GitLab Direction

1. You are here:
2. GitLab Direction

On this page

• Vision
  • Background and history
  • DevOps stages
    • Dev
      • Manage
      • Plan
      • Create
    • CI/CD
      • Verify
      • Package
      • Release
    • Ops
      • Configure
      • Monitor
    • Secure
    • Defend
  • Enablement Groups
    • Geo
    • Ecosystem
    • Distribution
  • Growth Groups
    • Acquisition
    • Conversion
    • Expansion
    • Fulfillment
    • Retention
    • Telemetry
• Concepts
  • Depth
  • Breadth
  • Personas
  • Application Types
  • Company Initiatives
  • Enterprise editions
• Maturity
• Scope
• Quarterly Objectives and Key Results (OKRs)
• Your contributions
• How we plan releases
• Previous releases
• Upcoming releases
• Moonshots
• Paid tiers
  • Starter
  • Premium
  • Ultimate
  • Actionable feedback
    • Business feedback
    • Application feedback
    • System feedback
    • Execution feedback & Cycle Analytics
  • ML/AI at GitLab
    • Signal / noise separation
    • Recommendation engines
    • Smart behavior
    • Code quality
    • Code navigation
    • Audit events

Vision

Our vision is to replace disparate DevOps toolchains with a single application that is pre-configured to work by default across the entire DevOps lifecycle.

We aim to make it faster and easier for groups of contributors to deliver value to their users, and we achieve this by enabling:

• Faster cycle time, driving an improved time to innovation
• Easier workflows, driving increased collaboration and productivity

Our solution plays well with others, works for teams of any size and composition and for any kind of project, and provides ongoing actionable feedback for continuous improvement.

You can read more about the principles that guide our prioritization process in our product handbook.

Background and history

• The Product Vision Backstory
• The 2019 and Beyond Product Vision
• Product Vision, Strategy, and 2019 Plan slides

DevOps stages

DevOps is a broad space with a lot of complexity. To manage this within GitLab, we break down the DevOps lifecycle into a few different stages, each with its own strategy page you can review. We are investing in the following manner across each stage:

• Planning spreadsheet with PM analysis of competition, Headcount with stage revenue, Headcount by category
• Product categories
• Maturity page
• Backend hiring priorities
• Rolling 4 Quarters GitLab Hiring Plan (internal only)
• Finding headcount outside of your stage

Dev

Manage

Overall visibility and insight into what's happening within GitLab

Plan

Planning capabilities to keep your team synchronized and moving in the right direction

Create

Create, view, and manage code and project data through powerful tooling

CI/CD

Verify

Keep strict quality standards for production code with automatic testing and reporting

Package

Manages the packages you build and depend on in your software delivery process

Release

Continuous delivery and orchestration of your releases to your users

Ops

Configure

Automation to configure your applications and infrastructure

Monitor

Application Performance Monitoring (APM) Monitor system behavior to understand the impact of changes on your system

Debugging and Health Triage, respond, resolve and prevent incidents to minimize downtime

Secure

Security capabilities, directly integrated into your development lifecycle

Defend

Defend your apps and infrastructure from security intrusions

Enablement Groups

Supporting the stages in the DevOps lifecycle, there are additional Enablement groups, again with their own direction pages:

Geo

Ecosystem

Distribution

Growth Groups

Supporting the stages in the DevOps lifecycle, there are additional Growth groups, again with their own direction pages:

Acquisition

Conversion

Expansion

Fulfillment

Retention

Telemetry

Concepts

Product uses a few key concepts to talk about how we work:

• Depth
• Breadth
• Personas
• Application Types

Depth

We aim for market leadership in every category we compete in. We're already there with:

• Source Code Management
• Continuous Integration

For FY20, and we'll build best-in-class, lovable features in our four focus areas:

• Project Management
• Release Automation
• Application Security Testing
• Value Stream Management

Additionally, our FY20 goals include moving these categories to complete.

Breadth

We wouldn't be true to our ambition if we stopped with our current product categories. Across our existing DevOps stages we'll continue to rapidly expand with new categories.

