GitLab Direction

1. You are here:
2. GitLab Direction

On this page

• Vision
  • Background and history
  • DevOps stages
    • Dev
      • Manage
      • Plan
      • Create
    • CI/CD
      • Verify
      • Package
      • Release
    • Ops
      • Configure
      • Monitor
    • Secure
    • Defend
  • Enablement Groups
    • Geo
    • Ecosystem
  • Growth Groups
    • Fulfillment
    • Telemetry
• Concepts
  • Depth
  • Breadth
  • Personas
  • Application Types
  • Company Initiatives
  • Enterprise editions
• Maturity
• Scope
• Quarterly Objectives and Key Results (OKRs)
• Your contributions
• How we plan releases
• Previous releases
• Upcoming releases
• Moonshots
• Paid tiers
  • Starter
  • Premium
  • Ultimate
  • Actionable feedback
    • Business feedback
    • Application feedback
    • System feedback
    • Execution feedback & Cycle Analytics
  • ML/AI at GitLab
    • Signal / noise separation
    • Recommendation engines
    • Smart behavior
    • Code quality
    • Code navigation

Vision

Our vision is to replace disparate DevOps toolchains with a single application that is pre-configured to work by default across the entire DevOps lifecycle.

We aim to make it faster and easier for groups of contributors to deliver value to their users, and we achieve this by enabling:

• Faster cycle time, driving an improved time to innovation
• Easier workflows, driving increased collaboration and productivity

Our solution plays well with others, works for teams of any size and composition and for any kind of project, and provides ongoing actionable feedback for continuous improvement.

You can read more about the principles that guide our prioritization process in our product handbook.

Background and history

• The Product Vision Backstory
• The 2018 Product Vision
• The 2019 and Beyond Product Vision

DevOps stages

DevOps is a broad space with a lot of complexity. To manage this within GitLab, we break down the DevOps lifecycle into a few different stages, each with its own strategy page you can review. We are investing in the following manner across each stage:

• Planning spreadsheet with PM analysis of competition, Headcount with stage revenue, Headcount by category
• Product categories
• Maturity page
• Backend hiring priorities
• Rolling 4 Quarters GitLab Hiring Plan (internal only)
• Finding headcount outside of your stage

Dev

Manage

Overall visibility and insight into what's happening within GitLab

Plan

Planning capabilities to keep your team synchronized and moving in the right direction

Create

Create, view, and manage code and project data through powerful tooling

CI/CD

Verify

Keep strict quality standards for production code with automatic testing and reporting

Package

Manages the packages you build and depend on in your software delivery process

Release

Continuous delivery and orchestration of your releases to your users

Ops

Configure

Automation to configure your applications and infrastructure

Monitor

Application Performance Monitoring (APM) Monitor system behavior to understand the impact of changes on your system

Debugging and Health Triage, respond, resolve and prevent incidents to minimize downtime

Secure

Security capabilities, directly integrated into your development lifecycle

Defend

Defend your apps and infrastructure from security intrusions

Enablement Groups

Supporting the stages in the DevOps lifecycle, there are additional Enablement groups, again with their own direction pages:

Geo

Ecosystem

Growth Groups

Supporting the stages in the DevOps lifecycle, there are additional Growth groups, again with their own direction pages:

Fulfillment

Telemetry

Concepts

Product uses a few key concepts to talk about how we work:

• Depth
• Breadth
• Personas
• Application Types

Depth

We aim for market leadership in every category we compete in. We're already there with:

• Source Code Management
• Continuous Integration

For FY20, and we'll build best-in-class, lovable features in our four focus areas:

• Project Management
• Release Automation
• Application Security Testing
• Value Stream Management

Additionally, our FY20 goals include moving these categories to complete.

Breadth

We wouldn't be true to our ambition if we stopped with our current product categories. Across our existing DevOps stages we'll continue to rapidly expand with new categories.

For more information, check out our epics below:

Manage

• Code Analytics
• Workflow Policies

Plan

• Requirements Management
• Quality Management

Create

• Design Management
• Live Coding

Verify

• System Testing
• Usability Testing
• Accessibility Testing
• Compatibility Testing

Package

• Rubygem Registry
• Linux Package Registry
• Helm Chart Registry
• Dependency Proxy

Secure

• Secret Detection
• IAST
• Fuzzing

Release

• Release Governance

Configure

• PaaS
• Chaos Engineering
• Cluster Cost Optimization

Monitor

• Synthetic Monitoring
• Incident Management
• Status Page

Defend

• Web Application Firewall
• Vulnerability Management
• Threat Detection
• Runtime Application Self Protection
• Behavior Analytics
• Data Loss Prevention
• Container Network Security

We are additionally prioritizing getting these categories from Minimal to Viable.

Personas

GitLab enables everyone to contribute. Our platform can be used by all people contributing to digital content.

We've already built great workflows and dashboards for:

• Developers
• Project Managers

We are investing in our relatively new roles:

• Release Managers
• Security
• Operations

We plan to expand to more roles in FY2020:

• Designers
• Product Managers
• Executives

Other candidates:

• Marketing
• Legal
• QA
• Data Scientists

Application Types

Application types represent both different application types (web applications, mobile apps) and architectures (monorepos, microservices). Gitlab continues to deliver and replace the disparate DevOps toolchain for both static sites and traditional web applications. These are two examples of application types. We're actively investing in more robust support for new application types such as cloud native and mobile apps, but we aren't done there. GitLab will expand to enable collaboration on new application types. More details.

In FY20, we're targeting:

• Mobile apps (including iOS builds on MacOS shared runners on GitLab.com)
• Serverless functions
• Systems of microservices
• Monorepos of related services
• Versioned dependencies (e.g. rubygems)

Future application types:

• Data science
• ML/AI
• Security research
• Gaming (LFS / Monorepo with many binaries)

Company Initiatives

We are also tracking big initiatives for the entire company or for the application at a holistic level that impact the product. These items have their own planning and goals, and typically bridge several (and in some cases even all) of the stages in the product. Some have formal working groups. There are other formal working groups that are not mentioned here as this list focuses on efforts that Product is directly involved with.

• Move to a single CE/EE Codebase
• GitLab.com costs
• Internationalization
• Elastic Search on GitLab.com
• GitLab.com using CD
• GraphQL
• Design system
• Dogfood microservices

Enterprise editions

GitLab comes in 4 editions:

• Core: This edition is aimed at solo developers or teams that do not need advanced enterprise features. It contains a complete stack with all the tools developers need to ship software.
• Starter: This edition contains features that are more relevant for organizations that have more than 100 potential users. For example:
  • features for managers (reports, management tools at the group level,…),
  • features targeted at developers that have to work in multi-disciplinary teams (merge request approvals,…),
  • integrations with external tools.
• Premium: This edition contains features that are more relevant for organizations that have more than 750 potential users. For example:
  • features for instance administrators
  • features for managers at the instance level (reporting, management tools, roles,…)
  • features to help teams that are spread around the world
  • features for people other than developers that help ship software (support, QA, legal,…)
• Ultimate: This edition contains features that are more relevant for organizations that have more than 5000 potential users. For example:
  • compliances and certifications,
  • change management.

Maturity

As we add new categories and stages to GitLab, some areas of the product will be deeper and more mature than others. We publish a list of the categories, what we think their maturity levels are, and our plans to improve on our maturity page.

Scope

We try to prevent maintaining functionality that is language or platform specific because they slow down our ability to get results. Examples of how we handle it instead are:

1. We don't make native mobile clients, we make sure our mobile web pages are great.
2. We don't make native clients for desktop operating systems, people can use Tower and for example GitLab was the first to have merge conflict resolution in our web applications.
3. For language translations we rely on the wider community.
4. For Static Application Security Testing we rely on open source security scanners.
5. For code navigation we're hesitant to introduce navigation improvements that only work for a subset of languages.
6. For code quality we reuse Codeclimate Engines.
7. For building and testing with Auto DevOps we use Heroku Buildpacks.

