Review Group Controls

Description

This issue is to start detailing what controls exist for group input types. Start to scope out the work required in order to support groups.

This may include, making pull requests to python-gitlab, making feature requests to gitlab, or just adjusting our control conditions to meet existing functionality.

Control ID	Control Name	Notes
1.1.1	version_control	Enabled 🚀
1.1.2	code_tracing	Enabled 🚀
1.1.3	code_approvals	Enabled in: v.1.14.0 (!172 (merged)) 🚀 Pending MR (Need to update python-gitlab==5.6.0 (ref))
1.1.4	code_approval_dismissals	PR Required for python-gitlab to add existing functionality (rest API) created MR approval settings Group Level #3165.
1.1.5	code_dismissal_restrictions	PR Required for python-gitlab to add existing functionality (rest API) created Protected Branches Group Level #3164.
1.1.6	code_owners	Not applicable
1.1.7	code_changes_require_code_owners	PR Required for python-gitlab to add existing functionality (rest API) created Protected Branches Group Level #3164
1.1.8	stale_branch_reviews	Not applicable
1.1.9	checks_pass_before_merging	Not applicable
1.1.10	branches_updated_before_merging	Not applicable
1.1.11	comments_resolved_before_merging	Requires feature request on gitlab for only_allow_merge_if_all_discussions_are_resolved at rest API level. Pending: gitlab-org/gitlab#534608
1.1.12	commits_must_be_signed_before_merging	Enabled in: v.1.14.0 (!172 (merged)) 🚀 Pending MR
1.1.13	linear_history_required	Not applicable
1.1.14	branch_protections_for_admins	Enabled 🚀
1.1.15	merging_restrictions	PR Required for python-gitlab to add existing functionality (rest API) created Protected Branches Group Level #3164
1.1.16	ensure_force_push_is_denied	PR Required for python-gitlab to add existing functionality (rest API) created Protected Branches Group Level #3164
1.1.17	deny_branch_deletions	PR Required for python-gitlab to add existing functionality (rest API) created Protected Branches Group Level #3164
1.1.18	auto_risk_scan_merges	Enabled in: v.1.14.0 (!172 (merged)) 🚀
1.1.19	audit_branch_protections	Enabled 🚀
1.1.20	default_branch_protected	Not applicable
2.1.1	single_responsibility_pipeline	Not applicable
2.1.2	immutable_pipeline_infrastructure	Not applicable
2.1.3	build_logging	Not applicable
2.1.4	build_automation	Not applicable
2.1.5	limit_build_access	Enabled in: v.1.15.0 (!184 (merged)) 🚀 Pending MR
2.1.6	authenticate_build_access	Enabled in: v.1.15.0 (!184 (merged)) 🚀 Pending MR
2.1.7	limit_build_secrets_scope	Not applicable
2.1.8	vuln_scanning	Not applicable
2.1.9	disable_build_tools_default_passwords	Not applicable
2.1.10	secure_build_env_webhooks	Enabled in: v.1.15.0 (!184 (merged)) 🚀 Pending MR
2.1.11	build_env_admins	Enabled in: v.1.15.0 (!184 (merged)) 🚀 Pending MR
2.2.1	single_use_workers	Not applicable
2.2.2	pass_worker_envs_and_commands	Not applicable
2.2.3	segregate_worker_duties	Enabled in: v.1.15.0 (!184 (merged)) 🚀 Pending MR
2.2.4	restrict_worker_connectivity	Not applicable
2.2.5	worker_runtime_security	Not applicable
2.2.6	build_worker_vuln_scanning	Not applicable
2.2.7	store_worker_config	Not applicable
2.2.8	monitor_worker_resource_consumption	Not applicable
2.3.1	build_steps_as_code	Not applicable
2.3.2	build_stage_io	Not applicable
2.3.3	secure_pipeline_output	Not applicable
2.3.4	track_pipeline_files	Not applicable
2.3.5	limit_pipeline_triggers	PR Required for python-gitlab to add existing functionality (rest API) Protected Environments Group Level #3168
2.3.6	pipeline_misconfiguration_scanning	Enabled in: v.1.15.0 (!184 (merged)) 🚀 Pending MR
2.3.7	pipeline_vuln_scanning	Enabled in: v.1.15.0 (!184 (merged)) 🚀 Pending MR
2.3.8	pipeline_secret_scanning	Not applicable
2.4.1	sign_artifacts	Not applicable
2.4.2	lock_dependencies	Not applicable
2.4.3	validate_dependencies	Not applicable
2.4.4	create_reproducible_artifacts	Not applicable
2.4.5	pipeline_produces_sbom	Not applicable
2.4.6	pipeline_sign_sbom	Not applicable