Tactical Priorities - Compliance

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.

This page captures our priorities at a finer-grained level than the main group direction page. It shows major topics and projects that we are working on and prioritizing. It is stack ranked, which means that items at the top of the list are higher priority than items lower on the list.

This list highlights major initiatives but is not comprehensive. For specific work being done in an inidividual milestone, please refer to the appropriate milestone planning issues.

Priorities

Priority	Name	DRI	Target release	Division	Roadmap
1	Custom compliance frameworks	`hraghuvanshi, nradina`	`18.0`	`division::Product`	`roadmap::now`
2	External custom controls	`huzaifaiftikhar1`	`18.0`	`division::Product`	`roadmap::now`
3	Group Compliance overview dashboard	`harsimarsandhu, xanf`	`18.3`	`division::Product`	`roadmap::next`
4	Adding key OOTB controls for most requested compliance frameworks	`andrew.jung`	`18.0`	`division::Product`	`roadmap::next`
5	Toggle for custom compliance frameworks rollout	`sam.figueroa`	`18.0`	`division::Product`	`roadmap::next`
6	Compliance Center Improvements	`xanf`	`17.10`	`division::Product`	`roadmap::now`
7	Consolidation of tables for streaming audit events to various external destinations	`hraghuvanshi`	`17.10`	`division::Engineering`	`roadmap::now`
8	Compliance group engineering and product metrics	`sam.figueroa`	`18.0`	`division::Engineering`	`roadmap::now`
9	(Size: XXL) Cells 1.0 - Compliance database tables work	`harsimarsandhu`	`18.6`	`division::Engineering`	`roadmap::now`
10	Provide an option to add projects in the compliance framework creation workflow	`nrosandich`	`17.11`	`division::Product`	`roadmap::next`
11	Compliance Framework upload/download templates	`nrosandich`	`18.0`	`division::Product`	`roadmap::now`
12	Compliance Pipeline to Security Policy Migration	`sam.figueroa`	`TBD`	`division::Product`	`roadmap::ongoing`
13	Migrate Audit Events to ClickHouse Cloud	`TBD`	`TBD`	`division::Engineering`	`roadmap::uncategorised`
14	Enforce project settings with compliance frameworks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
15	Improved discoverability and findability for compliance management and security features	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
16	Compliance UX improvement/bugs track	`TBD`	`TBD`	`division::Product`	`roadmap::ongoing`
17	Link violations to framework controls	`TBD`	`TBD`	`division::Product`	`roadmap::next`
18	OOTB Compliance Templates	`TBD`	`TBD`	`division::Product`	`roadmap::next`
19	Third party connector to Snowflake	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
20	Organization Level Compliance Management	`TBD`	`TBD`	`division::Product`	`roadmap::later`
21	Instance-Level Compliance and Policy Management	`TBD`	`TBD`	`division::Product`	`roadmap::later`
22	Comprehensive audit log	`nrosandich`	`18.0`	`division::Product`	`roadmap::ongoing`
23	Increase test coverage for Govern:Compliance	`TBD`	`TBD`	`division::Engineering`	`roadmap::next`
24	Expand audit event report usability	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
25	Add a version field to the audit event schema	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
26	Test Streaming Audit Events configuration and surface connection issues	`TBD`	`TBD`	`division::Product`	`roadmap::later`
27	Internal custom controls	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
28	Apply a requirement from a compliance framework across different groups	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
29	Add categories for compliance frameworks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
30	Generate policies from compliance framework requirements	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
31	Standardise compliance group features components	`TBD`	`TBD`	`division::Engineering`	`roadmap::uncategorised`
32	Workflow to review and discuss changes before removing/adding compliance frameworks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
33	Workflow To Identify, Resolve and Record The Actions Taken To Resolve A Failed Control or Violation	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
34	Upload or store compliance documentation directly in GitLab alongside the defined requirements	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
35	Framework controls to add	`TBD`	`TBD`	`division::Product`	`roadmap::later`
36	Compliance AI ideas	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
37	Improved Admin and Group-level branch protection settings	`TBD`	`TBD`	`division::Product`	`roadmap::ongoing`
38	Allow filtering of streamed audit events	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
39	Integrate with 3rd-party storage systems	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
40	Add event type information for all streaming audit events	`TBD`	`TBD`	`division::Product`	`roadmap::later`
41	Compliance Violations Report improvements	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
42	Compliance frameworks improvements	`TBD`	`TBD`	`division::Product`	`roadmap::later`
43	Framework change history	`TBD`	`TBD`	`division::Product`	`roadmap::later`
44	Audit Event data retention settings	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
45	Add availability level to audit events	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
46	Support for OCSF	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
47	New policy type: overwrite group/project general settings	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
48	Chain of Custody report	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
49	Continuous Compliance Dashboard	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
50	Custom compliance frameworks improvements	`TBD`	`TBD`	`division::Product`	`roadmap::next`
51	Explore using OPA to evaluate compliance controls	`TBD`	`TBD`	`division::Engineering`	`roadmap::uncategorised`
52	Categorisation of Controls for Compliance Frameworks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
53	Streaming only audit events	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
54	Framework Review Date	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
55	Pseudonymize of user data in audit events report	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
56	Compliance Center - Group Overview Dashboard Improvements	`TBD`	`TBD`	`division::Product`	`roadmap::later`
57	Improve ease of use, efficiency and time to create a compliance framework in GitLab	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`