Outside our scope are Kubernetes and everything it depends on:

1. Network (fabric) Flannel, Openflow, VMware NSX, Cisco ACI
2. Proxy (layer 7) Envoy, nginx, HAProxy, traefik
3. Ingress (north/south) Contour, Ambassador,
4. Service mesh (east/west) Istio, Linkerd
5. Container Scheduler we mainly focus on Kubernetes, other container schedulers are: CloudFoundry, OpenStack, OpenShift, Mesos DCOS, Docker Swarm, Atlas/Terraform, Nomad, Deis, Convox, Flynn, Tutum, GiantSwarm, Rancher
6. Package manager Helm, ksonnet
7. Operating System Ubuntu, CentOS, RHEL, CoreOS, Alpine Linux

During a presentation of Kubernetes Brendan Burns talks about the 4 Ops layers at the 2:00 mark:

1. Application Ops
2. Cluster Ops
3. Kernel/OS Ops
4. Hardware Ops

GitLab helps you mainly with application ops. And where needed we also allow you to monitor clusters and link them to application environments. But we intend to use vanilla Kubernetes instead of something specific to GitLab.

Also outside our scope are products that are not specific to developing, securing, or operating applications and digital products.

1. Identity management: Okta and Duo, you use this mainly with SaaS applications you don't develop, secure, or operate.
2. SaaS integration: Zapier and IFTTT
3. Ecommerce: Shopify

In scope are things that are not mainly for SaaS applications:

1. Network security, since it overlaps with application security to some extent.
2. Security information and event management (SIEM), since that measures applications and network.
3. Office productivity applications, since "We believe that all digital products should be open to contributions, from legal documents to movie scripts and from websites to chip designs"

Quarterly Objectives and Key Results (OKRs)

To make sure our goals are clearly defined and aligned throughout the organization, we make use of OKR's (Objective Key Results). Our quarterly Objectives and Key Results are publicly viewable.

Your contributions

GitLab's direction is determined by GitLab the company, and the code that is sent by our contributors. We continually merge code to be released in the next version. Contributing is the best way to get a feature you want included.

On our issue tracker for CE and EE, many requests are made for features and changes to GitLab. Issues with the Accepting Merge Requests label are pre-approved as something we're willing to add to GitLab. Of course, before any code is merged it still has to meet our contribution acceptance criteria.

How we plan releases

At GitLab, we strive to be ambitious, maintain a strong sense of urgency, and set aspirational targets with every release. The direction items we highlight in our kickoff are a reflection of this ambitious planning. When it comes to execution we aim for velocity over predictability. This way we optimize our planning time to focus on the top of the queue and deliver things fast. We schedule 100% of what we can accomplish based on past throughput and availability factors (vacation, contribute, etc.).

See our product handbook on how we prioritize.

Previous releases

On our releases page you can find an overview of the most important features of recent releases and links to the blog posts for each release.

Upcoming releases

GitLab releases a new version every single month on the 22nd. You can find the major planned features for upcoming releases on our upcoming releases page.

Note that we often move things around, do things that are not listed, and cancel things that are listed.

Moonshots

Moonshots are big hairy audacious goals that may take a long time to deliver.

• META: Internationalization / add translations
• Implement cross-server (federated) merge requests
• Real-time editing of issue and merge request title
• Allow pushing to multiple servers
• Rebuild/update all containers Premium
• Make native applications for iOS and Android with Turbolinks
• Run tests in the cloud, pre-commit from a client
• Copy-on-write fuse filesystem
• Autocommit using auto-assigned approvers
• Suggest edits to fix common errors detected by CI
• Code to issue audit
• Clone MR
• Use machine learning to automatically classify issues/MRs
• Visual editor for .gitlab-ci.yml
• IDE / editor with a local editor via mirroring / sync
• Render like BigPipe for better perceived performance
• Real-time editing of issue and merge request description
• Failure Injection Testing (FIT) or Chaos as part of operations features Premium
• See visual diff in review app
• Machine learning to predict and offer next label to apply
• PeopleOps tool - Talent management (recruiting in particular)

Paid tiers

Starter

Starter features are available to anyone with an Enterprise Edition subscription (Starter, Premium, Ultimate).

