14 Sep 2023
- 2 participants
- 9 minutes
22 Aug 2023
- 2 participants
- 7 minutes
20 Jun 2023
- 2 participants
- 7 minutes
15 Jun 2021
Sam Kerr discusses compliance pipelines and how to ensure that compliance pipeline jobs are not able to be modified by downstream projects.
Product documentation with example showing best practices - https://docs.gitlab.com/ee/user/project/settings/index.html#compliance-pipeline-configuration
Product documentation with example showing best practices - https://docs.gitlab.com/ee/user/project/settings/index.html#compliance-pipeline-configuration
- 1 participant
- 9 minutes
14 Apr 2021
Sam Kerr discusses compliance pipelines and how they fit with our product principle of 'always allow for deploying to production.'
- 1 participant
- 5 minutes
9 Apr 2021
Short-term Compliance Epic: https://gitlab.com/groups/gitlab-org/-/epics/3156
Short-term Security Orchestration Epic: https://gitlab.com/groups/gitlab-org/-/epics/4598
Long-term Shared Vision Prototype: https://gitlab-org-threat-management-defend-demos-policy-mock.34.83.185.53.nip.io/group_create.html#
Feedback Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/326520
Short-term Security Orchestration Epic: https://gitlab.com/groups/gitlab-org/-/epics/4598
Long-term Shared Vision Prototype: https://gitlab-org-threat-management-defend-demos-policy-mock.34.83.185.53.nip.io/group_create.html#
Feedback Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/326520
- 2 participants
- 11 minutes
7 Apr 2021
Code Review and Compliance sync on https://gitlab.com/groups/gitlab-org/-/epics/3869 to get some clarity on the direction and help collaborate on paths forward.
- 5 participants
- 29 minutes
6 Apr 2021
Principal PM Sam Kerr walks through the newly released Compliance Pipelines capabilities coming out in GitLab.
Compliance Pipelines are a great way for development teams and compliance teams to collaborate to ensure that organizational requirements are met without slowing down development or requiring compliance teams to perform many manual steps over and over.
Compliance Pipelines are a great way for development teams and compliance teams to collaborate to ensure that organizational requirements are met without slowing down development or requiring compliance teams to perform many manual steps over and over.
- 1 participant
- 6 minutes
6 Apr 2021
Max (Senior Backend Engineer) and Austin (Product Designer) discuss the group-level compliance dashboard, its origins, where it's going and try to get Max up to speed to begin breaking down implementation issues.
- 2 participants
- 16 minutes
26 Mar 2021
0:15 Differentiate MR Approval Settings from Approval Rules
0:37 Accessibility best practices in Pajamas
1:10 Add usability improvements to the Release Post, example
2:02 Small frontend tweak to linking Jira Issue
2:49 Mass migration of HAML buttons, !56968
3:33 Sam and I have been refining the compliance report &5237
4:12 Continuing to collaborate with Daniel Mora on cascading settings
5:18 Incoming blog post on why GitLab designers contribute to our codebase, review app
5:41 "Could you help me understand the updated strategy for Compliance Framework Labels?"
0:37 Accessibility best practices in Pajamas
1:10 Add usability improvements to the Release Post, example
2:02 Small frontend tweak to linking Jira Issue
2:49 Mass migration of HAML buttons, !56968
3:33 Sam and I have been refining the compliance report &5237
4:12 Continuing to collaborate with Daniel Mora on cascading settings
5:18 Incoming blog post on why GitLab designers contribute to our codebase, review app
5:41 "Could you help me understand the updated strategy for Compliance Framework Labels?"
- 1 participant
- 10 minutes
12 Feb 2021
- 1 participant
- 4 minutes
26 Jan 2021
GitLab introduced the Compliance Dashboard in 12.8. Now that we have wrapped up 13.8, we have some key insights on how we will improve it next. If you want to see where we are at currently, you can follow this epic below
https://gitlab.com/groups/gitlab-org/-/epics/5237
https://gitlab.com/groups/gitlab-org/-/epics/5237
- 1 participant
- 16 minutes
7 Jan 2021
A discussion about Security Orchestration's Policy UI and Compliance's roadmap
- 2 participants
- 15 minutes
2 Dec 2020
Sharing where the compliance group is impacting the merge request experience
- 1 participant
- 7 minutes
20 Oct 2020
A summary of the proposal in https://gitlab.com/groups/gitlab-org/-/epics/3156 to provide background on the proposal and how various issues fit together.
