►
From YouTube: Compliance pipeline walkthrough
Description
Sam Kerr discusses compliance pipelines and how they fit with our product principle of 'always allow for deploying to production.'
A
Hi,
I'm
sam
kerr,
I'm
a
principal
product
manager
here
at
git
lab
and
in
this
video.
I
want
to
spend
a
few
minutes
talking
about
our
upcoming
compliance
pipelines
capabilities,
because
I
know
it's
been
development
for
a
long
time.
It
might
mean
a
lot
of
different
things
to
different
people
and
wanted
to
clarify
what
we'll
be
releasing,
as
well
as
how
it
fits
in
line
with
some
of
our
product
principles
such
as
always
allow
deploying
to
production
so
to
kick
things
off.
A
A
So
if
we
go
back
and
look
at
it,
this
is
where
we
would
envision
individual
compliance
teams
having
their
single
source
of
truth
for
what
needs
to
be
run
for
a
compliance-related
job.
This
is
where
they
might
log
artifacts
ensure
some
sort
of
scan
or
extra
step
of
logging
is
done,
and
then
it's
going
to
be,
including
the
developer
pipeline
that
has
been
defined
for
the
project
that
has
that
same
compliance
framework
label.
A
We'll
also
see
that
the
developers
attempt
to
override
the
compliance
job
was
not
successful.
It
was
not
overwritten,
and
so
this
is
great.
We're
really
excited
for
what
users
are
going
to
be
able
to
do
with
this,
but
the
concern
definitely
is
valid
that
hey
what
if
something
happens
upstream
in
that
compliance
project?
What
do
I
do?
A
Remember
where
we
looked
at
the
compliance
framework,
they
could
simply
go
in.
They
could
edit
the
framework
itself
to
not
include
the
pipeline
that
was
causing
problems.
The
compliance
team
could
obviously
go
fix
the
issue
in
the
compliance
pipeline.
That
was
giving
problems,
but
really
the
question
is:
how
do
we
give
local
control
to
the
development
teams
that
are
going
to
be
most
impacted
by
an
error
upstream
and
a
compliance
project?
How
do
we
make
sure
they
are
empowered
to
be
able
to
deploy
production
and
really
the
safety
valve?
A
We're
really
excited
about
is
pretty
simple.
Remember
how
they
apply
this
framework
label
to
say:
hey.
We
will
use
this
compliance
pipeline
if
the
project
owner
needs
to
push
for
production,
for
some
reason,
they'll
be
able
to
go
ahead
and
remove
that
compliance
pipeline
from
the
project,
and
that's
going
to
be
on
this
screen.
You
can
see
in
the
drop
down
here.
I
would
just
go
ahead
and
select.