• View the history of changes to an issue/mr/epic description 12.4
• Board list capacity controls (WIP Limits MVC) 12.4
• Remove need for client-based authorization with Visual Review Tools 12.4
• Include description change diffs when querying notes 12.4
• Step 1: Move Elasticsearch admin options from Integrations to top level 12.4
• Step 2: Support multiple indices to Elasticsearch Admin options 12.4
• [BE] Step 2: Support multiple indices to Elasticsearch Admin options 12.4
• [FE] Step 2: Support multiple indices to Elasticsearch Admin options 12.4
• Instance Administrators should be able to check status of Elasticsearch Index 12.5
• Support runtime Visual Review configuration 12.5
• Step 3: Add mapping version to ElasticSearch indices in the Admin UI 12.5
• Step 4: Add projects list for fully indexed Elastic Search index 12.5
• Code quality on master 12.7
• Constant Deployment 12.7
• CI View for Code Quality 12.7
• Honor "fixup!" commits when doing rebases in Merge Requests Backlog
• Graph history of pipeline durations Backlog
• Restrict group approvers to groups that have share access to the project Backlog
• Pipeline timing graphs Backlog
• Show fuller code quality notices inside the MR widget Backlog
• Visualize jobs duration given a pipeline (chart, graph) Backlog
• Auto Coverage Backlog
• Continue code quality: show result when Pipeline runs Backlog
• Connect to GitHub Enterprise at group level Backlog
• Pin (star) boards you care about Backlog
• Actionable analytics MVC Backlog
• Show list of code reviews on the merge request Backlog
• Add full screen annotations to Visual Review tool Backlog
• Add ability to take screenshot in Visual Review Tool Backlog
• Auto-determine most efficient parallelization factor for test runs Backlog

Premium

Premium features are only available to Premium (and Ultimate) subscribers.

