Implement project compliance center (!168318) · Merge requests · GitLab.org / GitLab

Illya Klymov requested to merge xanf-add-compliance-center-for-projects into master Oct 07, 2024

What does this MR do and why?

Implement project compliance center

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

https://www.youtube.com/watch?v=-tOnoHw_sgY&ab_channel=GitLabUnfiltered

How to set up and validate locally

you might want to seed violations for your group. You can use following snippet, ran from rails console: (do not forget to replace 29 with group you're testing)

group = Group.find_by_id(29)

type = [:approved_by_insufficient_users, :approved_by_committer, :approved_by_merge_request_author]
levels = [:high, :low, :medium, :critical]

violations = 50.times.map {
  project = group.projects.sample
  merge_request = FactoryBot.create(:merge_request, source_project: project, target_project: project, state: :merged)
  merge_request.metrics.update!(merged_at: rand(1..30).days.ago)
  FactoryBot.create(:compliance_violation, type.sample, severity_level: levels.sample, merge_request: merge_request, violating_user: project.members.sample.user)
}

Create a user which is an owner of project (for example Commit451/lab-coat) but is not a member of a group
Open project where user is an owner
Observe Secure > Compliance Center available
Observe that on tabs Standards adherence and Violations you can see entries for specific project

Edited Oct 07, 2024 by Illya Klymov

Implement project compliance center

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports