Leverage GitLab monitoring data for dependencies metrics
Problem to solve
Introducing a new dependency comes at a cost. We already make sure the dependency is secure (at least, no known advisory reported). But we don't offer any more insights to the users.
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
Further details
In a MR request, we already provide insights about the performance impact. But it will only work if:
- The application is a web server/service
- There's a review app available
- The review app is available from the Internet (because we use an external service).
Proposal
Users could benefit from public data on monitored projects, either from performance reports, or directly prometheus maybe. We can give some insights on each dependency, about the mean CPU/RAM/Network/IO usage change.
Permissions and Security
N/A
Documentation
TODO
Testing
TODO
What does success look like, and how can we measure that?
Users have insights and metrics when introducing new dependencies.