communicate if this change will affect multiple Stage Groups or product areas. We recommend always start with the assumption that a feature request will have an impact into another Group. Loop in the most relevant PM and Product Designer from that Group to provide strategic support to help align the Group's broader plan and vision, as well as to avoid UX and technical debt. https://about.gitlab.com/handbook/product/#cross-stage-features -->
Dependency management is ~"group::threat insights" (@abellucci) and requires collaboration with ~"group::source code" (assuming that `explain this source code` AI feature is owned by the group - @derekferguson) and ~"group::ai framework" (@tlinz)
Not sure about the DRI. Dependency management is a larger scope than ~"section::sec", it touches all dependencies no matter security scanning.
### What is the competitive advantage or differentiation for this feature?
### Links / references
<!-- Label reminders - you should have one of each of the following labels.
Use the following resources to find the appropriate labels:
- Use only one tier label choosing the lowest tier this is intended for
- https://gitlab.com/gitlab-org/gitlab/-/labels
- https://about.gitlab.com/handbook/product/categories/features/
-->
<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->
*This page may contain information related to upcoming products, features and functionality.
It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes.
Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.*
<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/417163Show the full list of added/removed vulnerabilities2024-03-26T07:14:08ZBrie CarranzaShow the full list of added/removed vulnerabilities<!-- This issue template can be used as a great starting point for feature requests. The section "Release notes" can be used as a summary of the feature and is also required if you want to have your release post blog MR auto generated us...<!-- This issue template can be used as a great starting point for feature requests. The section "Release notes" can be used as a summary of the feature and is also required if you want to have your release post blog MR auto generated using the release post item generator: https://about.gitlab.com/handbook/marketing/blog/release-posts/#release-post-item-generator. The remaining sections are the backbone for every feature in GitLab.
The goal of this template is brevity for quick/smaller iterations. For a more thorough list of considerations for larger features or feature sets, you can leverage the detailed [feature proposal](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Feature%20proposal%20-%20detailed.md). -->
### Release notes
<!-- What is the problem and solution you're proposing? This content sets the overall vision for the feature and serves as the release notes that will populate in various places, including the [release post blog](https://about.gitlab.com/releases/categories/releases/) and [Gitlab project releases](https://gitlab.com/gitlab-org/gitlab/-/releases). " -->
### Problem to solve
<!-- What is the user problem you are trying to solve with this issue? -->
The [MR security widget](https://docs.gitlab.com/ee/user/application_security/#ultimate) displays a list of added/removed vulnerabilities in an MR. This list is limited to a total of 25 added/removed entries of each security report type.
The widget has a link to the **Full Report**, where users can see all detected vulnerabilities in the corresponding MR branch. However, they cannot see the difference between the MR branch and the default branch (i.e. the list of added/removed vulnerabilities).
### Proposal
<!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
Provide a way that users can see the full list of findings that have been added and/or removed in an MR. This is essentially the same list that shows in the MR widget, but without the 25 entries limit.
### Intended users
<!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later.
Personas are described at https://about.gitlab.com/handbook/product/personas/
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/product/personas/#sasha-software-developer)
* [Simone (Software Engineer in Test)](https://about.gitlab.com/handbook/product/personas/#simone-software-engineer-in-test)
* [Amy (Application Security Engineer)](https://about.gitlab.com/handbook/product/personas/#amy-application-security-engineer)
* [Alex (Security Operations Engineer)](https://about.gitlab.com/handbook/product/personas/#alex-security-operations-engineer)
* [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/product/personas/#cameron-compliance-manager)
-->
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/product/personas/#sasha-software-developer)
* [Simone (Software Engineer in Test)](https://about.gitlab.com/handbook/product/personas/#simone-software-engineer-in-test)
* [Amy (Application Security Engineer)](https://about.gitlab.com/handbook/product/personas/#amy-application-security-engineer)
* [Alex (Security Operations Engineer)](https://about.gitlab.com/handbook/product/personas/#alex-security-operations-engineer)
* [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/product/personas/#cameron-compliance-manager)
### Related Links
- gitlab-org/gitlab!125328
- gitlab-org/gitlab!124920
- gitlab-org/gitlab#416872
- gitlab-org/gitlab#416933
### Feature Usage Metrics
<!-- How are you going to track usage of this feature? Think about user behavior and their interaction with the product. What indicates someone is getting value from it?