For more information, check out our epics below:

Manage

• Code Analytics
• Workflow Policies

Plan

• Requirements Management
• Quality Management

Create

• Design Management
• Live Coding

Verify

• System Testing
• Usability Testing
• Accessibility Testing
• Compatibility Testing

Package

• Rubygem Registry
• Linux Package Registry
• Helm Chart Registry
• Dependency Proxy

Secure

• Secret Detection
• IAST
• Fuzzing

Release

• Release Governance

Configure

• PaaS
• Chaos Engineering
• Cluster Cost Optimization

Monitor

• Synthetic Monitoring
• Incident Management
• Status Page

Defend

• Web Application Firewall
• Vulnerability Management
• Threat Detection
• Runtime Application Self Protection
• User Entity & Behavior Analytics
• Data Loss Prevention
• Container Network Security

We are additionally prioritizing getting these categories from Minimal to Viable.

Personas

GitLab enables everyone to contribute. Our platform can be used by all people contributing to digital content.

We've already built great workflows and dashboards for:

• Developers
• Project Managers

We are investing in our relatively new roles:

• Release Managers
• Security
• Operations

We plan to expand to more roles in FY2020:

• Designers
• Product Managers
• Executives

Other candidates:

• Marketing
• Legal
• QA
• Data Scientists

Application Types

Application types represent both different application types (web applications, mobile apps) and architectures (monorepos, microservices). Gitlab continues to deliver and replace the disparate DevOps toolchain for both static sites and traditional web applications. These are two examples of application types. We're actively investing in more robust support for new application types such as cloud native and mobile apps, but we aren't done there. GitLab will expand to enable collaboration on new application types. More details.

In FY20, we're targeting:

• Mobile apps (including iOS builds on MacOS shared runners on GitLab.com)
• Serverless functions
• Systems of microservices
• Monorepos of related services
• Versioned dependencies (e.g. rubygems)

Future application types:

• Data science
• ML/AI
• Security research
• Gaming (LFS / Monorepo with many binaries)

Company Initiatives

We are also tracking big initiatives for the entire company or for the application at a holistic level that impact the product. These items have their own planning and goals, and typically bridge several (and in some cases even all) of the stages in the product. Some have formal working groups. There are other formal working groups that are not mentioned here as this list focuses on efforts that Product is directly involved with.

• Internationalization
• Elastic Search on GitLab.com
• GitLab.com using CD
• GraphQL
• Design system

Enterprise editions

GitLab comes in 4 editions:

• Core: This edition is aimed at solo developers or teams that do not need advanced enterprise features. It contains a complete stack with all the tools developers need to ship software.
• Starter: This edition contains features that are more relevant for organizations that have more than 100 potential users. For example:
  • features for managers (reports, management tools at the group level,…),
  • features targeted at developers that have to work in multi-disciplinary teams (merge request approvals,…),
  • integrations with external tools.
• Premium: This edition contains features that are more relevant for organizations that have more than 750 potential users. For example:
  • features for instance administrators
  • features for managers at the instance level (reporting, management tools, roles,…)
  • features to help teams that are spread around the world
  • features for people other than developers that help ship software (support, QA, legal,…)
• Ultimate: This edition contains features that are more relevant for organizations that have more than 5000 potential users. For example:
  • compliances and certifications,
  • change management.

Maturity

As we add new categories and stages to GitLab, some areas of the product will be deeper and more mature than others. We publish a list of the categories, what we think their maturity levels are, and our plans to improve on our maturity page.

Scope

We try to prevent maintaining functionality that is language or platform specific because they slow down our ability to get results. Examples of how we handle it instead are:

1. We don't make native mobile clients, we make sure our mobile web pages are great.
2. We don't make native clients for desktop operating systems, people can use Tower and for example GitLab was the first to have merge conflict resolution in our web applications.
3. For language translations we rely on the wider community.
4. For Static Application Security Testing we rely on open source security scanners.
5. For code navigation we're hesitant to introduce navigation improvements that only work for a subset of languages.
6. For code quality we reuse Codeclimate Engines.
7. For building and testing with Auto DevOps we use Heroku Buildpacks.

Outside our scope are Kubernetes and everything it depends on:

1. Network (fabric) Flannel, Openflow, VMware NSX, Cisco ACI
2. Proxy (layer 7) Envoy, nginx, HAProxy, traefik
3. Ingress (north/south) Contour, Ambassador,
4. Service mesh (east/west) Istio, Linkerd
5. Container Scheduler we mainly focus on Kubernetes, other container schedulers are: CloudFoundry, OpenStack, OpenShift, Mesos DCOS, Docker Swarm, Atlas/Terraform, Nomad, Deis, Convox, Flynn, Tutum, GiantSwarm, Rancher
6. Package manager Helm, ksonnet
7. Operating System Ubuntu, CentOS, RHEL, CoreOS, Alpine Linux

During a presentation of Kubernetes Brendan Burns talks about the 4 Ops layers at the 2:00 mark:

1. Application Ops
2. Cluster Ops
3. Kernel/OS Ops
4. Hardware Ops

GitLab helps you mainly with application ops. And where needed we also allow you to monitor clusters and link them to application environments. But we intend to use vanilla Kubernetes instead of something specific to GitLab.

Also outside our scope are products that are not specific to developing, securing, or operating applications and digital products.

1. Identity management: Okta and Duo, you use this mainly with SaaS applications you don't develop, secure, or operate.
2. SaaS integration: Zapier and IFTTT
3. Ecommerce: Shopify

In scope are things that are not mainly for SaaS applications:

1. Network security, since it overlaps with application security to some extent.
2. Security information and event management (SIEM), since that measures applications and network.
3. Office productivity applications, since "We believe that all digital products should be open to contributions, from legal documents to movie scripts and from websites to chip designs"

Quarterly Objectives and Key Results (OKRs)

To make sure our goals are clearly defined and aligned throughout the organization, we make use of OKR's (Objective Key Results). Our quarterly Objectives and Key Results are publicly viewable.

Your contributions

GitLab's direction is determined by GitLab the company, and the code that is sent by our contributors. We continually merge code to be released in the next version. Contributing is the best way to get a feature you want included.

On our issue tracker for CE and EE, many requests are made for features and changes to GitLab. Issues with the Accepting Merge Requests label are pre-approved as something we're willing to add to GitLab. Of course, before any code is merged it still has to meet our contribution acceptance criteria.

How we plan releases

At GitLab, we strive to be ambitious, maintain a strong sense of urgency, and set aspirational targets with every release. The direction items we highlight in our kickoff are a reflection of this ambitious planning. When it comes to execution we aim for velocity over predictability. This way we optimize our planning time to focus on the top of the queue and deliver things fast. We schedule 100% of what we can accomplish based on past throughput and availability factors (vacation, contribute, etc.).

See our product handbook on how we prioritize.

Previous releases

On our releases page you can find an overview of the most important features of recent releases and links to the blog posts for each release.

Upcoming releases

GitLab releases a new version every single month on the 22nd. You can find the major planned features for upcoming releases on our upcoming releases page.

Note that we often move things around, do things that are not listed, and cancel things that are listed.

Moonshots

Moonshots are big hairy audacious goals that may take a long time to deliver.

• META: Internationalization / add translations
• Implement cross-server (federated) merge requests
• Real-time editing of issue and merge request title
• Allow pushing to multiple servers
• Rebuild/update all containers Premium
• Make native applications for iOS and Android with Turbolinks
• Run tests in the cloud, pre-commit from a client
• Copy-on-write fuse filesystem
• Autocommit using auto-assigned approvers
• Suggest edits to fix common errors detected by CI
• Code to issue audit
• Clone MR
• Use machine learning to automatically classify issues/MRs
• Visual editor for .gitlab-ci.yml
• IDE / editor with a local editor via mirroring / sync
• Auto Remediate dependency security vulnerabilities Ultimate
• Render like BigPipe for better perceived performance
• Real-time editing of issue and merge request description
• Failure Injection Testing (FIT) or Chaos as part of operations features Premium
• See visual diff in review app
• Machine learning to predict and offer next label to apply
• PeopleOps tool - Talent management (recruiting in particular)

Paid tiers

Starter

Starter features are available to anyone with an Enterprise Edition subscription (Starter, Premium, Ultimate).

