►
From YouTube: 2022-04-07 Working Group: Merge Request Report Widgets
Description
Weekly call for the Working Group about MR Report Widgets.
Agenda: https://docs.google.com/document/d/1bcch8UUkwmgEHFolTWDrQFJtUiiXlv_yQFAGwSSDSUE/edit#
A
And
we're
live
all
right.
Thank
you
for
setting
it
up.
Okay,
welcome
to
yet
another
weekly
meeting
for
the
emergency
quest
report,
widgets
working
group-
and
we
don't
have
any
announcements,
but
we
do
have
some
discussion
items
for
that.
Dude.
B
Sure
welcome
back
first
of
all,
and
I
will
share
my
screen
and
hopefully
I'll,
give
a
quick
background
check
that
background,
a
quick
recap
of
where
we're
at
with
license
compliance
just
for
the
people
who,
I
guess
haven't
been
here
in
a
while.
So
we
implemented
as
best
we
could
with
the
framework
the
license
compliance
widget.
So
the
trouble
is
the
security.
B
Widgets
tend
to
be
a
little
bit
more
interactive
and
more
complex
than
the
other
ones,
at
least
that's
the
kind
of
feedback
we
got.
So
one
of
the
outstanding
things
that
we
have
been
discussing
and
jeremy
and
becca
have
been
very
proactive
in
in
reviewing
these
issues
that
have
created.
So
I
want
to
clarify.
We
have
a
workaround,
we're
not
blocked,
but
I
did
want
to
resurface
and
emphasize
that
we
would.
You
know
at
least
representing
this
compositional
analysis
team
and
talking
to
nicole
the
product
manager
for
that
group.
B
We
do
want
to
follow
up
on
cleaning
this
up,
so
the
problem
is
for
licensed
compliance.
We
have
this
idea
of
scanning
a
product
for
licenses.
We
have
the
license
type
and
then
a
list
of
packages
that
were
detected
with
that
license
for
license
compliance.
The
ones
that
we
really
care
about
in
the
colon
sciences
was
that
for
the
denied
licenses,
the
licenses
that
are
detected
that
are
not
allowed
in
the
project
she
doesn't
want
to.
B
She
wants
it
to
be
immediately
visible
here,
ideally
because,
if
you
click
on
use
by
24
packages
right
now
or
like
you
know,
we
have
this
count.
This
is
what
I've
currently
implemented
in
the
widget
and
that's
what
the
framework
allows
for
the
problem
with
that.
Is
you
don't
have
the
visibility
until
you
click
on
this?
B
What
we
had
was
this
over
here,
so
you
have
the
license,
which
is
a
link
to
the
license
itself
and
then
a
list
of
like
dependencies
and
then,
if
you
wanted
to
see
all
of
them,
you'd
click
you
know
and
10
more
and
it
would
expand
and
collapse
that
expand
and
collapse
functionality.
We
don't
have
now,
when
jeremy
and
becca
review
this
their
feedback
was
hey,
I
mean.
B
Can
we
just
do
something
like
this
and
add
a
link
which
I
did
do
so
that's
temporary
solution,
but
for
denied
licenses
nicole
still
wants
this
to
be
expanded
out
because
they
want
to
have
that
immediate
visibility.
You
want
to
know
why
this
mr,
is
introducing
deny
licenses
and
what
those
dependencies
are
right
here
in
this
view.
So
what
we're
going
to
roll
out
for
version?
One
is
for
uncategorized
and
allowed
licenses.
We'll
use
this
kind
of
compact
used
by
x
number
of
packages,
but
for
the
the
nine
ones
we're
gonna
show
this
big
list.
B
C
Yeah,
I
got
a
question
yeah
when
you
say
that's
what
nicole
wanted.
Was
that
also?
What
was
what's
that
also
information
that
was
available
to
jeremy
and
becca
when
they
met,
or
was
that
a
follow-up
discussion
so.
B
What
follow-up
this
is
follow-up
so
when
they
met.
