2021-01-25 - Triage report for "group::compliance"
Hi, @mattgonzales @djensen @dennis @aregnery @mikelong
This is a group or stage level triage report that aims to summarize the feature proposals and bugs which have not been scheduled or triaged. For more information please refer to the handbook:
Scheduling the workload is a collaborative effort by the Product Managers and Engineering Managers for that group. Please work together to provide a best estimate on priority and milestone assignments. For each issue please:
- Determine if the issue should be closed if it is no longer relevant or a duplicate.
- If it is still relevant please assign either a best estimate versioned milestone, the %Backlog or the %Awaiting further demand milestone.
- Specifically for ~bug, if there is no priority or clarity on a versioned milestone, please add a Priority label. Priority labels have an estimate SLO attached to them and help team members and the wider community understand roughly when it will be considered to be scheduled.
- Once a milestone has been assigned please check off the box for that issue.
- Please work with your team to complete the list by the due date set.
Feature Proposal Section
For the following feature proposals. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.
customer
Unscheduled ~feature with- gitlab-org/gitlab#299474 (closed) Brainstorm: Data points for visualization Category:Compliance Management, Enterprise Edition, GitLab Ultimate, auto updated, customer, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev
- gitlab-org/gitlab#299468 (closed) Update empty state text Category:Compliance Management, Enterprise Edition, GitLab Ultimate, customer, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev, workflowneeds issue review
- gitlab-org/gitlab#299369 (closed) Add sorting to table columns in the compliance report Category:Compliance Management, Enterprise Edition, GitLab Ultimate, auto updated, customer, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev, workflowneeds issue review
- gitlab-org/gitlab#299359 (closed) Modify compliance report to specify violations by merge requests Category:Compliance Management, Enterprise Edition, GitLab Ultimate, customer, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev, workflowneeds issue review
- gitlab-org/gitlab#299358 (closed) Add a filtering feature to the compliance report Category:Compliance Management, Enterprise Edition, GitLab Ultimate, customer, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev, workflowneeds issue review
- gitlab-org/gitlab#299357 (closed) Add a drawer to the compliance report Category:Compliance Management, Enterprise Edition, GitLab Ultimate, customer, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev, workflowneeds issue review
- gitlab-org/gitlab#299356 (closed) Create a severity scale for compliance violations Category:Compliance Management, Enterprise Edition, GitLab Ultimate, customer, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev, workflowneeds issue review
- gitlab-org/gitlab#292948 (closed) Button to recursively apply group-level push rules to existing projects Category:Compliance Management, Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", frontend, groupcompliance, priority4, sectiondev, workflowsolution validation
- gitlab-org/gitlab#285484 (closed) Add an API for SHA-specific chain of custody report ~"Category:Audit Reports", customer, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#282469 Allow admins to list all external remote repositories mirrored in Gitlab via an Admin view Category:Compliance Management, Enterprise Edition, GitLab Premium, UX, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#282468 Allow admins to list all external remote repositories mirrored in Gitlab via a REST API Category:API, Enterprise Edition, GitLab Premium, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#273763 Add an audit report of project CI stages ~"Category:Audit Reports", Enterprise Edition, Next Up, customer, devopsmanage, ~"feature", groupcompliance, priority4, sectiondev, workflowproblem validation
- gitlab-org/gitlab#273586 (closed) Audit logs for instance-level CI / CD variables Category:Audit Events, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#271162 (closed) Add audit event logging for merge approval actions Category:Audit Events, Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", groupcompliance, priority3, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#262728 Create API to query compliance labels on all projects in an instance Category:Compliance Management, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#238218 (closed) Chain of Custody Report - User feedback for iteration 2 ~"Category:Audit Reports", Enterprise Edition, GitLab Ultimate, backend, customer, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev
- gitlab-org/gitlab#234740 Add Secure Functionality to Auditor Role Secure UXCompliance & Auditing, auto updated, customer, devopssecure, ~"feature", groupcompliance, potential proposal
- gitlab-org/gitlab#230932 (closed) Ability to modify user access level via users API customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#225352 Allow Access to Project Information via CI_JOB_TOKEN api, customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#221261 (closed) API to recursively apply group-level push rules to existing projects Category:Compliance Management, Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", groupcompliance, priority2, sectiondev, workflowsolution validation
- gitlab-org/gitlab#207539 (closed) GitLab integration with Netskope Alliances, customer, ~"devops::protect", ~"feature", groupcompliance
- gitlab-org/gitlab#39139 Display project deletion in group audit event log Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", groupcompliance, missed-deliverable, missed:12.9, priority4, sectiondev, severity4, workflowblocked
- gitlab-org/gitlab#26383 (closed) Transfering groups does not warn in the same way than transfering projects does ~"Category:Subgroups", customer, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev, workflowdesign
