Tactical Priorities - Compliance

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.

This page captures our priorities at a finer-grained level than the what's next section does. It shows major topics and projects that we are working on and prioritizing. It is stack ranked, which means that items at the top of the list are higher priority than items lower on the list.

This list highlights major initiatives but is not comprehensive. For specific work being done in an inidividual milestone, please refer to the appropriate milestone planning issues.

Priorities

Priority	Name	DRI	Target release	Division	Roadmap
1	Custom Adherence configuration MVC	`hraghuvanshi, nradina, huzaifaiftikhar1`	`18.0`	`division::Product`	`roadmap::now`
2	Compliance Pipeline to Security Policy Migration	`sam.figueroa`	`18.0`	`division::Product`	`roadmap::now`
3	Compliance Center Improvements	`xanf`	`17.8`	`division::Product`	`roadmap::now`
4	Consolidation of tables for streaming audit events to various external destinations	`hraghuvanshi`	`17.9`	`division::Engineering`	`roadmap::now`
5	Govern:Compliance group engineering and product metrics	`sam.figueroa`	`18.0`	`division::Engineering`	`roadmap::now`
6	(Size: XXL) Cells 1.0 - Compliance database tables work	`harsimarsandhu`	`18.6`	`division::Engineering`	`roadmap::now`
7	External customisable standard adherence checks	`TBD`	`TBD`	`division::Product`	`roadmap::next`
8	Give compliance users a 'single pane of glass' to view aggregate information with respect to their checks and violations	`TBD`	`TBD`	`division::Product`	`roadmap::next`
9	Add compliance adherence requirement for each security scanner	`TBD`	`TBD`	`division::Product`	`roadmap::next`
10	Migrate Audit Events to ClickHouse Cloud	`TBD`	`TBD`	`division::Engineering`	`roadmap::later`
11	Show compliance progress for SOC2 based on the starting seven criteria	`TBD`	`TBD`	`division::Product`	`roadmap::next`
12	Enforce project settings with compliance frameworks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
13	Add CIS Benchmark as a Compliance Standard	`TBD`	`TBD`	`division::Product`	`roadmap::next`
14	Improved discoverability and findability for compliance management and security features	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
15	Compliance UX improvement/bugs track	`TBD`	`TBD`	`division::Product`	`roadmap::ongoing`
16	Compliance adherence report violations	`TBD`	`TBD`	`division::Product`	`roadmap::next`
17	Third party connector to Snowflake	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
18	Organization Level Compliance Management	`TBD`	`TBD`	`division::Product`	`roadmap::later`
19	Instance-Level Compliance and Policy Management	`TBD`	`TBD`	`division::Product`	`roadmap::later`
20	Comprehensive audit log	`nrosandich`	`18.0`	`division::Product`	`roadmap::ongoing`
21	Increase test coverage for Govern:Compliance	`TBD`	`TBD`	`division::Engineering`	`roadmap::next`
22	Expand audit event report usability	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
23	Add a version field to the audit event schema	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
24	Test Streaming Audit Events configuration and surface connection issues	`TBD`	`TBD`	`division::Product`	`roadmap::later`
25	Repository configuration checks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
26	ISO 27001 compliance checks	`TBD`	`TBD`	`division::Product`	`roadmap::later`
27	Internal custom checks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
28	Apply a requirement from a compliance framework across different groups	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
29	Track and resolve failed Adherence report checks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
30	Add categories for compliance frameworks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
31	NIST 800-53 compliance controls	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
32	Generate policies from compliance framework requirements	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
33	Standardise compliance group features components	`TBD`	`TBD`	`division::Engineering`	`roadmap::uncategorised`
34	Workflow to review and discuss changes before removing/adding compliance frameworks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
35	Workflow To Identify, Resolve and Record The Actions Taken To Resolve A Failed Control or Violation	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
36	Improved Admin and Group-level branch protection settings	`TBD`	`TBD`	`division::Product`	`roadmap::ongoing`
37	Allow filtering of streamed audit events	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
38	Integrate with 3rd-party storage systems	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
39	Add event type information for all streaming audit events	`TBD`	`TBD`	`division::Product`	`roadmap::later`
40	Standards Adherence Report Improvements	`TBD`	`TBD`	`division::Product`	`roadmap::later`
41	Compliance Violations Report improvements	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
42	Compliance frameworks improvements	`TBD`	`TBD`	`division::Product`	`roadmap::later`
43	Compliance Framework report add change history	`TBD`	`TBD`	`division::Product`	`roadmap::later`
44	Audit Event data retention settings	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
45	Add availability level to audit events	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
46	Support for OCSF	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
47	New policy type: overwrite group/project general settings	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
48	Chain of Custody report	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
49	Metrics Dashboard for Continuous Compliance Monitoring	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
50	Custom Adherence configuration improvements	`TBD`	`TBD`	`division::Product`	`roadmap::ongoing`
51	Explore using OPA to evaluate compliance controls	`TBD`	`TBD`	`division::Engineering`	`roadmap::uncategorised`
52	PCI-DSS compliance checks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
53	Categorisation of Controls for Compliance Frameworks	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`
54	Streaming only audit events	`TBD`	`TBD`	`division::Product`	`roadmap::uncategorised`

*This page may contain information related to upcoming products, features and functionality.

It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes.

Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.*