So
what
I
did
was
I
created
this
giant
epic.
That
initially
was
intended
to
capture
hey.
What
are
all
the
deficiencies
from
the
legacy
component
to
the
new
one
to
get
100
feature
parity
and
then
the
feedback
I
got
from
product
was
that
we're
not
aiming
for
100
feature.
B
Parity
nicole
was
not
too
prescriptive
on
like
how
it
looked
so
long
as
like
some
minimum
things
are
available
to
the
user,
and
one
of
them
was,
and
the
only
one
that
would
technically
want
to
follow
up
on
or
the
feedback
I
got
was
that
you
want
to
have
a
way
to
much
more
cleanly
show
the
denied
licenses,
because
right
now
yeah,
so
I
created
this
epic
and
and
they
went
through
one
by
one
and
for
every
single
one.
They
had
an
existing
solution
or
a
recommended
change
to
to
the
original
design.
B
B
Instead
of
showing
all
these,
can
we
just
do
a
link
and
show
the
count
to
summarize
it
and
then
navigate
you
away
and
the
feedback
I
got
from
my
team,
or
I
guess,
from
the
coal
product
manager
for
composition,
analysis
that
you
know
for
version
one,
that's
fine,
but
ideally
we
do
want
to
show
the
the
list
of
denied
the
denied
licenses
with
their
all
their
dependencies.
If
we
can't
collapse
them
or
not,
just
show
all
of
them.
B
But
my
my
my
feedback
from
the
sorry
in
front
of
engineering
side
of
things
is
that
this
list
can
get
very
long.
We
don't
have
a
lot
of
vertical
scrolling
space.
It's
going
to
be,
it
may
be
200
items,
so
you
know
I
don't
know
how
we
want
to
approach
it.
There
wasn't
really
much
other
than
this
kind
of
turning
this
into
a
link
that
we
can
support.
We
don't
have
any
notion
of
expanding
collapsing,
string,
text,
truncated
text
or
anything
like
that,
and
I
don't
know
if
that's
a
paradigm
we
want
to
introduce.
B
You
know
I
mean
I
figure,
that's
a
ux
discussion,
but
yeah
I'm
happy
to
follow
up
after
this
meeting
if
anyone's
interested
to
better
understand.
I
could
demo
this.
If,
if
you
need
more
clarity
and
what
the
actual
challenge
is
I'm
trying
to
see,
I
don't
have
an
example
where
that
list
is
like
200
items,
but
it's
basically
this
and
it's
just
more
and
more
text.
B
A
B
Then
I
have
what
it
is.
I
have
it
linked
to
the
yeah
I
did
and
that's
in
the
working
group,
epic,
so.
A
You
know
that's
enough,
yeah,
that's
that's
perfect.
That's
that's
exactly
what
we
need.
Can
you
link
it
here
on
the
agenda
so
that
we
can
we're
gonna
stay
connected,
but
that's
that's
that
that's
good.
B
It
left
off
is
that
jeremy
beckett
did
take
a
look
and
they
did
recommend
a
proposal,
and
then
this
is
just
the
second
iteration
of
now
giving
the
feedback
from
product
sorry
from
product
that
you
know
we
can
go
with
what
they
suggested
for
now.
B
But
ideally
we
should
follow
up
to
see
if
there's
any
other
way,
we
can
improve
on
that
cool,
so
that
leads
into
the
status
of
license
compliance
and
security
dashboard.
So
from
the
license
compliance
side
of
things,
we're
only
we're
only
blocked
in
one
back-end
thing,
that's
not
related
to
the
working
group.
I
just
need
additional
data
from
the
endpoint,
so
that's
scheduled
to
be
done
next
milestone.
So
if
things
go
to
plan
license,
compliance
should
be
shippable.
B
There's
a
new
mr
weid
extension
next
milestone
savas
on
neil's
team
is
out
of
office
right
now,
but
I
wanted
to
honestly
have
bring
up
this
issue
he
had
opened
while
he
is
trying
to
implement
the
security
widget,
which
again
is
also
a
little
bit
more
interactive.
What
he
has
here
is
the
animated
gif.
So,
basically,
when
you
have
these
vulnerabilities,
the
old
behavior
is
that
they're
clickable,
so
you
could
drill
into
the
individual
vulnerability
and
get
more
data
specific
to
that
vulnerability.
B
B
Basically
the
way
we
could
hook
into
it
is
have
the
component
or
extension
emits
an
event,
and
he
could
hook
into
that
outside
of
the
event
outside
of
the
component,
I
think
was
the
intent,
so
I
don't
know
if
well
two
things
we
don't
know
if,
like
clicking
a
link
and
then
opening
a
model
is
currently
part
of
the
design
spec
to
get
ux
feedback
on
that,
because
I
don't
know
how
else
we
would
show
this
other
all
this
data
unless
we
took
them
to
a
page,
I
mean
I
think
I
might
propose
to
him
that
we
do
have
a
single
vulnerability
view
and
maybe
have
that
link
in
the
meantime
point
to
the
single
vulnerability
view
page.
B
I
don't
know
if
yonic's
here,
if
that
kind
of
makes
sense,
because
that
we
have
a
single
vulnerability
view
from
the
context
of
a
modal,
but
we
also
have
it
as
a
single
vulnerability
view
right
a
dedicated
page.
B
D
As
a
plus
one,
the
test
report
widget
also
uses
modals.
It's
the
that
widget
is
very
similar
to
this
security,
dashboard
widget
and
just
how
it
how
it
behaves
and
looks,
and
I
don't
think
we'd
be
able
to
go
a
different
route.
Besides
the
modal,
we
don't
really
have
another
page
that
has
the
information
that
we
can
easily
link
to
at
least.
A
A
So
now
you
have
a
progressive
disclosure
that,
if
you
want
to
know
more
about
this
report,
going
to
a
model
seems
particularly
reasonable,
so
yeah
we'll
track
that
issue
we'll
raise
it
for
for
implementation,
and
we
can
or
again
have
the
designer's
way
in
to
make
sure
that
is
there
anything
that
we
should
distinct,
make
a
distinction
on
the
link
to
show
that
it's
a
model
or
not,
rather
than
that,
it
feels
like
a
totally
reasonable
thing
for
us
to
pick
up
to
to
be
added.
B
And
I
would
also
emphasize
that
the
whole
point
of
doing
this
widget
extension
was
to
standardize
the
ux
anything
that
is
open.
The
caveat
is
anything,
that's
open.
The
modal
is
not
in
scope
of
the
implementation,
as
is
right
now,
so
this
modal
is
specific
to
it's
going
to
be
a
completely
different
view
component,
one
off
specific
to
secure
and
I'm
sure
whatever
other
modals
that
are
open
are
going
to
be
uniquely
structured
as
well,
but
I
I
I
just
want
to
call
that
out.
A
That's
that's
a
great
topic
to
discuss
on
the
issue
with
the
designers
to
see
how
I
don't
know
marcel
if
you
want
to.
If
you
haven't,
weigh
in
right
now
on
the
call
or
just
defer
to
them.
C
Yeah
I
want
to
have
a
closer
look,
especially
on
the
secure
side
linking
to
the
actual
vulnerability
sounds
like
it
could
simplify
a
lot
and
that
could
make
things
a
lot
easier.
Kinda
said
to
hear
that
this
is
not
such
such
a
simple
solution
on
the
test
summary,
so
we
will
need
to
look
into
that.
I
know.
There's
the
issue
open,
I'm
gonna
probably
add
some
details
and
link
some
and
ping,
some
other
people
from
the
design
side
to
have
a
look
together.
E
From
a
product
side
is,
do
any
of
the
engineers
know
if
there's
any
instrumentation
on
those
links
or
clicking
on
those
links,
and
I
ask
because,
like
one
of
the
things
that
we
want
to
do,
is
simplify
the
widgets
and
not
make
them
full-blown
applications
inside
of
the
merge
request
right,
that's
sort
of
not
the
point
of
quick
reporting
widgets,
and
so
it
would
be
good
to
know
before
we
invest
time
in
like
extending
to
support
modals
and
allowing
all
these
other
things
to
show
up.
E
Does
anyone
even
interact
with
those
or
use
those
things
I
mean
are
sort
of
like
our
initial
researches
widgets
aren't
even
expanded
that
often
so
like
now.
My
question
is
like,
if
they're
not
even
expanded
that
often
what
is
the
likelihood
that
someone's
clicking
on
the
next
thing
in
there,
and
so
I
think,
before
we
like
dive
into
to
solutioning
that
piece,
it
would
be
really
good
to
know
like
do
we
even
need
to
do
that
like
we
don't
have
to
make
parity
all
the
time
like
we
could
make
some
decisions
here.
B
I
don't
off
top
of
my
head,
I
don't
know
of
any
metrics
for
that.
I
know
in
secure
stage.
We
do
track
some
metrics
for
interacting
with
some
of
the
security
features.
I
don't
know
if
this
is
one
of
them.
Unless
yana
you
have
any
visibility
into
where
we
do
have
tracking.
B
Not
on
top
of
my
head,
so
what
I'll
do
is
I'll
provide
that
feedback
from
the
group
in
the
cold
ask
for,
like
you
know
before
we
do
all
this
all
the
stuff
do
do
what's
the
usage
on
this?
Do
we
know,
should
we
introduce
introduce
some
tracking
to
try
to
get
that
data,
because
the
easy
solution
might
be
to
just
link
to
the
single
vulnerability
page
instead
of
trying
to
do
it
in
line
in
the
modal?
B
I
think,
if
I
can,
my
understanding
for
this
widget
is
that
we
have
a
license
check
approval
rule.
So
if
you
have
the
security
rule
applied-
and
you
know-
let's
say
you
detect
a
deny
license,
this
merge
request
will
be
blocked.
So
the
idea,
I
think,
was
that
you
could
see
the
denied
licenses
right
there
and
it's
like
you
were
saying
it's
almost
like
an
app
within
an
emerge
request
because
you
click
on
it.
B
Sorry,
I
I
I'm
getting
licensed
compliance
mates
with
the
security
widget.
You
would
see
a
vulnerability,
that's
detected
and
as
a
security
reviewer,
you
could
go
in
and
then
say
hey.
This
is
not
actually
a
vulnerability,
or
this
is
one
that
is
fine
and
dismiss
it
and
then
allow
it
to
then
be
mergeable,
because
you
dismiss
this
protective
vulnerability.
E
If
there's
not
instrumentation,
I
mean
snowplow
is
not
going
to
give
us
enough
data
because
that's
sas
only
and
so
we're
not
going
to
know
and
self-manage,
where
we're
more
likely
to
see
heavier
secure
or
testing
usage.
And
so,
if
there's
non-instrumentation,
that's
fine.
I
think
I
know
we
talked
about
it
when
this
working
group
started,
but
maybe
we
didn't
follow
through
on
making
sure
the
components
were
naturally
instrumented
moving
forward,
because
we
do
need
to
know
those
things,
and
we
need
to
be
better
about
that.
E
So
maybe
I'll
create
some
issues
to
make
sure
we
like
foundationally,
make
sure
there's
instrumentation
in
the
component
moving
forward
and
we
can
figure
that
out.
I
don't
think
we
have
time
to
instrument,
wait
for
self-managed
instances
to
upgrade
and
get
to
a
version
that
has
instrumentation
and
like
wait
more
cycles
to
get
data
back
so,
like
that's,
not
likely
a
feasible
thing.
So
we
may
need
to
go
down
this
path
but
yeah.
If
anyone
checks-
and
there
is
more
usage-
data
it'd
be
good
to
have
that
and.