- gitlab-org/gitlab#20603 (closed) Feature Request: Activity log should contain changes to project/group settings Manage [DEPRECATED], UX, backend, customer, devopsmanage, ~"feature", groupcompliance, priority4, sectiondev, security, severity4, user profile
- gitlab-org/gitlab#1772 (closed) Make available a list of User Permissions per Group and Project ~"Accepting merge requests", Category:User Management, Enterprise Edition, GitLab Premium, UX FY21-Q4, auto updated, backend, customer, devopsmanage, ~"feature", featureenhancement, frontend, groupcompliance, permissions, potential proposal, priority1, sectiondev, workflowplanning breakdown
Unscheduled ~feature (non-customer)
- gitlab-org/gitlab#299598 (closed) SSH key expiration enforcement in Core+ GitLab Core, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowsolution validation
- gitlab-org/gitlab#299335 (closed) MR approval rule being treated abnormally at project level devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, severity2, workflowplanning breakdown
- gitlab-org/gitlab#299211 (closed) [Compliance Framework] List all instance records via GraphQL GraphQL, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#297652 Add a group-level setting to require Jira association in Merge Requests Category:Compliance Management, Enterprise Edition, GitLab Ultimate, atlassian, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#297537 Add API to let group owners revoke PATs scoped to their group Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297536 Add API to let group owners list PATs scoped to their group Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297535 Add IP allow/deny listing to credential inventory for self-managed Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297534 Add IP allow/deny listing to credential inventory for SaaS Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297533 (closed) Add delete button to SaaS credential inventory for SSH keys Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297450 (closed) Add revoke button to SaaS credential inventory for PATs Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297448 (closed) Allow group owners to make SSH key expiration optional Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297447 Allow group owners to define an SSH key expiration for scoped tokens Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297444 Make group-level PAT expiration enforcement optional Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297443 Allow group owners to define PAT expiration for scoped tokens Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297441 (closed) Make credential inventory GA on gitlab.com Category:Compliance Management, Enterprise Edition, GitLab Ultimate, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#297365 (closed) Convert admin/users view - show user note in avatar component Deliverable, backend, devopsmanage, ~"feature", featureenhancement, frontend, groupcompliance, priority1, sectiondev
- gitlab-org/gitlab#297293 (confidential) ~"(confidential)"
- gitlab-org/gitlab#296977 Allow users to update their GPG keys. devopsmanage, ~"feature", gpg, groupcompliance, sectiondev
- gitlab-org/gitlab#295293 (closed) GraphQL API should return marked_for_deletion_on for Projects and Groups devopsmanage, ~"feature", groupcompliance, sectiondev, workflowscheduling
- gitlab-org/gitlab#293872 Include inherited membership in User Permissions CSV GitLab Core, GitLab Premium, GitLab Starter, GitLab Ultimate, backend, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev
- gitlab-org/gitlab#293031 Display push Event records in the project-level Audit Log backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#292667 Re-name "Audit Log" as "Audit Events" backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowscheduling
- gitlab-org/gitlab#292663 Add group-level support to Projects remote mirrors API Category:Compliance Management, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#292446 (closed) Add pagination and tab counts to Compliance Framework Labels list view Category:Compliance Management, Enterprise Edition, GitLab Premium, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev, workflowscheduling
- gitlab-org/gitlab#292276 (closed) Provide a native Grafeas/GitLab experience for evidence artifacts ~"Category:Audit Reports", devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#292003 Simplify assertions of strong params in specs backend, devopsmanage, ~"feature", ~"feature::maintenance", groupcompliance, sectiondev
- gitlab-org/gitlab#290678 Project audit events are missing events Category:Audit Events, SUS Survey, auto updated, devopsmanage, ~"feature", featureenhancement, groupcompliance, sectiondev
- gitlab-org/gitlab#290276 Convert admin/users view - migrate to GraphQL backend, devopsmanage, ~"feature", featureenhancement, frontend, groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#288008 (closed) Add a PDF audit report showing a summary of compliance framework-labeled projects ~"Category:Audit Reports", devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#287940 (closed) Add membership CSV export to root group ~"Category:Audit Reports", Next Up, devopsmanage, ~"feature", groupcompliance, priority1, sectiondev, workflowsolution validation
Unscheduled UX Debt Issues
- gitlab-org/gitlab#299579 (closed) Move Instance MR Approvals to Settings > General Category:Navigation & Settings, UX, UX debt, devopsmanage, groupcompliance, navigation, priority3, sectiondev, settings
- gitlab-org/gitlab#299578 Move Instance Push Rules to Settings > Repository Category:Navigation & Settings, UX, UX debt, devopsmanage, groupcompliance, navigation, priority3, sectiondev, settings
- gitlab-org/gitlab#294029 (closed) Clarify date range constraints in Audit Events Category:Audit Events, UX debt, devopsmanage, groupcompliance, sectiondev
- gitlab-org/gitlab#231382 (closed) Match Project Pending Removal Behavior to Groups UX debt, devopsmanage, groupcompliance, sectiondev, severity4
- gitlab-org/gitlab#220365 (closed) Move Group Push Rules to Settings > Repository Category:Navigation & Settings, UX, UX debt, devopsmanage, groupcompliance, navigation, priority3, sectiondev, settings
Bug Section
For the following bugs. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone and ensure that a priority label is set.