Create tracking issue using the Snowplow event tracking template. See https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Snowplow%20event%20tracking.md
-->
<!-- Label reminders
Use the following resources to find the appropriate labels:
- Use only one tier label choosing the lowest tier this is intended for
- https://gitlab.com/gitlab-org/gitlab/-/labels
- https://about.gitlab.com/handbook/product/categories/features/
-->
<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->
*This page may contain information related to upcoming products, features and functionality.
It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes.
Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.*
<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/435843Export dependency list in CSV format2024-03-26T05:48:51ZChloe CartronExport dependency list in CSV format### Proposal
This is a request coming from a customer.
The compliance team is requested to collect and generate reports for audit purpose. These reports are gathered in CSV format.
It is possible to export the CVE list from the vuln...### Proposal
This is a request coming from a customer.
The compliance team is requested to collect and generate reports for audit purpose. These reports are gathered in CSV format.
It is possible to export the CVE list from the vulnerability report in CSV but not the dependency list.
It should be easy for any compliance team member, even non technical, to export the reports.Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/16182Integrate with Jama (requirements management software)2024-03-25T23:04:53ZGreg SmethellsIntegrate with Jama (requirements management software)### Description
As an engineering manager of an FDA regulated software device, I want GitLab to integrate with Jama, like Jira and Bugzilla do, so that I can leverage the system requirements workflow that Jama provides during development...### Description
As an engineering manager of an FDA regulated software device, I want GitLab to integrate with Jama, like Jira and Bugzilla do, so that I can leverage the system requirements workflow that Jama provides during development of the product using GitLab.
### Proposal
The proposal is to essentially allow for a GitLab Issue to be linked to a Jama System Requirement as:
* satisfying a feature request
* fixing a bug complaint
Bonus: Prevent the GitLab Issue from moving forward on the Board to later stages until Jama had all necessary approvals for the system requirement.
### Links / references
* [Jama Software](http://www.jamasoftware.com/solution/)
* [Jama REST API](http://dev.jamasoftware.com/rest)Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/27352Auto upgrade of Gitlab Runners2024-03-25T20:06:31ZAndrew JonesAuto upgrade of Gitlab Runners### Problem to solve
I'm seeing a lot of my internal customers wanting to use Gitlab runners in CI and CD pipelines. Potentially we could end up with hundreds of runners out in our data centres. Keeping Gitlab-runners up to date is beco...### Problem to solve
I'm seeing a lot of my internal customers wanting to use Gitlab runners in CI and CD pipelines. Potentially we could end up with hundreds of runners out in our data centres. Keeping Gitlab-runners up to date is becoming an increasingly difficult manual job and should be automated.
### Intended users
Gitlab should use this feature, when I upgrade Gitlab to a newer version it should either automatically update all it's attached runners or provide me with a button on the runners admin page where I can click a button to trigger an upgrade.
### Further details
The goal would be to automate the upgrade of Gitlab runners so an operations team does not have to manually login to every server and replace the binary.
### Proposal
When I upgrade Gitlab I'd like it to include a repo for the latest Gitlab runners. Each Gitlab runner should then be pre- configured with a job that can allow it to pull from the repo and update it's binary. Maybe have a checkbox for auto or manual upgrade.
### Permissions and Security
If the Gitlab-runner binary on the target server is owned by the Gitlab-runner user no additional permissions should be required. The upgrade process would be no different to a normal Gitlab-runner shell job i.e. Git clone the repo containing the new code and some shell commands to replace and restart the runner.
### Documentation
<!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html
Add all known Documentation Requirements here, per https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements -->
### What does success look like, and how can we measure that?
Upgrade of all Gitlab runenrs from the Runners admin page, no requirement to ssh into a target server to run an upgrade.