• View the history of changes to an issue/mr/epic description 12.7
• Blocking issues MVC: (add support for issue dependencies) 12.7
• Full Code Quality Report 12.7
• Board list capacity controls (WIP Limits MVC) 12.7
• Collect events data for burnup and burndown charts 12.7
• Assign an issue to more than one timebox (Milestone, Sprint, etc.) 12.8
• Add burnup chart to milestones 12.8
• Track changes in merge request approval settings in the audit log 12.8
• Include "changed pages" widget in visual reviews 12.8
• Raise warning when closing an issue with open blockers 12.8
• Configure push rules at a group level 12.8
• Visually Differentiate Blocked Issues 12.8
• Enable/Disable and Create Different Timeboxes 12.8
• Code quality on master 12.9
• Image Annotations for Visual Review tool 12.9
• Add ability to take screenshot in Visual Review Tool 12.9
• Allow fork pipelines to run in parent project 12.9
• Automatically wire in visual reviews in sample applications 12.9
• Add group-level wiki Backlog
• Graph history of pipeline durations Backlog
• Restrict group approvers to groups that have share access to the project Backlog
• Pipeline timing graphs Backlog
• Show fuller code quality notices inside the MR widget Backlog
• Visualize jobs duration given a pipeline (chart, graph) Backlog
• Auto Coverage Backlog
• Constant Deployment Backlog
• Continue code quality: show result when Pipeline runs Backlog
• Connect to GitHub Enterprise at group level Backlog
• Pin (star) boards you care about Backlog
• Actionable analytics MVC Backlog
• zero-downtime Elasticsearch re-indexing Backlog
• Show list of code reviews on the merge request Backlog
• Add full screen annotations to Visual Review tool Backlog
• Auto-determine most efficient parallelization factor for test runs Backlog
• Step 3: Add mapping version to ElasticSearch indices in the Admin UI Backlog
• Step 4: Add projects list for fully indexed Elastic Search index Backlog
• Documentation: Elasticsearch Administration UI Redesign Backlog
• Integration Testing MVC: API testing results in the MR Backlog

Premium

Premium features are only available to Premium (and Ultimate) subscribers.

