2021-01-11 - Triage report for "group::compliance"
Hi, @mattgonzales @djensen @dennis @aregnery @mikelong
This is a group or stage level triage report that aims to summarize the feature proposals and bugs which have not been scheduled or triaged. For more information please refer to the handbook:
Scheduling the workload is a collaborative effort by the Product Managers and Engineering Managers for that group. Please work together to provide a best estimate on priority and milestone assignments. For each issue please:
- Determine if the issue should be closed if it is no longer relevant or a duplicate.
- If it is still relevant please assign either a best estimate versioned milestone, the %Backlog or the %Awaiting further demand milestone.
- Specifically for ~bug, if there is no priority or clarity on a versioned milestone, please add a Priority label. Priority labels have an estimate SLO attached to them and help team members and the wider community understand roughly when it will be considered to be scheduled.
- Once a milestone has been assigned please check off the box for that issue.
- Please work with your team to complete the list by the due date set.
Feature Proposal Section
For the following feature proposals. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.
customer
Unscheduled ~feature with- gitlab-org/gitlab#292948 (closed) Button to recursively apply group-level push rules to existing projects Category:Compliance Management, Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", frontend, groupcompliance, priority4, sectiondev, workflowsolution validation
- gitlab-org/gitlab#285484 (closed) Add an API for SHA-specific chain of custody report ~"Category:Audit Reports", customer, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#282469 Allow admins to list all external remote repositories mirrored in Gitlab via an Admin view Category:Compliance Management, Enterprise Edition, GitLab Premium, UX, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#282468 Allow admins to list all external remote repositories mirrored in Gitlab via a REST API Category:API, Enterprise Edition, GitLab Premium, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#273763 Add an audit report of project CI stages ~"Category:Audit Reports", Enterprise Edition, Next Up, customer, devopsmanage, ~"feature", groupcompliance, priority4, sectiondev, workflowproblem validation
- gitlab-org/gitlab#273586 (closed) Audit logs for instance-level CI / CD variables Category:Audit Events, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#271162 (closed) Add audit event logging for merge approval actions Category:Audit Events, Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", groupcompliance, priority3, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#262728 Create API to query compliance labels on all projects in an instance Category:Compliance Management, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#238218 (closed) Chain of Custody Report - User feedback for iteration 2 ~"Category:Audit Reports", Enterprise Edition, GitLab Ultimate, backend, customer, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev
- gitlab-org/gitlab#234740 Add Secure Functionality to Auditor Role Secure UXCompliance & Auditing, customer, devopssecure, ~"feature", groupcompliance
- gitlab-org/gitlab#230932 (closed) Ability to modify user access level via users API customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#225352 Allow Access to Project Information via CI_JOB_TOKEN api, customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#221261 (closed) API to recursively apply group-level push rules to existing projects Category:Compliance Management, Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", groupcompliance, priority2, sectiondev, workflowsolution validation
- gitlab-org/gitlab#207539 (closed) GitLab integration with Netskope Alliances, customer, ~"devops::protect", ~"feature", groupcompliance
- gitlab-org/gitlab#39139 Display project deletion in group audit event log Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", groupcompliance, missed-deliverable, missed:12.9, priority4, sectiondev, severity4, workflowblocked
- gitlab-org/gitlab#26383 (closed) Transfering groups does not warn in the same way than transfering projects does ~"Category:Subgroups", customer, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev, workflowdesign
- gitlab-org/gitlab#20603 (closed) Feature Request: Activity log should contain changes to project/group settings Manage [DEPRECATED], UX, backend, customer, devopsmanage, ~"feature", groupcompliance, priority4, sectiondev, security, severity4, user profile
- gitlab-org/gitlab#1772 (closed) Make available a list of User Permissions per Group and Project ~"Accepting merge requests", Category:User Management, Enterprise Edition, GitLab Premium, UX FY21-Q4, auto updated, backend, customer, devopsmanage, ~"feature", featureenhancement, frontend, groupcompliance, permissions, potential proposal, priority1, sectiondev, workflowplanning breakdown
Unscheduled ~feature (non-customer)
- gitlab-org/gitlab#295293 (closed) GraphQL API should return marked_for_deletion_on for Projects and Groups devopsmanage, ~"feature", groupcompliance, sectiondev, workflowscheduling
- gitlab-org/gitlab#293872 Include inherited membership in User Permissions CSV GitLab Core, GitLab Premium, GitLab Starter, GitLab Ultimate, backend, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev
- gitlab-org/gitlab#293031 Display push Event records in the project-level Audit Log backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#292667 Re-name "Audit Log" as "Audit Events" backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowscheduling
- gitlab-org/gitlab#292663 Add group-level support to Projects remote mirrors API Category:Compliance Management, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#292446 (closed) Add pagination and tab counts to Compliance Framework Labels list view Category:Compliance Management, Enterprise Edition, GitLab Premium, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev, workflowscheduling
- gitlab-org/gitlab#292276 (closed) Provide a native Grafeas/GitLab experience for evidence artifacts ~"Category:Audit Reports", devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#292003 Simplify assertions of strong params in specs backend, devopsmanage, ~"feature", ~"feature::maintenance", groupcompliance, sectiondev
- gitlab-org/gitlab#290678 Project audit events are missing events Category:Audit Events, SUS Survey, auto updated, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev
- gitlab-org/gitlab#290276 Convert admin/users view - migrate to GraphQL backend, devopsmanage, ~"feature", featureenhancement, frontend, groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#288008 (closed) Add a PDF audit report showing a summary of compliance framework-labeled projects ~"Category:Audit Reports", devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#287940 (closed) Add user access CSV export to root group ~"Category:Audit Reports", Next Up, devopsmanage, ~"feature", groupcompliance, priority1, sectiondev, workflowdesign
- gitlab-org/gitlab#287934 (closed) Add audit events CSV export to root group ~"Category:Audit Reports", Next Up, devopsmanage, ~"feature", groupcompliance, priority2, sectiondev, workflowdesign
- gitlab-org/gitlab#287875 Update label CRUD views to use the same Vue apps as Compliance framework labels devopsmanage, ~"feature", ~"feature::maintenance", frontend, groupcompliance, sectiondev, workflowrefinement
- gitlab-org/gitlab#285105 Convert admin/users view - add pagination to Vue app Deliverable, UX FY21-Q4, devopsmanage, ~"feature", featureenhancement, frontend, groupcompliance, priority1, sectiondev, workflowscheduling
- gitlab-org/gitlab#284388 (closed) Manage:Compliance Feature Flags devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#282530 (closed) Audit Events for Deleted Items should be Available to Group Maintainers Category:Audit Events, Next Up, devopsmanage, ~"feature", groupcompliance, internal customer, priority4, sectiondev
- gitlab-org/gitlab#282432 Add delete button to GPG keys view in the Admin Credentials Inventory Category:Compliance Management, Enterprise Edition, GitLab Ultimate, backend, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowscheduling
- gitlab-org/gitlab#282428 (closed) Add application settings changes to audit events Category:Audit Events, backend, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#270125 (closed) Improve the layout of SSH Keys UI polish, UX, devopsmanage, ~"feature", groupcompliance, sectiondev, user settings, workflowdesign
- gitlab-org/gitlab#270124 [Audit Log] Filter by event type backend, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev, workflowdesign
- gitlab-org/gitlab#268296 (closed) Suggest available Jira issues when editing a Merge Request title or description Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, atlassian, backend, devopsmanage, ~"feature", frontend, groupcompliance, priority4, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#268293 Add a resolve Jira Association button to Merge Requests Category:Compliance Management, Enterprise Edition, GitLab Ultimate, UX FY21-Q4, atlassian, devopsmanage, ~"feature", featureenhancement, frontend, groupcompliance, priority1, sectiondev, workflowscheduling
- gitlab-org/gitlab#268122 Capture changes to a project's protected tags in project-level audit events ~"Accepting merge requests", Category:Audit Events, Enterprise Edition, GitLab Starter, backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#268120 Capture repository mirroring activity in project-level audit events ~"Accepting merge requests", Category:Audit Events, Enterprise Edition, GitLab Starter, backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#267601 (closed) [Chain of Custody Report] Expand the scope from Merge Commits to All Commits backend, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#267003 Show commit signature validation status on Commits tab of merge requests devopsmanage, ~"feature", frontend, gpg, groupcompliance, sectiondev
- gitlab-org/gitlab#263461 Add Trigger Tokens to Credential Inventory Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, devopsmanage, ~"feature", frontend, groupcompliance, priority4, sectiondev, workflowdesign
- gitlab-org/gitlab#263455 (closed) Add Scheduled Pipelines to Credential Inventory Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, devopsmanage, ~"feature", frontend, groupcompliance, priority4, sectiondev, workflowdesign
- gitlab-org/gitlab#263260 (closed) Add Lock/Unlock feature to specific approval rules in instance-level MR approval rules settings Category:Compliance Management, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown
Unscheduled UX Debt Issues
- gitlab-org/gitlab#296961 (closed) Display Compliance Framework disabled field for Maintainers GitLab Premium, UX debt, devopsmanage, groupcompliance, priority3, sectiondev, workflowneeds issue review
- gitlab-org/gitlab#294029 (closed) Clarify date range constraints in Audit Events Category:Audit Events, UX debt, devopsmanage, groupcompliance, sectiondev
- gitlab-org/gitlab#231382 (closed) Match Project Pending Removal Behavior to Groups UX debt, devopsmanage, groupcompliance, sectiondev, severity4
Bug Section
For the following bugs. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone and ensure that a priority label is set.
