►
From YouTube: GitLab 12.6 Kickoff - Manage:Compliance
Description
GitLab 12.6 Kickoff for the Manage:Compliance Group.
Group-level compliance dashboard MVC: https://gitlab.com/gitlab-org/gitlab/issues/35284
Extend audit events API for gitlab.com: https://gitlab.com/gitlab-org/gitlab/issues/34078
Inventory all PAT/SSH credentials in a single view: https://gitlab.com/gitlab-org/gitlab/issues/32463
Enforce entropy requirements for passwords: https://gitlab.com/gitlab-org/gitlab/issues/18515
A
Hi
everyone,
my
name-
is
Matt
Gonzalez
and
I'm,
a
product
manager
at
gate
lab
representing
the
compliance
group
for
the
manage
stage,
and
this
is
the
kickoff
video
for
twelve
six
and
so
we're
gonna
walk
through
the
issues
that
we
feel
are
most
beneficial
and
valuable
for
our
particular
enterprise
customers,
but
really
any
organization.
That's
focused
on
compliance
in
the
rate
of
regulatory
context
may
be
an
internal
program,
and
so
the
the
first
issue
that
we're
excited
to
get
out
is
this
group
level
compliance
dashboard
MVC.
A
A
A
The
third
issue
we're
looking
at
is
releasing
an
inventory
of
existing
credentials
for
an
environment,
so
right
now
we're
look,
we're
scoping
it
for
personal
access
tokens
and
as
a
sage
credentials,
though,
that
may
change
a
little
bit
to
scope
it
down
to
something
a
bit
more
minimal.
But
the
idea
here
is
that
we
want
to
be
able
to
give
you
again
on
that
theme
of
insight
or
visibility.
We
want
to
give
you
insight
into
what's
happening
within
your
environment.
A
We
want
to
let
you
know
how
many
users
have
what
credentials
when
were
those
credentials
last
used?
When
do
they
expire
to
empower
you
to
make
decisions
about
any
actions
that
might
you
could
take
in
in
future?
Iterations
we'd
like
to
empower
you
further
to
say:
if
you
know
you
need
to
enforce
an
expiration
or
a
rotation
policy,
you
can
do
that
if
you
want
to
manually
expire
a
token
or
a
credential,
we
want
to
be.
A
We
feel
that
NIST's
guidance
in
terms
of
length
and
complexity
for
passwords
versus
necessarily
divine
defining
specific
rules
that
must
be
adhere
to
is
is
the
best
iteration
to
start
with.
Get
lab
has
actually
deployed
this
policy
internally
for
our
own,
our
own
team
or
in
employees,
but
we'd
like
to
bring
that
power
to
our
customers,
starting
with
self
managed,
so
self
managed.
Customers
will
be
able
to
set
some
basic
and
tree
requirements
for
new
user
passwords,
and
this
will
apply
to
passwords
that
are
reset
going
forward
as
well.
A
The
idea
here
is
that
we
want
to
be
able
to
help
enforce
password
policies
that
exist
within
your
organization
and
future
iterations
will
help
to
build
upon
this
concept
to
add
additional
features
such
as
allowing
you
to
customize.
If
you
want
the
the
rules
that
might
exist
for
the
password
complexity,
to
enable
you
to
set
password
expiration
rotation
and
even
present
user
friendly
elements
in
the
UI
to
show
a
new
user,
how
strong
their
password
is
all
all
within
the
context
of
supporting
our
customers
and
their
compliance
efforts.