• Cross-project build artifacts dependencies 12.7
• Allow admins to disable users ability to change profile name 12.7
• Trigger pipeline when another project is rebuilt 12.7
• Use CI/CD to update to update the Conan Repository 12.7
• Prevent accidental deletions via soft delete for groups 12.7
• Use GitLab metadata to verify and troubleshoot packages 12.7
• List connected group SAML identities for SAML SSO 12.7
• Audit events in admin interface of user edits 12.8
• Scope merge request approval rules to protected branches 12.8
• Build, publish and share packages to the GitLab NuGet (.NET) Repository 12.8
• Audit Log: Include username changes 12.8
• Automated a11y scanning of Review Apps MVC 12.8
• [PARENT] Generate smaller versions of design images when new versions are uploaded 12.8
• Multiple feature flag strategies per environment 12.8
• Make managing feature flag environments and strategies easier 12.8
• Customizable cycle analytics: general availability 12.8
• Single Level Group Epics & Roadmap in GitLab Premium 12.8
• Disable self-approval at the Instance level 12.8
• Implement inline code coverage remarks inside merge request changes tab file diffs 12.9
• Display screenshots with JUnit errors MVC 12.9
• Detect and report on flaky tests 12.9
• Integrate k6 for Integrated Testing 12.9
• Vault integration for key/value secrets MVC 12.9
• NPM Registry - allow custom scopes 12.9
• Graph code coverage changes over time for a project 12.9
• Merge Trains should support fast forward merge 12.9
• Webhooks/Services events for releases in integrations 12.10
• PyPi Artifact Repository MVC 12.10
• Merge request pipelines for forks for post-merge result 12.10
• Show code quality notices on diffs/MRs 13.0
• Action Items 13.0
• Code analytics Backlog
• Graph testing results over time MVC Backlog
• Approvers based on code Git blame Backlog
• Rebuild/update all containers Backlog
• Verified and reproducible builds Backlog
• Block merge request with a negative approval signal Backlog
• Turnstile security: self learning and location dependent
• Watermarking of downloaded binaries
• Advanced compliance reporting (on access rights)
• Rebase and merge with one click Next 4-7 releases
• Automatic CDN configuration for Pages Backlog
• Import JIRA project issues into GitLab project issues Next 3-4 releases
• Feature monitoring Backlog
• Add "Jira integration" to multiple projects at once Backlog
• Block deploy/promote/merge if degrade performance too much Next 4-7 releases
• Use Case: Distributed Systems / Microservices Backlog
• More control over manual action permissions Backlog
• Controllable permissions for CI tokens Backlog
• Operator role Awaiting further demand
• Automatically assign SLA time for Service Desk issues
• Automatically Load-balance tests Backlog
• Create GitLab branch from Jira issue Backlog
• View GitLab merge request approvals information in associated JIRA issue Backlog
• Service Desk Analytics Backlog
• Environment-specific variables for Group-level variables Backlog
• Helm Charts Package Manager MVC Backlog
• Real-time updates in Jira dev panel with DVCS connector Backlog
• Automatic flaky test minimization Backlog
• Scale deployments directly from the environment page Awaiting further demand
• Autoscaling apps Awaiting further demand
• Application idling / scale to zero Backlog
• META: Code review flow which doesn't rely on manual assignment
• Control incremental rollouts in the UI Backlog
• Increase visibility of incremental rollouts in deploy boards Backlog
• Button to auto-provision required files for Maven integration Backlog
• Debian Package Manager MVC Backlog
• RPM Package Manager MVC Backlog
• Compliance features Backlog
• Create an alert in Audit Events Next 3-4 releases
• Burndown chart in issue boards Next 3-4 releases
• Make timed incremental rollout move forward only Backlog
• Failure Injection Testing (FIT) or Chaos as part of operations features Backlog
• Automatic multi-cloud validation MVC Backlog
• Add feature flag permissions Backlog
• Automatically create change request ticket in ServiceNow Awaiting further demand
• Dependency proxy for GitLab Maven package repositories Backlog
• Dependency proxy for GitLab NPM package repositories Backlog
• GitLab NPM Registry to support npm tags Backlog
• Show frequently visited projects when adding projects to Operations Dashboard Backlog
• CI View for detailed site speed metrics Backlog
• Add link to detailed sitespeed report from Merge Request Backlog
• Maven Repository Group endpoint to support sub-groups Backlog
• Update node.js template to automatically push to the NPM registry Backlog
• Add integrated load testing to Auto DevOps Backlog
• Add support for .HAR file to integrated load testing Backlog
• Measure usage of Integrated Load Testing Backlog
• Extend metrics to allow for groups of metrics Backlog
• Allow multiple jobs to specify metrics Backlog
• Expose previous stages metrics to the current job Backlog
• Public pipeline page MVC Backlog
• Group level required CI jobs (group level required include:) Backlog
• Add cookie-based access to Feature Flags Backlog
• Storage limits for the Dependency Proxy Backlog
• Project and Group level support for Conan Repository Backlog
• Search and discover items in the dependency proxy Backlog
• Visualize Language Trends over Time Backlog
• Expand pipeline dashboard to contain stages Backlog
• Group level pipeline dashboard Backlog
• Differentiate between jobs run with Enforce template inclusion in pipelines Backlog
• Allow annotations on designs to be resolvable. Backlog
• OR for Events in Cycle Analytics Backlog
• Allow users to create events in Cycle Analytics Next 3-4 releases
• [FE] Productivity Analytics - Type of Work (pre-defined) Backlog
• Feature Flag Environment Permissions together with User IDs Backlog
• Enable CSV export on Cycle Analytics/ Productivity Analytics Backlog
• Add ability to click on a dot in prod analytics scatter plot graph Backlog
• Ability to change the name of a graph as per user's own definition Backlog
• Users should be able to add Designs during Issue creation Backlog
• Cycle Analytics: Allow different object types to be selected in 1 stage Backlog
• Cycle Analytics: Count in-stage items toward stage totals Backlog
• Cycle Analytics: Save, load, share a template at a user level Backlog
• Allow users to set up targets/alerts on their charts Backlog
• Productivity Analytics: Add number of comments Backlog
• Productivity analytics scatterplot: Create light blue band between 25% and 75% percentile Backlog
• Differentiate between package types in the group level package registry Backlog
• Add a histogram for cycle analytics Next 3-4 releases
• Comparing projects, groups, subgroups Backlog
• Show status of all MRs Backlog
• Leaderboard according to specified metrics Backlog
• Alert dashboard with operational risk events Backlog
• [BE] Productivity Analytics - Type of Work (pre-defined) - API endpoint Backlog
• [FE] Implement a date picker for code hotspots Backlog
• Code Hotspots - MVC/V1 Backlog
• Define Feature Flag type Backlog
• Add JSON reporter to produced artifacts in Automated Accessibility Backlog
• Add HTML reporter to produced artifacts in Automated Accessibility Backlog
• [Meta] GitLab HA improvements post GA Next 7-13 releases

Ultimate

Ultimate is for organizations that have a need to build secure, compliant software and that want to gain visibility of - and be able to influence - their entire organization from a high level. Ultimate features are only be available to Ultimate subscribers.