- Engineering Managers: Please add a severity label for those issues without one
- Product Designers: Please add a severity label to UX ~bug issues without one
Heatmap for all bugs
Bugs for their priority and severity label are counted here. Every bug should have severity and priority labels applied. Please take a look at the bugs which fall into the columns indicating that the priority or severity labels are currently missing.
severity1 | severity2 | severity3 | severity4 | No severity | |
---|---|---|---|---|---|
priority1 | 0 | 0 | 0 | 0 | 0 |
priority2 | 0 | 2 | 0 | 0 | 0 |
priority3 | 0 | 1 | 0 | 0 | 0 |
priority4 | 0 | 0 | 0 | 2 | 0 |
No priority | 0 | 0 | 13 | 5 | 0 |
frontend ~bug (non-customer)
Unscheduled- gitlab-org/gitlab#230454 (closed) Admin page tabs overflow and become unusable on small displays UX, ~"bug", devopsmanage, frontend, groupcompliance, sectiondev, severity4
customer
Unscheduled ~bug with- gitlab-org/gitlab#296230 (closed) ProtectedBranchAuditEventService always passing in current_sign_in_ip Category:Audit Events, backend, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#295201 (closed) Unable to delete projects because of "PG::QueryCanceled:" ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#294495 (closed) "Delayed Project Deletion" message is hard-coded ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity4
- gitlab-org/gitlab#276071 (closed) Delayed project deletion doesn't work for projects that are not in a group backend, ~"bug", customer, devopsmanage, groupcompliance, ~"missed-SLO", priority2, sectiondev, severity2, workflowproblem validation
- gitlab-org/gitlab#259159 (closed) Group Level Audit Logging shows incorrect IP address when SAML actions affect user permissions Category:Compliance Management, backend, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#254954 (closed) Pages access level change incorrectly named in Audit Events Category:Audit Events, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3, workflowscheduling
Unscheduled ~bug (non-customer)
- gitlab-org/gitlab#289453 Audit event missing when renaming CI/CD variable Category:Audit Events, ~"bug", devopsmanage, groupcompliance, sectiondev, severity4
- gitlab-org/gitlab#281574 Excessive calls to Gitaly when certain compliance settings enabled Next Up, backend, ~"bug", devopsmanage, groupcompliance, ~"performance", sectiondev, severity3
- gitlab-org/gitlab#271638 Audit events for features access level changes shows wrong label Category:Audit Events, Category:Pages, Next Up, backend, ~"bug", devopsmanage, ~"devops::release::pages", groupcompliance, priority4, sectiondev, settings, severity4, workflowplanning breakdown
- gitlab-org/gitlab#262861 (closed) AccessDeniedError in Compliance Dashboard see causing gdk reconfigure failure backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3, workflowplanning breakdown
- gitlab-org/gitlab#251151 (closed) Handle group deletion when access level of deleting user changes backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#246618 (closed) HIPAA audit template logging activity for March 26, 2020 after creation UX, backend, ~"bug", devopsmanage, groupcompliance, priority4, sectiondev, severity4, workflowscheduling
- gitlab-org/gitlab#225550 (closed) Saving HTML/Ruby in AuditEvent details "custom_message" backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity4, workflowproblem validation
- gitlab-org/gitlab#35923 (closed) Terms cannot be deleted, once set Next Up, backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3, workflowplanning breakdown
Heatmap for ~missed-SLO bugs
severity1 | severity2 | severity3 | severity4 | No severity | |
---|---|---|---|---|---|
priority1 | 0 | 0 | 0 | 0 | 0 |
priority2 | 0 | 1 | 0 | 0 | 0 |
priority3 | 0 | 1 | 0 | 0 | 0 |
priority4 | 0 | 0 | 0 | 0 | 0 |
No priority | 0 | 0 | 0 | 0 | 0 |
This is a group level triage report that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook:
If assignees or people mentioned in this individual triage report need to be amended, please edit group-definition.yml.