• Log Git push actions 12.3
• Group Cycle Analytics Over Time 12.3
• Conan C/C++ Package Manager MVC 12.3
• Export designs when creating a project export 12.3
• Operator view for all group-level cluster deployments/environments 12.3
• Implement status and discussion count on designs 12.3
• Enable uploading of SVG images for Design Management 12.3
• [FE] Productivity Analytics - Type of Work (pre-defined) 12.3
• Implement a date picker for productivity analytics 12.3
• Implement a date picker for cycle analytics 12.3
• Designs should have zoom control to properly handle large and small images 12.3
• Productivity Analytics: Add scatterplot chart 12.3
• Retrieve audit events via API: MVC 12.4
• Merge Request dependencies 12.4
• Project environment dashboard to view environments and deployment statuses 12.4
• API endpoint to list the packages of a group 12.4
• Allow users to Destroy/Hide designs 12.4
• Design Notes should also be available in the discussions tab 12.4
• Remove need for client-based authorization with Visual Review Tools 12.4
• Productivity Analytics - Type of Work (pre-defined) 12.4
• Allow fork pipelines to run in parent project 12.4
• Customizable Stages in Cycle Analytics 12.4
• Generate smaller versions of design images when new versions are uploaded 12.4
• Identifying Potential Code Hotspots 12.4
• Support Design Management links when adapting links in Markdown 12.4
• [FE] Identifying Potential Code Hotspots 12.4
• Add ability to click on a dot in prod analytics scatter plot graph 12.4
• Allow to see stages with WIP items in Cycle Analytics 12.4
• Allow users to set up targets/alerts on their charts 12.4
• Add number of comments + number of reviewers histogram in Productivity Analytics 12.4
• Differentiate between package types in the group level package registry 12.4
• Add a histogram for cycle analytics 12.4
• [BE] Productivity Analytics - Type of Work (pre-defined) - API endpoint 12.4
• Add lead time, cycle time to the top bar in cycle analytics 12.4
• Import JIRA project issues into GitLab project issues 12.5
• NuGet .NET Package Manager 12.5
• Trigger pipeline when another project is rebuilt 12.5
• Update node.js template to automatically push to the NPM registry 12.5
• Vault integration for key/value secrets MVC 12.5
• Visualize Language Trends over Time 12.5
• OR for Events in Cycle Analytics 12.5
• Save a template for Cycle Analytics/Load from template 12.5
• Enable CSV export on Cycle Analytics/ Productivity Analytics 12.5
• Add weights to Type of Work Charts 12.5
• Ability to change the name of a graph as per user's own definition 12.5
• Allow different object types to be selected in 1 stage 12.5
• Save, load, share a template at a user level 12.5
• Add number of contributors and main contributor with % owned to a file in the code hotspots tooltip 12.5
• Implement a date picker for code hotspots 12.5
• Productivity analytics scatterplot: Create light blue band between 25% and 75% percentile 12.5
• Graph testing results over time MVC 12.6
• Advanced deploys (Blue/green, Canary, Traffic vectoring) 12.6
• Increase visibility of incremental rollouts in deploy boards 12.6
• Automatic multi-cloud validation MVC 12.6
• Add authentication support for CI_JOB_TOKEN to Conan Registry 12.6
• Implement inline code coverage remarks inside merge request changes tab file diffs 12.7
• Helm Charts Package Manager MVC 12.7
• CI View for Selenium MVC 12.7
• Create an alert in Audit Events 12.7
• Post-deployment monitoring (continuous verification) MVC 12.7
• PyPi Artifact Repository MVC 12.7
• Add cookie-based access to Feature Flags 12.7
• Project and Group level support for Conan Repository 12.7
• Merge request pipelines for forks for post-merge result 12.7
• Feature Flag Environment Permissions together with User IDs 12.7
• Show status of all MRs 12.7
• Comparing projects, groups, subgroups 12.8
• Leaderboard according to specified metrics 12.8
• Alert dashboard with operational risk events 12.8
• Action Items 13.0
• Code analytics Backlog
• Approvers based on code Git blame Backlog
• Rebuild/update all containers Backlog
• Verified and reproducible builds Backlog
• Block merge request with a negative approval signal Backlog
• Turnstile security: self learning and location dependent
• Watermarking of downloaded binaries
• Advanced compliance reporting (on access rights)
• [meta] Disaster Recovery Next 3-4 releases
• Auto-rebase when merging merge request Next 4-7 releases
• Automatic CDN configuration for Pages Backlog
• Feature monitoring Backlog
• Add "Jira integration" to multiple projects at once Backlog
• Group level integration with JIRA Backlog
• Better than Atlassian Jira integration Backlog
• Block deploy/promote/merge if degrade performance too much Next 4-7 releases
• Use Case: Distributed Systems / Microservices Backlog
• More control over manual action permissions Backlog
• Controllable permissions for CI tokens Backlog
• Operator role Awaiting further demand
• Automatically assign SLA time for Service Desk issues
• Automatically assign Service Desk issues to users Backlog
• Blocking issues (add support for issue dependencies) Backlog
• Automatically Load-balance tests Backlog
• Show code quality notices on diffs/MRs Backlog
• Create GitLab branch from Jira issue Backlog
• View GitLab merge request approvals information in associated JIRA issue Backlog
• Service Desk Analytics Backlog
• Environment-specific variables for Group-level variables Backlog
• Automatic flaky test minimization Backlog
• Scale deployments directly from the environment page Awaiting further demand
• Autoscaling apps Awaiting further demand
• Application idling / scale to zero Backlog
• Detect and report on flaky tests Backlog
• META: Code review flow which doesn't rely on manual assignment
• Multiple milestones per issue or merge request Next 3-4 releases
• Wait for MR approval in CI pipeline jobs Backlog
• Control incremental rollouts in the UI Backlog
• Button to auto-provision required files for Maven integration Backlog
• Debian Package Manager MVC Backlog
• RPM Package Manager MVC Backlog
• Compliance features Backlog
• Burndown chart in issue boards Next 3-4 releases
• Using or in issue/mr/epic list views and boards Backlog
• Make timed incremental rollout move forward only Backlog
• Failure Injection Testing (FIT) or Chaos as part of operations features Backlog
• Add feature flag permissions Backlog
• Automatically create change request ticket in ServiceNow Backlog
• Automated a11y scanning of Review Apps Backlog
• Dependency proxy for GitLab Maven package repositories Backlog
• Dependency proxy for GitLab NPM package repositories Backlog
• Add support for npm tags Backlog
• Show frequently visited projects when adding projects to Operations Dashboard Backlog
• CI View for detailed site speed metrics Backlog
• Add link to detailed sitespeed report from Merge Request Backlog
• Add integrated load testing to Auto DevOps Backlog
• Add support for .HAR file to integrated load testing Backlog
• Integrate Artillery.io for Integrated Testing Backlog
• Measure usage of Integrated Load Testing Backlog
• Extend metrics to allow for groups of metrics Backlog
• Allow multiple jobs to specify metrics Backlog
• Expose previous stages metrics to the current job Backlog
• Public pipeline page MVC Backlog
• Group level required CI jobs (group level required include:) Backlog
• Storage limits for the Dependency Proxy Backlog
• Search and discover items in the dependency proxy Backlog
• Expand pipeline dashboard to contain stages Backlog
• Group level pipeline dashboard Backlog
• Differentiate between jobs run with Enforce template inclusion in pipelines Backlog
• Allow annotations on designs to be resolvable. Backlog
• Allow users to create events in Cycle Analytics Next 3-4 releases
• Mirror package registry servers Backlog
• Users should be able to add Designs during Issue creation Backlog
• [Meta] GitLab HA improvements post GA Next 7-13 releases