B
I
guess
I
just
also
want
to
call
out
that
becca
has
been
kind
of
advocating
on
behalf
of
secure
teams.
So
if
you
need
to
from
a
ux
design
standpoint,
becca
is
a
good
person
to
reach
out.
If
you
need
clarity
on
any
of
the
secure
stage,
related
concerns
she's,
very
willing
and
able
to
help.
I
did
want
to
add
that,
because
we
didn't
want
license
compliance
or
the
security
widget
to
hold
up
the
group's
efforts
to
roll
this
out,
I
do
have
an
mr
up
to
introduce
a
feature
flag.
B
If
you
just
have
the
extension,
it
should
render
all
the
other
extensions
minus
license
compliance
and
license
compliance
with
the
show
the
legacy
one
that
was
just
like
safety
backup
net
in
case
the
group
wanted
to
push
forward
much
more
sooner,
I'm
not
sure
if
our
intent
is
to
roll
them
out
altogether
or
to
say
we
have
enough
to
roll
out
some
of
them.
C
So,
to
give
a
quick
summary,
I
think,
right
now
we
are
at
seven
that
are
ready
to
be
rolled
out
license
compliance
seems
to
be
ready
in
the
next
milestone,
based
on
the
current
estimation
for
secure,
we
don't
have
a
current
estimation.
C
D
The
majority
of
it
will
be
done
this
milestone.
Besides
the
modal
work,.
D
We
can,
I
can
discuss
it
with
a
gina
or
our
ux
designer
the
we're
we'll
create
a
follow-up
issue
for
the
modal
work
at
least
and
and
discuss
it
there
if,
if
needed,
we
can
also
create
a
nested
feature
flag
for
it.
For
the
test
report,
widget.
C
E
I
think
it'd
be
worth
prioritizing
like
nested
feature
flags
now
and
rolling
the
seven
turning
the
seven
on
on
gitlab.com.
Now,
the
sooner
we
do
that,
the
sooner
we
know
what's
going
on,
and
then
we
can,
if
in
15
we
can
toggle
on
the
other
ones,
then
we
toggle
on
the
other
ones.
If
we
can't,
we
can
say
com
only
for
a
period
of
time.
E
There
are
not
many
projects
that
show
all
nine
widgets
or
any,
and
so
it's
going
to
be
really
hard
to
collect
feedback.
Even
in
the
gitlab
project.
We
don't
use
half
of
these
things
right.
So
like
it's
going
to
be
hard
to
collect
feedback,
so
the
sooner
we
can
get
it
on
to
a
broader
audience
the
better.
I
think.
C
B
As
a
follow-up
to
the
to
enabling
this
thing,
I
just
wanted
to
call
out
that
in
staging
recently
the
feature
flag
was
enabled
globally.
I
had
to
disable
it
from
the
global
scope
because
it
looks
like
it
was
breaking
some
automation
tests.
I
think
it
I
don't
know
if
it
was
limited
to
just
license
compliance.
B
I
think
we
might
have
some
like
browser
automation,
any
suggestions
on
that
rollout
strategy,
so
I
guess
putting
up
an
mr
to
update
the
unit
test
before
we
toggle
the
feature
flag,
or
should
these
automation
tests
be
handling
both
versions
behind
the
feature
flag?
I'm
not
sure
how
to
approach
this.
E
Typic
we
broke
a
test
yesterday,
which
is
why
I
know
typically,
I
think,
if
it
is
new
expected
behavior
to
automate
like
the
qa
engineers,
will
update
the
automated
testing
like
if
that's
the
intent
and
during
a
feature
flag
state.
E
They
like
to
be
able
to
test
with
it
off
and
so
like.
There's
got
to
be
a
way
for
them
to
like
know
that,
and
so
they
can
update
tester.
We
can
update
tests
to
make
sure
they're
off,
but
I
don't
know,
do
we
have
anyone
from
qa
in
the
working
group?
Andre,
probably
not,
and
we
lost
our
qa
engineer
and
code
review,
which
sounds
bad.
