15.5 Planning for Compliance

This issue and linked pages contain information related to upcoming products, features, and functionality. It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes. As with all projects, the items mentioned in this video and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Once moved out of draft, update the kickoff issue

Table of Contents

• Boards
• Capacity notes
  • Capacity by team member
• Objectives & Themes
  • Product prioritized ~"type::feature" list
    • Planning breakdown expectations
    • Deferred line (@stkerr to update on the 15.6+ plans)
    • Nice to have tasks
  • Engineering prioritized ~"type::maintenance" list
  • Quality prioritized ~"type::bug" list
  • Deferred Items
    • From %"15.4" (consider moving to following iteration and/or moving to workflow::scheduling)
  • From this milestone (consider moving to following iteration and/or moving to workflow::scheduling)
• Release Post Items

Boards

Different boards we use for planning and organization

• Build Board (%15.5 milestone issues to be built)
• Next Up Board (all Next Up in GitLab.org / manage / general-discussion issues with workflow states)
• Milestone scheduling board
• Maintenance board
• Refinement Queue (stack rank of issues to refine in order)
• Bug Board (bugs organized by severity labels)
• UX Board
• Audit Event Organization
• Error budgets - Grafana/Sisense

Capacity notes

• Milestone runs from 2022-09-22 to 2022-10-22

Capacity by team member

• Huzaifa - 5w
• Harsimar - 7w
• Jiaan - 9w
• Michael - 5w

Total capacity 26/40

frontend - 9w / backend - 17w

Objectives & Themes

Product prioritized typefeature list

1. Any %15.4 carry-over

   1. 3️⃣ Placeholder capacity for 15.4 carry over
      1. ❓ Block merging if there are failed status checks (gitlab-org&8516 - closed)
         1. 3️⃣ Add a project setting to block merge requests f... (gitlab-org/gitlab#369859 - closed)
         2. 1️⃣ Add a checkbox for the new project setting to b... (gitlab-org/gitlab#369860 - closed) frontend in GitLab.org / manage / general-discussion
         3. 3️⃣ Disable merge button when status checks are req... (gitlab-org/gitlab#369861 - closed) frontend in GitLab.org / manage / general-discussion
   2. 3️⃣ API endpoint to retrieve all audit events under... (gitlab-org/gitlab#337757 - closed)
   3. 2️⃣ [Chain of Custody Report] Expand the scope from... (gitlab-org/gitlab#267601 - closed)
   4. 2️⃣ API to allow streamed audit events to be filter... (gitlab-org/gitlab#344845 - closed)
   5. 🔎 Audit Events: Log feature flag enable/disable (gitlab-org/gitlab#351589 - closed)

2. New feature work

   1. Group-level setting for default compliance fram... (gitlab-org/gitlab#339887 - closed)
      1. database 2️⃣
      2. backend 3️⃣
      3. frontend a big 3️⃣ / small 5️⃣
   2. Option to enable pipelines must succeed at grou... (gitlab-org&8704 - closed)
      1. 5️⃣ Use cascading settings to implement pipeline ch... (gitlab-org/gitlab#373079 - closed)
      2. 2️⃣ Add Merge requests section to the group settings (gitlab-org/gitlab#373080 - closed)
   3. 3️⃣ Service ping for streaming audit events by type (gitlab-org/gitlab#361794 - closed)
   4. 🔎 Replace all instances of `audit_operation` with... (gitlab-org&8497 - closed)
      1. 1️⃣ Add a meaningful audit event name for `path` in... (gitlab-org/gitlab#369271 - closed)
      2. 1️⃣ Add a meaningful audit event name for `name` in... (gitlab-org/gitlab#369272 - closed)

Planning breakdown expectations

1. 🔎 Handle missing gitlab-ci.yml files using compli... (gitlab-org/gitlab#364131 - closed)

2. 🔎 Streamed audit event filtering with UI (gitlab-org&7059 - closed)

   1. 🔎 Add a visual indication to show that a streamin... (gitlab-org/gitlab#367341 - closed)
   2. 🔎 Screen to allow management of streamed audit ev... (gitlab-org/gitlab#344846 - closed)

