►
From YouTube: Compliance Pipeline release video and walkthrough
Description
Principal PM Sam Kerr walks through the newly released Compliance Pipelines capabilities coming out in GitLab.
Compliance Pipelines are a great way for development teams and compliance teams to collaborate to ensure that organizational requirements are met without slowing down development or requiring compliance teams to perform many manual steps over and over.
A
Hi,
I'm
sam
kerr,
I'm
a
principal
product
manager
here
at
gitlab,
and
today
I'm
going
to
talk
to
you
about
a
feature.
We're
really
excited
to
be
releasing
as
part
of
this
release,
which
is
what
we
call
compliance
pipeline
configurations
at
the
group
level
and
rather
than
just
write
about
it.
I
wanted
to
show
you
as
a
video
and
so
really
what
this
feature
is
about.
Is
we
understand
that
there's
sometimes
a
requirement
from
compliance
teams
that
build
processes
need
to
always
follow
certain
procedures,
follow
certain
steps
to
remain
in
compliance
with
the
organization's
requirements.
A
So
what
I'm
sharing
right
now?
This
is
an
example
group.
We
have
called
compliance
to
new
key
and
we're
going
to
look
at
two
different
projects
down
here
at
the
bottom,
so
one
is
called
sam's
app.
This
is
going
to
be
a
application
that
a
development
team
might
be
working
on
and
we'll
have
another
project
called
sams
compliance,
and
this
is
going
to
be
where
the
compliance
team
in
an
organization
would
go
ahead
and
define
all
of
those
steps
that
would
need
to
be
required
to
run
those
compliance
related
checks.
A
So,
let's
take
a
look
at
a
little
bit
more
about
what's
going
on
here.
If
we
look
at
the
application,
we'll
notice
that
it's
really
basic,
there's
just
a
single
gitlab
ciemo
file
in
here,
and
so
if
we
look
at
it
we'll
notice,
all
it's
doing
is
a
single
job.
That
just
says
building
the
app:
that's
it
really
basic.
A
A
So
if
we
go
under
settings,
we
go
to
the
compliance
framework
section.
We
will
see
that
test
label
that
I
applied
to
the
development
project,
and
so,
if
we
go
into
editing
this
we'll
see
a
few
different
things.
We're
able
to
give
the
label
a
name.
We
can
add
a
description,
but
this
next
part
is
really
what's
key.
Is
we're
pointing
at
a
configuration
file,
in
this
case
new.gitlabci.aml
inside
of
a
group?
A
A
So,
if
we
cancel
out
of
this
we'll
go
back
to
our
group,
and
this
is
the
sam's
compliance
project
where
that
configuration
is
going
to
be
defined,
and
so
we
can
see
that
the
new.gitlab.cieml
file
is
here
and
you
can
see
what
it's
doing
is
defining
a
couple
different
jobs.
So
it's
to
find
the
compliance
required
build
job,
which
is
just
saying
it's
performing
some
required
build
steps
from
the
compliance
team,
the
compliance
required
test
job,
which
is
performing
some
compliance
related
test
steps.
A
These
are
just
echoes
for
the
purposes
of
the
example
and
then
what
it's
doing
at
the
end,
it's
including
the
pipeline
file
from
the
project
that
is
being
run.
So,
if
you
want
to
think
about
this
in
a
bit
more
abstract
way,
what's
going
on
is
this
is
becoming
the
pipeline.
That's
run
whenever
a
merge
request
or
a
commit
is
made
in
the
new
project,
and
it's
including
the
pipeline,
configuration
that
the
developer
has
gone
ahead
and
defined.
A
A
A
You
can
see
that
not
only
the
a
job
ram
that
was
defined
in
this
project's
pipeline
configuration
these
compliance
required
build
job
compliance
required
test.
Job
were
added
automatically
without
the
developer
myself
in
this
case,
having
to
do
anything
as
part
of
this
project,
and
this
is
really
what
the
core
of
this
functionality
is
all
about
this
very
easily.
Let
me,
as
a
compliance
person,
set
up
these
two
different
jobs
to
do
whatever
sort
of
processes
my
organization
requires.
A
While
when
I
was
a
developer,
all
I
was
concerned
about
was
writing
this
a
job
configuration
by
using
compliance
framework
labels
and
the
compliance
pipeline
configurations.
We
were
able
to
tie
these
two
together
and
allow
the
compliance
team
to
ensure
they're
remaining
compliant
their
organization's
mean
requirements,
while
also
not
impacting
developers.
A
This
is
a
great
way
for
compliance
and
development
teams
to
work
more
collaboratively
together
and
again,
we're
really
excited
to
be
bringing
this
to
you
in
this
release.
There's
a
lot
more
information
in
the
product.
Documentation
would
love
to
have
you
check
it
out
if
you
have
any
feedback
for
us,
we'd
love
to
engage
with
you
on
an
issue
whether
it's
positive,
negative
or
just
have
a
general
question
or
comment.
We'd
love
to
hear
from
you
thanks
a
lot
have
a
good
day.