E
It
might
be
worth
reaching
out
andre
if
you
don't
mind
to
like
qa
and
just
see
what
they
think.
I
imagine
we'll
break
a
lot
of
tests
when
all
these
widgets
are
turned
on,
because
anything
that's
doing
like
trying
to
navigate
to
specific
elements
in
the
dom
is
going
to
fail
if
we've
changed
any
of
the
nesting
or
any
of
the
names
on
any
of
that
stuff.
It'll
all
fail,
so
it'd
be
good
to
give
them
a
heads
up,
at
least
so.
A
What
I
might
do
yeah,
we
did
have
tommy
on
the
working
group,
which
was
the
sct
that
left
I'll
reach
out
to
ramya,
to
see,
if
you
can
have
someone
else,
help
us
out
in
rolling
this
out
to
make
sure
that
we
have
a
backup,
someone
backing
us
up
from
that
side,
and
maybe
I
think,
that's
part
of
the
rollout.
A
So
whenever
we
decide
to
start
actually
turning
this
on
is
going
to
be
ensuring
that
all
the
the
steps
are
covered,
so
yeah
I'll
reach
out
to
ramya
get
someone
involved
that
can
help
us
through
that
process.
I
do.
I
do
have
phil
on
holiday
for
at
least
another
week,
so
I'll
be
much
more
comfortable
starting
to
roll
this
out
with
him
present,
so
I've
that
would
put
us
on
5.0.
A
I
think
starting
to
roll
this
out
in
terms
of
time
frame.
Does
that
is
that
okay
or
do
you
want
to
start
it
like
the
next
couple
of
days,
starting
to
turn
this
on
instead
in
staging
well,
not
staging
yeah
beyond
staging.
E
A
Okay,
so
let's
write
that
down
actually
so
so,
pending
just
start
a
new
section,
pending
tasks,
actually
tasks
blocking
rollout,
it's
basically
the
nested
feature
flag
for
help
me
out
here.
People
test
summary
and.
A
Security
so
once
we
have
that
we
can,
and
so
then
this
is
staging
staging
slash,
qa
tests
broken
tests,
so
those
are
two
things
that
are
anything
else
that
you
mentioned
guys
they
might
have
missed.
B
I
think
the
only
question
was
so
we
have
right
now.
I
had
to
turn
off
the
feature
flag
and
staging
with
the
ignore
feature,
flag
check
or
something
flag,
because
it's
enabled
for
some
products
in
production.
We
have
some
test
products.
Do
we
have
any
known
test
projects
and
staging
that
we
want
to
enable
it
for
because
I
wanted
to
turn
it
on
at
least
to
a
project.
So
we
can
have
that
to
reference
right
now,
it's
disabled
globally,
as
of
yesterday.
Just
so,
we
could
get
those
tests
passing.
B
Should
I
make
an
attempt
to
clone
the
ones
in
production,
export,
those
and
import
them
into
staging,
and
I
don't
know
where
they'll
live,
but
if
someone
could
give
me
a
name
space
to
put
them
in,
I
could
try
to
mirror
the
one
thing
I
don't
know
if
it's
an
exact
mirror.
I
don't
know
if
that
the
existing
project
is
under.
Like
I
I
forget.
D
D
A
Well,
yeah
there's
also
the
document
the
agenda
yeah,
I'm
just
saying
that
if
it
helps
it
might
be
used
for
you
to
just
export
that
project
and
try
to
import
it
into
a
namespace
in
staging.
Because
you
have
access
to
the
export
right
or
do
we
all
have
access
to
the.
D
We
should
all
have
access,
it's
just
in
the
front.
End
playground.
B
Yeah
I
have
access
to
it
too.
My
question
is:
do
we
have
a
gitlab
or
front
end
playground?
B
A
Cool
all
right,
so,
let's
track
those
tasks.
I'll
put
this
in
the
agenda
for
next
week,
at
least
for
us
to
keep
checking
in
on
those
things.