Deferred line (@stkerr to update on the 15.6+ plans)

1. 🔎 Add event type information for all audit events... (gitlab-org&8571 - closed)
   1. Issues to be created
2. 🔎 Replace all instances of `audit_operation` with... (gitlab-org&8497 - closed)
   1. 1️⃣ Add a meaningful audit event name for `name` in... (gitlab-org/gitlab#369272 - closed)
3. 🔎 Replace all instances of `audit_operation` with... (gitlab-org&8497 - closed)
4. 5️⃣ API to allow streamed audit events to be filter... (gitlab-org/gitlab#344845 - closed)
5. 2️⃣ Add keyset pagination to instance and project a... (gitlab-org/gitlab#367528 - closed)
6. 2️⃣ Add inline validation to admin deletion protect... (gitlab-org/gitlab#364133 - closed)
7. 🔎 Streamed audit event filtering with UI (gitlab-org&7059 - closed)
   1. 🔎 Add a visual indication to show that a streamin... (gitlab-org/gitlab#367341 - closed)
   2. 🔎 Screen to allow management of streamed audit ev... (gitlab-org/gitlab#344846 - closed)

Nice to have tasks

1. 🔎 Remove page-wide reload on audit events streami... (gitlab-org/gitlab#370720 - closed)
2. 🔎 Audit events streams mobile UI and hierarchy (gitlab-org/gitlab#368442 - closed)

Engineering prioritized typemaintenance list

1. Any %15.4 carry-over

Issue	Priority	Weight	Discipline
Don't create audit events when there is no change (gitlab-org&8547 - closed) We only need to focus on access request event.	P1	2️⃣	backend
Flaky test ee/spec/features/admin/admin_audit_l... (gitlab-org/gitlab#350720 - closed)	P2	🔍	backend
Notify engineer when altering sidekiq worker ar... (gitlab-org/gitlab#362192 - closed)	P3	🔍	backend

1. New maintenance work

Issue	Priority	Weight	Discipline
Fix N+1 in status checks API (gitlab-org/gitlab#353356 - closed)	P3	2	backend
MR Widget Extension Telemetry - `WidgetStatusCh... (gitlab-org/gitlab#368876 - closed)	P3	2	frontend
Stop ignoring pat/ssh key columns (gitlab-org/gitlab#368231 - closed)	P3	1	backend
Re-name group and project delete "adjourned" an... (gitlab-org/gitlab#339478)	P4	🔍	backend
Move VSA project filter to common shared compon... (gitlab-org/gitlab#350158 - closed)	P4	2	frontend
Convert admin/users view - move modal messages ... (gitlab-org/gitlab#320922)	P4	3	frontend

Quality prioritized typebug list

Any %15.4 carry-over

LINKED_ISSUE_TITLE	BUG_AGE	SEVERITY_TAG	PRIORITY_TAG	WEIGHT
Audit Events: Creating project access tokens generates duplicate audit events		S3	P4	2️⃣
Group Level Audit Logging shows incorrect IP address when SAML actions affect user permissions		S3	P2	🔎
Compliance pipelines do not expand .extends blocks before including developer pipelines		S3	P2	🔎

1. New bugs work

LINKED_ISSUE_TITLE	BUG_AGE	SEVERITY_TAG	PRIORITY_TAG
Developer cannot push to projects they create in groups	1429	3	undefined
Group audit events not showing all membership changes	484	3	undefined
Events API: ActiveRecord::QueryCanceled: PG::QueryCanceled: ERRO	150	3	undefined
Allow triggered pipelines to have compliance framework yaml inje	56	3	undefined
Missing group audit log when project is added to existing group	1074	3	undefined
Unrelated Group audit events logged when a change to group's gen	1073	3	undefined

Deferred Items

Deferred items from previous and the current milestone

Consider moving to following iteration and/or moving to workflow::scheduling

From %15.4 (consider moving to following iteration and/or moving to workflow::scheduling)

• Link

From this milestone (consider moving to following iteration and/or moving to workflow::scheduling)

Release Post Items

Status	Issue	Release Post MR