Ultimate

Ultimate is for organizations that have a need to build secure, compliant software and that want to gain visibility of - and be able to influence - their entire organization from a high level. Ultimate features are only be available to Ultimate subscribers.

• Add support in License Compliance for PHP (composer.lock) 12.3
• Dragging and dropping issues and epics in the epic tree - issues & epics separately 12.3
• Leverage merge request approvals to prevent merging prohibited licenses - License Compliance Approvals in Merge Request MVC 12.3
• Show 'License-Check' approval rules in the license management tab 12.3
• Add 'License-Check' tooltips to approval rules and merge request approval UI 12.3
• Application logging (aggregated) 12.4
• Weight and progress information in roadmap epic bars 12.4
• Create issue from epic 12.4
• Add environment drop down to pod logs screen 12.4
• Instance level Security Dashboard MVC 12.4
• Inherit children epics start and due dates 12.4
• Allow blocking mode for Web Application Firewall 12.4
• SAST Support for React framework (JavaScript) 12.4
• Get rid of docker in docker requirement for Dependency Scanning 12.4
• Generic Alert Endpoint MVC 12.4
• Drag&drop issues and epics in the epic tree - support ordering between all objects 12.4
• Configuration screen for Secure features and enabled/disabled status 12.4
• Add affected projects feature to instance security dashboard 12.4
• Show Security Dashboard as the default project overview content 12.5
• Group License Compliance 12.5
• Custom rules for Web Application Firewall 12.5
• Show the detailed status of security testing in the merge request 12.5
• Improve Cluster Monitoring with support for alerts on computed capacity metrics 12.5
• Provide Dashboard for insight into production monitoring of applications MVC 12.5
• MVC: Install a default NetworkPolicy object into GitLab-managed Kubernetes clusters 12.5
• WAF statistics reporting 12.5
• Cluster NetworkPolicy statistics 12.5
• Dependency Scanning for Go 12.6
• Executable Runbooks for Releases MVC 12.6
• MVC Intrusion Detection System 12.6
• Custom NetworkPolicy object support for clusters 12.6
• Intrusion Detection System statistics 12.6
• Binary Authorization MVC 12.7
• Include fuzzy testing in DAST 12.7
• Access issue custom fields from project level Backlog
• Auto Remediate dependency security vulnerabilities Next 7-13 releases
• Custom workflows - Group configuration Backlog
• Web Terminal with persistent disk Next 7-13 releases
• Defect management
• Pipeline analyses to find transient failure Backlog
• Show current status of pods in deploy board Backlog
• Disable deleting issues and merge requests instance wide Backlog
• Lock issue title and description forever Backlog
• Change control
• Custom fields with required validation Backlog
• Configure group-level issue custom field Backlog
• Configure project-level issue custom field with enumerated (dropdown) field type Backlog
• GitLab Tracing Next 7-13 releases
• Production scripted testing Backlog
• Anomaly alerts MVC Backlog
• Application Log Alerts Next 3-4 releases
• Live preview (server side evaluation) application in Web IDE Backlog
• Risk management Next 7-13 releases
• What-if scenario planning
• Show Security Testing results on the environments page Next 4-7 releases
• Add epics to global search Backlog
• Detect & Alert on manual changes to Kubernetes configuration Backlog
• Email notification for security reports Next 4-7 releases
• Execute linter in Web IDE runner and render linter output in the Web IDE Next 4-7 releases
• Add Pod Logs to Operations tab Backlog
• Monitor device-plugin resources in Kubernetes Awaiting further demand
• Instance level Security Dashboard as an option for default dashboard Next 3-4 releases
• Burndown chart with stacked lines in boards Backlog
• Value stream analytics in board
• Time analytics line chart Backlog
• Burndown chart in issue boards Next 3-4 releases
• Security Control Panel for security testing Backlog
• Bar chart for VSM workflow analytics
• Epic swimlanes in board Backlog
• Use both fixed and inherited dates in epics to track delays Backlog
• Add mean remediation time in the Security Dashboard Next 4-7 releases
• Cumulative flow diagram in board Next 3-4 releases
• Discussion thread in board Backlog
• Test run object (or issue verification object generally) Backlog
• Benefit-weight ratio (WSJF in SAFe) visualization Backlog
• Option to enable Binary Authorization in new GKE clusters Backlog
• Epic cost, benefit, ROI fields Backlog
• Planning epics with WSJF in SAFe (benefit-weight ratio) Backlog
• Add Severity level to Gemnasium vulnerabilities Backlog
• Calendar showing issues on issue due dates Backlog
• Group Security Dashboard API Next 3-4 releases
• Site-specific configuration for Web Application Firewall Next 3-4 releases
• Blocking epics
• Filter issue list by epic Backlog
• Import HackerOne reports into GitLab
• Inline vulnerability management for the Group Security Dashboard Backlog
• Update HackerOne reports based on remediation flow in GitLab Backlog
• Value stream analytics - Two label events for cycle time Backlog
• WAF Virtual Patching Next 4-7 releases