- 1 participant
- 13 minutes
7 Oct 2020
The compliance group discusses the challenges with the current implementation of Merge Request Approvals and how they will improve upon it.
- 3 participants
- 30 minutes
7 Oct 2020
We discussed how OPA could be used within GitLab to provide better visibility for developers about compliance requirements, supplement the merge request as an evidence artifact, and enable customers to build agnostic compliance checks into their workflows.
- 3 participants
- 29 minutes
5 Oct 2020
Austin and Mike review types of CSV exports (https://gitlab.com/gitlab-org/gitlab/-/issues/257951#note_421217016)
- 2 participants
- 20 minutes
29 Sep 2020
The Compliance group at GitLab is experimenting with a video series that highlights compliance as a business function and the professionals who comprise these teams. Our hope is we can highlight the value added by these teams, help shift organizational mindsets about compliance, and find opportunities for GitLab to help improve their quality of life.
Meghan is a Risk and Field Security Manager at GitLab and took some time out of her day to talk to me about what Field Security is and how her team supports the Security Compliance and Customer Success teams at GitLab.
Meghan is a Risk and Field Security Manager at GitLab and took some time out of her day to talk to me about what Field Security is and how her team supports the Security Compliance and Customer Success teams at GitLab.
- 2 participants
- 19 minutes
24 Sep 2020
The Compliance group at GitLab is experimenting with a video series that highlights compliance as a business function and the professionals who comprise these teams. Our hope is we can highlight the value added by these teams, help shift organizational mindsets about compliance, and find opportunities for GitLab to help improve their quality of life.
Dennis is an industry veteran in the digital communications space. He's a Chief Privacy Officer who has built or managed several compliance programs, primarily in the data privacy and security space.
Dennis is an industry veteran in the digital communications space. He's a Chief Privacy Officer who has built or managed several compliance programs, primarily in the data privacy and security space.
- 2 participants
- 31 minutes
21 Sep 2020
The Compliance group at GitLab is experimenting with a video series that highlights compliance as a business function and the professionals who comprise these teams. Our hope is we can highlight the value added by these teams, help shift organizational mindsets about compliance, and find opportunities for GitLab to help improve their quality of life.
Liz is a Sr. Security Analyst, Compliance at GitLab who came from a background in external, independent auditing and now supports GitLab's mission to achieve various compliance certifications.
Liz is a Sr. Security Analyst, Compliance at GitLab who came from a background in external, independent auditing and now supports GitLab's mission to achieve various compliance certifications.
- 2 participants
- 28 minutes
15 Sep 2020
The Compliance group at GitLab is experimenting with a video series that highlights compliance as a business function and the professionals who comprise these teams. Our hope is we can highlight the value added by these teams, help shift organizational mindsets about compliance, and find opportunities for GitLab to help improve their quality of life.
Jeff is a Security Compliance Manager at GitLab and has a great story to tell about "a day in the life" of being a compliance professional.
Jeff is a Security Compliance Manager at GitLab and has a great story to tell about "a day in the life" of being a compliance professional.
- 2 participants
- 24 minutes
11 Aug 2020
A discussion about settings inheritance and a few other related feature ideas for the Compliance group at GitLab.