- Engineering Managers: Please add a severity label for those issues without one
- Product Designers: Please add a severity label to UX ~bug issues without one
Heatmap for all bugs
Bugs for their priority and severity label are counted here. Every bug should have severity and priority labels applied. Please take a look at the bugs which fall into the columns indicating that the priority or severity labels are currently missing.
severity1 | severity2 | severity3 | severity4 | No severity | |
---|---|---|---|---|---|
priority1 | 0 | 0 | 0 | 0 | 0 |
priority2 | 0 | 2 | 0 | 0 | 0 |
priority3 | 0 | 1 | 0 | 0 | 0 |
priority4 | 0 | 0 | 0 | 2 | 0 |
No priority | 0 | 0 | 12 | 6 | 0 |
frontend ~bug (non-customer)
Unscheduled- gitlab-org/gitlab#230454 (closed) Admin page tabs overflow and become unusable on small displays UX, ~"bug", devopsmanage, frontend, groupcompliance, sectiondev, severity4
customer
Unscheduled ~bug with- gitlab-org/gitlab#296230 (closed) ProtectedBranchAuditEventService always passing in current_sign_in_ip Category:Audit Events, backend, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#295201 (closed) Unable to delete projects because of "PG::QueryCanceled:" ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#294495 (closed) "Delayed Project Deletion" message is hard-coded ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity4
- gitlab-org/gitlab#276071 (closed) Delayed project deletion doesn't work for projects that are not in a group backend, ~"bug", customer, devopsmanage, groupcompliance, ~"missed-SLO", priority2, sectiondev, severity2, workflowproblem validation
- gitlab-org/gitlab#259159 (closed) Group Level Audit Logging shows incorrect IP address when SAML actions affect user permissions Category:Compliance Management, backend, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#254954 (closed) Pages access level change incorrectly named in Audit Events Category:Audit Events, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3, workflowscheduling
Unscheduled ~bug (non-customer)
- gitlab-org/gitlab#299072 (closed) Repository membership unexpectedly removed w/o user interaction (by myself, according to the audit log) Category:Audit Events, automation:ml, ~"bug", devopsmanage, groupcompliance, sectiondev, severity4
- gitlab-org/gitlab#289453 Audit event missing when renaming CI/CD variable Category:Audit Events, ~"bug", devopsmanage, groupcompliance, sectiondev, severity4
- gitlab-org/gitlab#281574 Excessive calls to Gitaly when certain compliance settings enabled Next Up, backend, ~"bug", devopsmanage, groupcompliance, ~"performance", sectiondev, severity3
- gitlab-org/gitlab#271638 Audit events for features access level changes shows wrong label Category:Audit Events, Category:Pages, Next Up, backend, ~"bug", devopsmanage, ~"devops::release::pages", groupcompliance, priority4, sectiondev, settings, severity4, workflowplanning breakdown
- gitlab-org/gitlab#262861 (closed) AccessDeniedError in Compliance Dashboard see causing gdk reconfigure failure backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3, workflowplanning breakdown
- gitlab-org/gitlab#251151 (closed) Handle group deletion when access level of deleting user changes backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#246618 (closed) HIPAA audit template logging activity for March 26, 2020 after creation UX, backend, ~"bug", devopsmanage, groupcompliance, priority4, sectiondev, severity4, workflowscheduling
- gitlab-org/gitlab#225550 (closed) Saving HTML/Ruby in AuditEvent details "custom_message" backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity4, workflowproblem validation
- gitlab-org/gitlab#35923 (closed) Terms cannot be deleted, once set Next Up, backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3, workflowplanning breakdown
Heatmap for ~missed-SLO bugs
severity1 | severity2 | severity3 | severity4 | No severity | |
---|---|---|---|---|---|
priority1 | 0 | 0 | 0 | 0 | 0 |
priority2 | 0 | 1 | 0 | 0 | 0 |
priority3 | 0 | 1 | 0 | 0 | 0 |
priority4 | 0 | 0 | 0 | 0 | 0 |
No priority | 0 | 0 | 0 | 0 | 0 |
This is a group level triage report that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook:
If assignees or people mentioned in this individual triage report need to be amended, please edit group-definition.yml.