Actionable feedback

Deployments should never be fire and forget. GitLab will give you immediate feedback on every deployment on any scale. This means that GitLab can tell you whether performance has improved on the application level, but also whether business metrics have changed.

Concretely, we can split up monitoring and feedback efforts within GitLab in three distinct areas: execution (cycle analytics), business and system feedback.

Business feedback

With the power of monitoring and an integrated approach, we have the ability to do amazing things within GitLab. GitLab will be able to automatically test commits and versions through feature flags and A/B testing.

Business feedback exists on different levels:

• Short term: how does a certain change perform? Choose A/B based on data.
• Medium term: did a particular new feature change conversions, engagement

• Long term: how do larger efforts relate to changes in conversations, engagement, revenue

• A/B Testing of branches

Application feedback

Your application should perform well after changes are made. GitLab will be able to see whether a change is causing errors or performance issues on application level. Think about:

• Response times of e.g. a backend API
• Error rates and occurrences of new bugs
• Changes in API calls

System feedback

We can now go beyond CI and CD. GitLab will able to tell you whether a change improved performance or stability. Because it will have access to both historical data on performance and code, it can show you the impact of any particular change at any time.

System feedback happens over different time windows:

• Immediate: see whether changes influence availability and alert if they do
• Short-medium term: see whether changes influence system metrics and performance

• Medium-Long term: did a particular effort influence system status

• Implemented: Performance Monitoring
• Status monitoring and feedback
• Feature monitoring

Execution feedback & Cycle Analytics

GitLab is able to speed up cycle time for any project. To provide feedback on cycle time GitLab will continue to expand cycle analytics so that it not only shows you what is slow, it’ll help you speed up with concrete, clickable suggestions.

• Cycle Speed Suggestions

ML/AI at GitLab

Machine learning (ML) through neural networks is a really great tool to solve hard to define, dynamic problems. Right now, GitLab doesn't use any machine learning technologies, but we expect to use them in the near future for several types of problems.

Signal / noise separation

Signal detection is very hard in a noisy environment. GitLab intends to use ML to warn users of any signals that stand out against the background noise in several features:

• security scans, notifying the user of stand-out warnings or changes
• error rates and log output, allowing you to rollback / automatically rollback a change if the network notices aberrant behavior

Recommendation engines

Automatically categorizing and labelling is risky. Modern models tend to overfit, e.g. resulting in issues with too many labels. However, similar models can be used very well in combination with human interaction in the form of recommendation engines.

• suggest labels to add to an issue / MR (one click to add)
• suggest a comment based on your behavior
• suggesting approvers for particular code

Smart behavior

Because of their great ability to recognize patterns, neural networks are an excellent tool to help with scaling, and anticipating needs. In GitLab, we can imagine:

• auto scaling applications / CI based on past load performance
• prioritizing parallelized builds based on the content of a change

Code quality

Similar to DeepScan.

Code navigation

Similar to Sourcegraph.