- 2 participants
- 23 minutes
4 Aug 2020
Demo of the proposed flow for users viewing their approval gates within a Merge Request
Related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/219567
Related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/219567
- 1 participant
- 4 minutes
4 Aug 2020
Relevant Issue: https://gitlab.com/groups/gitlab-org/-/epics/3839#note_389956039
- 1 participant
- 4 minutes
24 Jul 2020
Quick prototype demo to demonstrate the workflow of adding an new approval rules for an external API
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/219567
Figma prototype: https://www.figma.com/proto/wWTJwed5c4EtRF4oy7Es4f/219567-Create-API-based-approval-rules-for-merge-request-compliance-checks?node-id=75%3A5&viewport=1227%2C197%2C0.12490058690309525&scaling=min-zoom
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/219567
Figma prototype: https://www.figma.com/proto/wWTJwed5c4EtRF4oy7Es4f/219567-Create-API-based-approval-rules-for-merge-request-compliance-checks?node-id=75%3A5&viewport=1227%2C197%2C0.12490058690309525&scaling=min-zoom
- 1 participant
- 7 minutes
10 Jul 2020
- Refer only to project "delete" (not project "remove"): https://gitlab.com/gitlab-org/gitlab/-/issues/221100
- Allow admins to revoke PAT tokens via API: https://gitlab.com/gitlab-org/gitlab/-/issues/216004
- Add source and destination branch data to Compliance Dashboard: https://gitlab.com/gitlab-org/gitlab/-/issues/216279
- Add additional PAT expiration notification job: https://gitlab.com/gitlab-org/gitlab/-/issues/214721
- "Remove Project" should also ask for the namespace during confirmation: https://gitlab.com/gitlab-org/gitlab/-/issues/24401
- Follow-up: Refactor controller to make code clearer and remove unused variables: https://gitlab.com/gitlab-org/gitlab/-/issues/220523
- Drop updated_at column on audit_events: https://gitlab.com/gitlab-org/gitlab/-/issues/217941
- MVC: Chain of custody report, list of commits: https://gitlab.com/gitlab-org/gitlab/-/issues/213364
- Allow admins to revoke PAT tokens via API: https://gitlab.com/gitlab-org/gitlab/-/issues/216004
- Add source and destination branch data to Compliance Dashboard: https://gitlab.com/gitlab-org/gitlab/-/issues/216279
- Add additional PAT expiration notification job: https://gitlab.com/gitlab-org/gitlab/-/issues/214721
- "Remove Project" should also ask for the namespace during confirmation: https://gitlab.com/gitlab-org/gitlab/-/issues/24401
- Follow-up: Refactor controller to make code clearer and remove unused variables: https://gitlab.com/gitlab-org/gitlab/-/issues/220523
- Drop updated_at column on audit_events: https://gitlab.com/gitlab-org/gitlab/-/issues/217941
- MVC: Chain of custody report, list of commits: https://gitlab.com/gitlab-org/gitlab/-/issues/213364
- 1 participant
- 4 minutes
2 Jul 2020
Matt Gonzales (PM, Manage:Compliance) and Jeremy Watson (Group Manager, Manage) discuss the latest proposal for enabling compliance-minded organizations to implement compliance pipeline templates that won't completely disrupt the developer experience or create catastrophic situations.
- 2 participants
- 25 minutes
15 Apr 2020
We're trying to determine the best way to help customers implement compliance checks into their GitLab workflows. It's a challenging problem, but we're making progress with each conversation.
- 2 participants
- 45 minutes
13 Apr 2020
We discussed the problem our customers have to ensure certain jobs or tasks are run with each change they make to production or other environments and how GitLab can solve that in a way that's not disruptive for developers or organizations.
- 4 participants
- 29 minutes
25 Mar 2020
We talk about GitLab's internal Security Compliance team's pain points in using GitLab for our own audits and compliance management. Steve highlights some of the challenges he has that provide great insight for the Manage:Compliance group.
- 2 participants
- 23 minutes
18 Mar 2020
Rob Hunt (Frontend Engineer) & Matt Gonzales (Product Manager) talk about the Manage:Compliance group to provide more context about the current state of the group, future plans, and what Compliance is and means for GitLab customers.
- 2 participants
- 25 minutes
15 Jan 2020
Public Mural board: https://app.mural.co/t/gitlab2474/m/gitlab2474/1578411704319/125028f23f8400bba1d2c08290a459a970a2abf9
Slides: https://docs.google.com/presentation/d/1DY6q6D0_gJ5e6fp47DTy46824PXVaNvQa7C76uM63M8/edit?usp=sharing
Compliance Controls Epic: https://gitlab.com/groups/gitlab-org/-/epics/2423
Slides: https://docs.google.com/presentation/d/1DY6q6D0_gJ5e6fp47DTy46824PXVaNvQa7C76uM63M8/edit?usp=sharing
Compliance Controls Epic: https://gitlab.com/groups/gitlab-org/-/epics/2423
- 3 participants
- 22 minutes