Implement project compliance center
What does this MR do and why?
Implement project compliance center
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
https://www.youtube.com/watch?v=-tOnoHw_sgY&ab_channel=GitLabUnfiltered
How to set up and validate locally
- you might want to seed violations for your group. You can use following snippet, ran from
rails console
: (do not forget to replace 29 with group you're testing)
group = Group.find_by_id(29)
type = [:approved_by_insufficient_users, :approved_by_committer, :approved_by_merge_request_author]
levels = [:high, :low, :medium, :critical]
violations = 50.times.map {
project = group.projects.sample
merge_request = FactoryBot.create(:merge_request, source_project: project, target_project: project, state: :merged)
merge_request.metrics.update!(merged_at: rand(1..30).days.ago)
FactoryBot.create(:compliance_violation, type.sample, severity_level: levels.sample, merge_request: merge_request, violating_user: project.members.sample.user)
}
- Create a user which is an owner of project (for example
Commit451/lab-coat
) but is not a member of a group - Open project where user is an owner
- Observe
Secure > Compliance Center
available - Observe that on tabs
Standards adherence
andViolations
you can see entries for specific project
Edited by Illya Klymov