2020-11-09 - Triage report for "group::compliance"
Hi, @mattgonzales @djensen @dennis @aregnery @mikelong
This is a group or stage level triage report that aims to summarize the feature proposals and bugs which have not been scheduled or triaged. For more information please refer to the handbook:
Scheduling the workload is a collaborative effort by the Product Managers and Engineering Managers for that group. Please work together to provide a best estimate on priority and milestone assignments. For each issue please:
- Determine if the issue should be closed if it is no longer relevant or a duplicate.
- If it is still relevant please assign either a best estimate versioned milestone, the %Backlog or the %Awaiting further demand milestone.
- Specifically for ~bug, if there is no priority or clarity on a versioned milestone, please add a Priority label. Priority labels have an estimate SLO attached to them and help team members and the wider community understand roughly when it will be considered to be scheduled.
- Once a milestone has been assigned please check off the box for that issue.
- Please work with your team to complete the list by the due date set.
Feature Proposal Section
For the following feature proposals. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.
customer
Unscheduled ~feature with- gitlab-org/gitlab#273763 Add an audit report of project CI stages ~"Category:Audit Reports", Enterprise Edition, Next Up, customer, devopsmanage, ~"feature", groupcompliance, priority1, sectiondev, workflowproblem validation
- gitlab-org/gitlab#273586 (closed) Audit logs for instance-level CI / CD variables Category:Audit Events, backend, customer, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#273496 (closed) [Frontend] Make available a list of User Permissions per Group and Project Enterprise Edition, customer, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev
- gitlab-org/gitlab#273482 (closed) [Backend] Make available a list of User Permissions per Group and Project Enterprise Edition, backend, customer, devopsmanage, ~"feature", groupcompliance, permissions, sectiondev
- gitlab-org/gitlab#273470 (closed) [Database] Make available a list of User Permissions per Group and Project Enterprise Edition, customer, database, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#271162 (closed) Add audit event logging for merge approval actions Category:Audit Events, Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", groupcompliance, priority1, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#238218 (closed) Chain of Custody Report - User feedback for iteration 2 ~"Category:Audit Reports", Enterprise Edition, GitLab Ultimate, backend, customer, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev
- gitlab-org/gitlab#234740 Add Secure Functionality to Auditor Role Secure UXCompliance & Auditing, customer, devopssecure, ~"feature", groupcompliance
- gitlab-org/gitlab#230932 (closed) Ability to modify user access level via users API customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#225352 Allow Access to Project Information via CI_JOB_TOKEN api, customer, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#221261 (closed) Button to recursively apply group-level push rules to existing projects Category:Compliance Management, Enterprise Edition, GitLab Premium, GitLab Starter, Next Up, backend, customer, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowsolution validation
- gitlab-org/gitlab#207539 (closed) GitLab integration with Netskope Alliances, customer, ~"devops::protect", ~"feature", groupcompliance
- gitlab-org/gitlab#39139 Display project deletion in group audit event log Enterprise Edition, GitLab Premium, Next Up, backend, customer, devopsmanage, ~"feature", groupcompliance, missed-deliverable, missed:12.9, priority2, sectiondev, severity4, workflowblocked
- gitlab-org/gitlab#26383 (closed) Transfering groups does not warn in the same way than transfering projects does ~"Category:Subgroups", customer, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev, workflowdesign
- gitlab-org/gitlab#20603 (closed) Feature Request: Activity log should contain changes to project/group settings Manage [DEPRECATED], UX, backend, customer, devopsmanage, ~"feature", groupcompliance, priority4, sectiondev, security, severity4, user profile
Unscheduled ~feature (non-customer)
- gitlab-org/gitlab#276883 (moved) Console warning message for expired Personal Access Token Category:Compliance Management, backend, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#276221 (closed) Assign custom Compliance Framework Labels to projects GitLab Ultimate, Next Up, backend, devopsmanage, ~"feature", groupcompliance, priority1, sectiondev, workflowsolution validation
- gitlab-org/gitlab#270125 (closed) Improve the layout of SSH Keys UI polish, UX, devopsmanage, ~"feature", groupcompliance, sectiondev, user settings, workflowdesign
- gitlab-org/gitlab#270124 [Audit Log] Filter by event type backend, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev, workflowdesign
- gitlab-org/gitlab#268296 (closed) Suggest available Jira issues when editing a Merge Request title or description Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, atlassian, backend, devopsmanage, ~"feature", frontend, groupcompliance, priority4, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#268294 (closed) Add a project-level setting to require Jira association in Merge Requests Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, atlassian, backend, devopsmanage, ~"feature", frontend, groupcompliance, priority1, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#268293 Add a resolve Jira Association button to Merge Requests Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, atlassian, devopsmanage, ~"feature", frontend, groupcompliance, priority1, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#268292 (closed) Add Jira ticket association requirement to Merge Requests Category:Compliance Management, Enterprise Edition, GitLab Ultimate, atlassian, backend, devopsmanage, ~"feature", frontend, groupcompliance, priority1, sectiondev, workflowscheduling
- gitlab-org/gitlab#268122 Capture changes to a project's protected tags in project-level audit events ~"Accepting merge requests", Category:Audit Events, Enterprise Edition, GitLab Starter, backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#268120 Capture repository mirroring activity in project-level audit events ~"Accepting merge requests", Category:Audit Events, Enterprise Edition, GitLab Starter, backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#267601 (closed) [Chain of Custody Report] Expand the scope from Merge Commits to All Commits backend, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#267003 Show commit signature validation status on Commits tab of merge requests devopsmanage, ~"feature", frontend, gpg, groupcompliance, sectiondev
- gitlab-org/gitlab#263461 Add Trigger Tokens to Credential Inventory Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, devopsmanage, ~"feature", frontend, groupcompliance, priority3, sectiondev, workflowdesign
- gitlab-org/gitlab#263455 (closed) Add Scheduled Pipelines to Credential Inventory Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, UX, devopsmanage, ~"feature", frontend, groupcompliance, priority3, sectiondev, workflowdesign
- gitlab-org/gitlab#263260 (closed) Add Lock/Unlock feature to specific approval rules in instance-level MR approval rules settings Category:Compliance Management, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#263259 (closed) Add Allow/Disable override dropdown selection to instance-level MR approval rules Category:Compliance Management, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#263258 (closed) Add inheritance dropdown selection to instance-level MR approval rules Category:Compliance Management, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#263257 (closed) Add Approval rules to instance level Category:Compliance Management, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#263256 (closed) Add Require user password to approve to instance level Category:Compliance Management, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#263255 (closed) Add Remove all approvals in a merge request when new commits are pushed to its source branch to instance level Category:Compliance Management, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#263148 (closed) Project level access token creation is not an audit event Category:Audit Events, Enterprise Edition, GitLab Starter, Next Up, backend, devopsmanage, ~"feature", groupcompliance, priority2, sectiondev, workflowplanning breakdown
- gitlab-org/gitlab#262728 Create API to query compliance labels on all projects in an instance Category:Compliance Management, backend, devopsmanage, ~"feature", groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#262677 (closed) Add changes to group-level IP access restrictions to audit events Category:Audit Events, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#262078 Pin the default branch to the top of the protected branches list devopsmanage, ~"feature", frontend, groupcompliance, repository, sectiondev, settings
- gitlab-org/gitlab#257890 (closed) Add 'Push events' sub-nav item under 'Audit Events' Category:Audit Events, UX, devopsmanage, ~"feature", frontend, groupcompliance, sectiondev, workflowproblem validation
- gitlab-org/gitlab#254822 Increase the discoverability of the call-to-action for credentials Category:Compliance Management, Next Up, UX, devopsmanage, ~"feature", frontend, groupcompliance, priority2, sectiondev, workflowproblem validation
- gitlab-org/gitlab#254817 (closed) Provide a regular email digest for the Compliance Dashboard to group owners Category:Compliance Management, devopsmanage, ~"feature", groupcompliance, sectiondev
- gitlab-org/gitlab#254655 (closed) Remove deprecated scss files for audit controls Category:Audit Events, devopsmanage, ~"feature", ~"feature::maintenance", frontend, groupcompliance, sectiondev
- gitlab-org/gitlab#254389 (closed) Add 'compliance pipeline configuration location' value to custom compliance framework labels Category:Compliance Management, Enterprise Edition, GitLab Ultimate, Next Up, Technical Writing, UI text, UX, blocked, devopsmanage, ~"feature", feature flag, frontend, groupcompliance, priority1, sectiondev, twdoing, workflowscheduling
- gitlab-org/gitlab#250663 (closed) Add audit event for downloading CI artifacts Category:Audit Events, backend, devopsmanage, ~"feature", groupcompliance, sectiondev
Unscheduled UX Debt Issues
- gitlab-org/gitlab#231382 (closed) Match Project Pending Removal Behavior to Groups UX debt, devopsmanage, groupcompliance, sectiondev, severity4
Bug Section
For the following bugs. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone and ensure that a priority label is set.
