## Background We've recently completed a discovery effort https://gitlab.com/groups/gitlab-org/-/epics/4802 to better understand how to make the [Compliance Dashboard](https://gitlab.com/groups/gitlab-org/-/epics/2537) more useful for [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#connor-compliance-manager) when identify compliance gaps. Actionable insights have been recorded in the [research summary](https://dovetailapp.com/projects/22783c6d-352d-4659-b243-fe5b90040e0b/insights/present/1416e90d-c11e-4fe8-880c-97cf755d4736) ## Problem to solve We are going to be transforming the Compliance dashboard into an interactive report to support compliance managers in reviewing, triaging, and prioritizing compliance violations. Today, its unclear to Cameron what the priority of compliance violations are, and some key attributes are still missing to make this view useful. Much of the information Cameron needs is discoverable within GitLab, and aggregating it together would help execute the JTBD. Otherwise, Cameron must rely on mentions or manually sifting through Merge Requests to discover what violations there might be. ## Job to be done (JTBD) **Manage compliance posture** > When I am responsible for ensuring the compliance of my organization, I want to ensure we meet all required criteria defined in controls and policies, so that it does not create problems for us during an audit. ## Proposal Update the existing Compliance Dashboard to emphasize the priority of the existing data, with a couple new additions. This report will reflect the violations for each project by merge request (not just the latest MR), while helpful details about the Merge Request with hyperlinks will be stashed in a drawer. [Open Figma →](https://www.figma.com/file/gjzUmWQd7qMcKA2hEqtVPx/🔒-and-5237-Convert-compliance-dashboard-into-an-insightful-report?node-id=951%3A18629)  ## What is the type of buyer? ~"GitLab Ultimate" ## What does success look like, and how can we measure that? Spike in Compliance Paid GMAU views of the Compliance Report, with 10% retention rate week-to-week. <details><summary>Snapshot</summary></details> ## Out of scope - Additional Violations - `Critical` When a branch is pushed directly to master/{protected branches} - Poor security scan outcomes - Missing a linked issue - Unauthorized user releasing changes to production - Unwarranted configuration changes - Degradation in performance tests <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->