Securely Automate Tasks in GitLab
Problem Statement
Currently, GitLab customers are creating users instead of bots (since there is no official bot feature in GitLab) to specifically handle the automation of tasks. This is painful for customers for the following reasons:
- Compromised security
- Attaching tokens to a specific user means that that user account has access to the full API, if those account credentials are compromised, the whole instance is potentially in the hands of bad actors
- Additional license costs (further detailed below) causes customers to only create one user for many tasks to save money, which is also a potential security risk
- Cost
- Customers are having to pay not only for additional licenses, but also for the other surrounding costs such as email account provisioning via G-Suite or Office 365 in order for the user to have credentials
- There are users who are uncomfortable with converting to a paid customer due to the anxiety around increased license costs, especially if they are a small team or business with many automated tasks
- Decreased cycle time
- Provisioning bot users is a long and convoluted process for some customers, causing potential delays in getting work done
- If the cost of creating a bot user is too high, users may attempt to manually perform the tasks instead, which is not efficient
- Potential downtime
- If a user who's access token is being used for a task that many depend on gets deleted, this could cause potential disruption and downtime
Reach
Personas: Systems Administrators and Group Owners
10.0 = Impacts the vast majority (~80% or greater) of our users, prospects, or customers.
Impact
2.0 = High impact
Confidence
100% = High confidence
- Original issue containing significant customer feedback
- Periscope dashboard showing this issue as one of the top requested customer issues
- Opportunity canvas
Effort
This will likely take around 3-4 engineers in one release and a designer and product manager for half that time, so the score would be 4.
Rice Score = 400
Edited by Luca Kisielius