• Display in MR if security report is outdated 12.7
• Weight and progress information in roadmap epic bars 12.7
• Instance level Security Dashboard MVC 12.7
• Filter issue list by epic 12.7
• Document steps to run offline SAST for self-hosted instances 12.7
• WhiteSource Integration path to Ultimate 12.7
• Add epic option while creating a new issue in UI 12.7
• MVC: Install a default NetworkPolicy object into GitLab-managed Kubernetes clusters (Container network security) 12.7
• MVC: Allow users to create requirements 12.7
• Group-level compliance dashboard MVC 12.7
• Include epic id in csv export 12.7
• Add filtering issues by epics to the epics finder 12.7
• Add filtering issues by subepics 12.7
• Include information about epic/subepic in the issue list 12.7
• Filter issue list by epic (direct parent) 12.7
• Show milestones in roadmap 12.8
• Expand epics in roadmap to view hierarchy 12.8
• Support go in Dependency Scanning (alpha* because the scanner viable but limited results/findings) 12.8
• Custom rules for Web Application Firewall 12.8
• Show the list of resources scanned by DAST 12.8
• Improve Monitoring with support for alerts on computed capacity metrics 12.8
• MVC Standalone Vulnerability objects (Vulnerability Management) 12.8
• Add license "Policy" tab to 'License Compliance' page so that users can easily see existing license policies when viewing licenses 12.8
• WAF statistics reporting 12.8
• Add affected projects feature to instance security dashboard 12.8
• Allow user to add and edit license policies 12.8
• Understanding the "Health Status" of my work 12.8
• Credential inventory for group managed accounts 12.8
• MVC: Apply compliance controls to projects 12.8
• New Epics can be created as Confidential 12.8
• SAST for .NET Framework 12.9
• Discovery: Group License Compliance 12.9
• Post-deployment monitoring (continuous verification) MVC 12.9
• Executable Runbooks for Releases MVC 12.9
• Provide generic SAST analyzer for custom security scans 12.9
• Make DAST configurable for speed, coverage, and other use cases 12.9
• MVC: Perform secret detection on full history of the repository 12.9
• MVC Container Intrusion Detection System (Threat Detection) 12.9
• Custom NetworkPolicy object support for clusters 12.9
• Cluster NetworkPolicy statistics 12.9
• Intrusion Detection System statistics 12.9
• Show Security Dashboard as the default project overview content 12.10
• Create policies framework for deny (Policies MVC) 12.10
• Webhooks/Services events for releases in integrations 12.10
• Display 'License-Check' approval rule in the license compliance section 13.1
• Access issue custom fields from project level Backlog
• Auto Remediate dependency security vulnerabilities Backlog
• Custom workflows - Group configuration Backlog
• Web Terminal with persistent disk Next 7-13 releases
• Defect management
• Pipeline analyses to find transient failure Backlog
• Show current status of pods in deploy board Backlog
• Disable deleting issues and merge requests instance wide Backlog
• Lock issue title and description forever Backlog
• Change control
• Custom fields with required validation Backlog
• Configure group-level issue custom field Backlog
• Configure project-level issue custom field with enumerated (dropdown) field type Backlog
• GitLab Tracing Backlog
• Synthetic monitoring (production scripted testing) Backlog
• Anomaly alerts MVC Backlog
• Application Log Alerts Next 3-4 releases
• Expand and collapse roadmap epic bars to show Issues Backlog
• Risk management Next 7-13 releases
• What-if scenario planning
• Show Security Testing results on the environments page Next 4-7 releases
• Add epics to global search Backlog
• Detect & Alert on manual changes to Kubernetes configuration Backlog
• Email notification for security reports Next 4-7 releases
• Execute linter in Web IDE runner and render linter output in the Web IDE Next 4-7 releases
• Monitor device-plugin resources in Kubernetes Awaiting further demand
• Instance level Security Dashboard as an option for default dashboard Next 3-4 releases
• Burndown chart with stacked lines in boards Backlog
• Value stream analytics in board
• Time analytics line chart Backlog
• Burndown chart in issue boards Next 3-4 releases
• View fixed vs inherited start and due dates of epics on roadmap Backlog
• Security Control Panel for security testing Backlog
• Binary Authorization MVC Backlog
• VSM: Bar chart for workflow analytics
• Epic swimlanes in board Backlog
• Use both fixed and inherited dates in epics to track delays Backlog
• Add mean remediation time in the Security Dashboard Next 4-7 releases
• Cumulative flow diagram in board Next 3-4 releases
• Discussion thread in board Backlog
• Test run object (or issue verification object generally) Backlog
• Benefit-weight ratio (WSJF in SAFe) visualization Backlog
• Option to enable Binary Authorization in new GKE clusters Backlog
• Epic cost, benefit, ROI fields Backlog
• Planning epics with WSJF in SAFe (benefit-weight ratio) Backlog
• Add Severity level to Gemnasium vulnerabilities Backlog
• Calendar showing issues on issue due dates Backlog
• Group Security Dashboard API Next 3-4 releases
• Blocking epics
• Import HackerOne reports into GitLab
• Inline vulnerability management for the Group Security Dashboard Backlog
• Update HackerOne reports based on remediation flow in GitLab Backlog
• Value stream analytics - Two label events for cycle time Backlog
• Show the detailed status of security testing in the merge request
• Only allow valid start and end dates for epics Backlog
• Provide Dashboard for insight into production monitoring of applications MVC Next 3-4 releases
• Ability to add selected Kubernetes clusters to Operations Dashboard Next 3-4 releases
• Evaluate Turbot for partnership or acquisition
• Post Deployment - DORA 4 Metrics Backlog
• Show the list of resources scanned by DAST in pipelines' security dashboard
• Update an existing Epic to be Confidential Backlog