- Engineering Managers: Please add a severity label for those issues without one
- Product Designers: Please add a severity label to UX ~bug issues without one
Heatmap for all bugs
Bugs for their priority and severity label are counted here. Every bug should have severity and priority labels applied. Please take a look at the bugs which fall into the columns indicating that the priority or severity labels are currently missing.
severity1 | severity2 | severity3 | severity4 | No severity | |
---|---|---|---|---|---|
priority1 | 0 | 0 | 0 | 0 | 0 |
priority2 | 0 | 1 | 0 | 0 | 0 |
priority3 | 0 | 1 | 0 | 0 | 0 |
priority4 | 0 | 0 | 0 | 2 | 0 |
No priority | 0 | 0 | 10 | 3 | 0 |
frontend ~bug (non-customer)
Unscheduled- gitlab-org/gitlab#230454 (closed) Admin page tabs overflow and become unusable on small displays UX, ~"bug", devopsmanage, frontend, groupcompliance, sectiondev, severity4
customer
Unscheduled ~bug with- gitlab-org/gitlab#276071 (closed) Delayed project deletion doesn't work for projects that are not in a group backend, ~"bug", customer, devopsmanage, groupcompliance, priority2, sectiondev, severity2, workflowproblem validation
- gitlab-org/gitlab#259159 (closed) Group Level Audit Logging shows incorrect IP address when SAML actions affect user permissions Category:Compliance Management, backend, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#254954 (closed) Pages access level change incorrectly named in Audit Events Category:Audit Events, ~"bug", customer, devopsmanage, groupcompliance, sectiondev, severity3, workflowscheduling
- gitlab-org/gitlab#213578 (confidential) ~"(confidential)"
Unscheduled ~bug (non-customer)
- gitlab-org/gitlab#271638 Audit events for features access level changes shows wrong label Category:Audit Events, Category:Pages, Next Up, backend, ~"bug", devopsmanage, ~"devops::release::pages", groupcompliance, priority4, sectiondev, settings, severity4, workflowplanning breakdown
- gitlab-org/gitlab#262861 (closed) AccessDeniedError in Compliance Dashboard see causing gdk reconfigure failure backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3, workflowplanning breakdown
- gitlab-org/gitlab#251151 (closed) Handle group deletion when access level of deleting user changes backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity3
- gitlab-org/gitlab#246618 (closed) HIPAA audit template logging activity for March 26, 2020 after creation UX, backend, ~"bug", devopsmanage, groupcompliance, priority4, sectiondev, severity4, workflowscheduling
- gitlab-org/gitlab#225550 (closed) Saving HTML/Ruby in AuditEvent details "custom_message" backend, ~"bug", devopsmanage, groupcompliance, sectiondev, severity4, workflowproblem validation
Heatmap for ~missed-SLO bugs
severity1 | severity2 | severity3 | severity4 | No severity | |
---|---|---|---|---|---|
priority1 | 0 | 0 | 0 | 0 | 0 |
priority2 | 0 | 0 | 0 | 0 | 0 |
priority3 | 0 | 1 | 0 | 0 | 0 |
priority4 | 0 | 0 | 0 | 0 | 0 |
No priority | 0 | 0 | 0 | 0 | 0 |
This is a group level triage report that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook:
If assignees or people mentioned in this individual triage report need to be amended, please edit group-definition.yml.