### Links / referencesAwaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/293424Allow Labels to be Protected2024-03-25T19:59:37ZAdam MarkhamAllow Labels to be Protected<!-- The first section "Release notes" is required if you want to have your release post blog MR auto generated. Currently in BETA, details on the **release post item generator** can be found in the handbook: https://about.gitlab.com/ha...<!-- The first section "Release notes" is required if you want to have your release post blog MR auto generated. Currently in BETA, details on the **release post item generator** can be found in the handbook: https://about.gitlab.com/handbook/marketing/blog/release-posts/#release-post-item-generator and this video: https://www.youtube.com/watch?v=rfn9ebgTwKg. The next four sections: "Problem to solve", "Intended users", "User experience goal", and "Proposal", are strongly recommended in your first draft, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. -->
### Release notes
<!-- What is the problem and solution you're proposing? This content sets the overall vision for the feature and serves as the release notes that will populate in various places, including the [release post blog](https://about.gitlab.com/releases/categories/releases/) and [Gitlab project releases](https://gitlab.com/gitlab-org/gitlab/-/releases). " -->
### Problem to solve
<!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
Currently, labels can be created, deleted, or applied to resources by any authorized user (`Reporter+`). For some issues, such as priority, it would be useful to restrict applying a label to particular users. Perhaps following a model similar to CODEOWNERS, whereby there is a file in .gitlab/ that allows particular labels to only be applied by specified users.
### Intended users
* [Parker (Product Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#parker-product-manager)
* [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead)
### User experience goal
Provide a good user experience for label visibility for unauthorized users while preventing that label from being applied or removed from the resource the user is currently viewing.
### Proposal
<!-- How are we going to solve the problem? Try to include the user journey! https://about.gitlab.com/handbook/journeys/#user-journey -->
- When creating a label, allow for that label to be marked as `Protected`
- If `Protected`, specify which roles (and maybe specific users?) can edit/delete the label and add/remove the label to various resources.
- Allow the ability to specify whether roles in descendant (and maybe children?) can apply or remove that label from the resource to which it is applied.
- If a role is unauthorized to apply a label, it does not show up in the label picker.
- If a role is unauthorized to remove a label, do not show the `x` on the label.
- Within Boards when a list is configured to use a protected label, prevent unauthorized users from dragging and dropping the issue (or epic) card into that list.
- Show a :lock: icon or something similar within the label to signify it is locked.
- Extend this to the APIs such that when an unauthorized user tries to apply a protected label programmatically, the server responds with `HTTP 401 Unauthorized`.
### Further details
<!-- Include use cases, benefits, goals, or any other details that will help us understand the problem better. -->
### Permissions and Security
<!-- What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)?
Consider adding checkboxes and expectations of users with certain levels of membership https://docs.gitlab.com/ee/user/permissions.html
* [ ] Add expected impact to members with no access (0)
* [ ] Add expected impact to Guest (10) members
* [ ] Add expected impact to Reporter (20) members
* [ ] Add expected impact to Developer (30) members
* [ ] Add expected impact to Maintainer (40) members
* [ ] Add expected impact to Owner (50) members -->
- `Maintainer+`
### Documentation
<!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/workflow.html#for-a-product-change
* Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements
* If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html -->
- We will need to update the documentation.
### Availability & Testing
<!-- This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier.
What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing?
Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance.
* Unit test changes
* Integration test changes
* End-to-end test change
See the test engineering planning process and reach out to your counterpart Software Engineer in Test for assistance: https://about.gitlab.com/handbook/engineering/quality/test-engineering/#test-planning -->
* Unit test changes
* Integration test changes
* End-to-end test changes
### What does success look like, and how can we measure that?
<!--
Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this.
Create tracking issue using the the Snowplow event tracking template. See https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Snowplow%20event%20tracking.md
-->
- Count of protected labels created over time
- Count of Groups/Projects using protected labels
- Count of protected labels being applied over time
### What is the type of buyer?
<!-- What is the buyer persona for this feature? See https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/buyer-persona/
In which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#four-tiers -->
- ~"GitLab Ultimate" as this mostly relates to use cases needed for an enterprise environment where compliance and or reporting standardization is required.
### Is this a cross-stage feature?
<!-- Communicate if this change will affect multiple Stage Groups or product areas. We recommend always start with the assumption that a feature request will have an impact into another Group. Loop in the most relevant PM and Product Designer from that Group to provide strategic support to help align the Group's broader plan and vision, as well as to avoid UX and technical debt. https://about.gitlab.com/handbook/product/#cross-stage-features -->
It will likely involve some level of collaboration or FYI across:
- ~"group::source code"
- ~"group::code review"
- ~"group::project management"
- ~"group::product planning"
- ~"group:certify"
- ~"group::optimize"
- ~"group::access"
- ~"group::integrations"
### Links / references
<!-- Label reminders - you should have one of each of the following labels.