Actionable feedback

Deployments should never be fire and forget. GitLab will give you immediate feedback on every deployment on any scale. This means that GitLab can tell you whether performance has improved on the application level, but also whether business metrics have changed.

Concretely, we can split up monitoring and feedback efforts within GitLab in three distinct areas: execution (cycle analytics), business and system feedback.

Business feedback

With the power of monitoring and an integrated approach, we have the ability to do amazing things within GitLab. GitLab will be able to automatically test commits and versions through feature flags and A/B testing.

Business feedback exists on different levels:

• Short term: how does a certain change perform? Choose A/B based on data.
• Medium term: did a particular new feature change conversions, engagement

• Long term: how do larger efforts relate to changes in conversations, engagement, revenue

• A/B Testing of branches

Application feedback

Your application should perform well after changes are made. GitLab will be able to see whether a change is causing errors or performance issues on application level. Think about:

• Response times of e.g. a backend API
• Error rates and occurrences of new bugs
• Changes in API calls

System feedback

We can now go beyond CI and CD. GitLab will able to tell you whether a change improved performance or stability. Because it will have access to both historical data on performance and code, it can show you the impact of any particular change at any time.

System feedback happens over different time windows:

• Immediate: see whether changes influence availability and alert if they do
• Short-medium term: see whether changes influence system metrics and performance

• Medium-Long term: did a particular effort influence system status

• Implemented: Performance Monitoring
• Status monitoring and feedback
• Feature monitoring

Execution feedback & Cycle Analytics

GitLab is able to speed up cycle time for any project. To provide feedback on cycle time GitLab will continue to expand cycle analytics so that it not only shows you what is slow, it’ll help you speed up with concrete, clickable suggestions.

• Cycle Speed Suggestions

ML/AI at GitLab

Machine learning (ML) through neural networks is a really great tool to solve hard to define, dynamic problems. Right now, GitLab doesn't use any machine learning technologies, but we expect to use them in the near future for several types of problems.

Signal / noise separation

Signal detection is very hard in a noisy environment. GitLab intends to use ML to warn users of any signals that stand out against the background noise in several features:

• security scans, notifying the user of stand-out warnings or changes
• error rates and log output, allowing you to rollback / automatically rollback a change if the network notices aberrant behavior

Recommendation engines

Automatically categorizing and labelling is risky. Modern models tend to overfit, e.g. resulting in issues with too many labels. However, similar models can be used very well in combination with human interaction in the form of recommendation engines.

• suggest labels to add to an issue / MR (one click to add)
• suggest a comment based on your behavior
• suggesting approvers for particular code

Smart behavior

Because of their great ability to recognize patterns, neural networks are an excellent tool to help with scaling, and anticipating needs. In GitLab, we can imagine:

• auto scaling applications / CI based on past load performance
• prioritizing parallelized builds based on the content of a change

Code quality

Similar to DeepScan.

Code navigation

Similar to Sourcegraph.

Audit events

Identifying anomalous activity within audit events systems can be both challenging and valuable. This identification is difficult because audit events are raw, objective data points and must be interpreted against an organization's company policies. Knowing about anomalous behavior is valuable because it can allow GitLab administrators and group owners to proactively manage undesireable events.

This a difficult problem to solve, but can help to drastically reduce the overhead of managing risk within a GitLab environment.