Use the following resources to find the appropriate labels:
- https://gitlab.com/gitlab-org/gitlab/-/labels
- https://about.gitlab.com/handbook/product/categories/features/
-->Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/36975Make the time it takes runners to go offline configurable2024-03-25T18:45:53ZAric BuererMake the time it takes runners to go offline configurable### Problem to solve
Runners will report as `offline` when inactive for 1 hour. This is currently hardcoded.
### Proposal
Make [`ONLINE_CONTACT_TIMEOUT`](https://gitlab.com/gitlab-org/gitlab/blob/master/app/models/ci/runner.rb#L25) c...### Problem to solve
Runners will report as `offline` when inactive for 1 hour. This is currently hardcoded.
### Proposal
Make [`ONLINE_CONTACT_TIMEOUT`](https://gitlab.com/gitlab-org/gitlab/blob/master/app/models/ci/runner.rb#L25) configurable.
### What does success look like, and how can we measure that?
The `ONLINE_CONTACT_TIMEOUT` is configurable to allow administrators to determine the amount of time it takes an inactive runner to go `offline`.
### Links / references
https://gitlab.com/gitlab-org/gitlab/blob/master/app/models/ci/runner.rb#L25
Customer ticket: https://gitlab.zendesk.com/agent/tickets/139413 (internal use)Awaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/38344UI in-line help for Runner Config Page2024-03-25T18:44:36ZgotjoshuaUI in-line help for Runner Config Page### Problem to solve
* What product or feature(s) affected?
Single Runner Configuration Page (ie https://gitlab.foo/admin/runners/##)
* What docs or doc section affected? Include links or paths.
Inline documentation on the page (the sen...### Problem to solve
* What product or feature(s) affected?
Single Runner Configuration Page (ie https://gitlab.foo/admin/runners/##)
* What docs or doc section affected? Include links or paths.
Inline documentation on the page (the sentences next to the check-boxes):
![SuperAwkwardInconsitentHelpInfoOnRunnerConfig](/uploads/07d92695d59491d77c620d5dddf496de/SuperAwkwardInconsitentHelpInfoOnRunnerConfig.png)
* Is there a problem with a specific document, or a feature/process that's not addressed sufficiently in docs?
There is no consistent style/tense/grammar to the help info.
### Proposal
My suggestion is to be fully explicit:
Active
- [ ] If checked, this runner will accept new jobs
Protected
- [ ] If checked, this runner will only run on pipelines triggered on protected branches
Run untagged jobs
- [ ] If checked, this runner will be able to run jobs without tags
Lock to current projects
- [ ] If checked, this runner will not be able to be assigned to other projectsAwaiting further demandhttps://gitlab.com/gitlab-org/gitlab/-/issues/196524Add runner registration token in Settings (application) API2024-03-25T18:39:09ZSeverin BühlerAdd runner registration token in Settings (application) API### Problem to solve
Add the `runners_token` in the response for [Settings (Application)](https://docs.gitlab.com/ee/api/settings.html#get-current-application-settings).
### Intended users
* [Sasha (Software Developer)](https://about....### Problem to solve
Add the `runners_token` in the response for [Settings (Application)](https://docs.gitlab.com/ee/api/settings.html#get-current-application-settings).
### Intended users
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer)
* [Devon (DevOps Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#devon-devops-engineer)
* [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator)
### Further details
After the registration tokens (`runners_token`) are available in the project and the [group API](https://gitlab.com/gitlab-org/gitlab/issues/28194), only the instance registration token is still missing.
The instance token in the API enables developers to add unspecified runners automatically.
### Permissions and Security
Administrator only, like the rest of the settings.
### Documentation
- Update [Settings (Application) API](https://docs.gitlab.com/ee/api/settings.html#get-current-application-settings)
<!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html
Add all known Documentation Requirements here, per https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements
If this feature requires changing permissions, this document https://docs.gitlab.com/ee/user/permissions.html must be updated accordingly. -->
### Links / referencesAwaiting further demand