View the TAM Handbook homepage for additional TAM-related handbook pages.
The main purpose of Usage Ping is to build a better GitLab. Data about how GitLab is used is collected to better understand feature/stage adoption and usage, which helps us understand how GitLab is adding value and helps our team better understand the reasons why people use GitLab and with this knowledge we are able to make better product decisions.
The usage ping is opt-out. If you want to deactivate this feature, go to the Settings page of your administration panel and uncheck the Usage ping checkbox.
You can view the payload at "/admin/application_settings/metrics_and_profiling" in the Usage Statistics section and press the "View Payload" button.
Based on what we understood from the concerns expressed, GitLab would like to understand more about the security controls and regulatory requirements that you have to meet. We've seen several risk-mitigating solutions where similar concerns regarding "outbound data transfers", and data leaving a secured boundary. Are there specific team members from security/compliance/privacy organizations that might provide additional insights? We understand your concerns and would be happy to have a call with our security team, product team along with your security team to talk through any issues we may help resolve. Before our call can you provide what compliance requirements that your company has to meet?
Yes, you are able to extract this information manually and review prior to sending to GitLab. Here are the steps:
At this time, it will be a manual process to save each ping and analyze the metrics over time. We are starting to explore the possibilities of allowing the payload to be saved and analyzed more easily.
The main purpose of Usage Ping is to build a better GitLab. Data about how GitLab is used is collected to better understand feature/stage adoption and usage, which helps us understand how GitLab is adding value and helps our team better understand the reasons why people use GitLab and with this knowledge we are able to make better product decisions. We would like to discuss what usage data would be valuable to you and your user community.
The usage ping uses high-level data to help our product, support, and sales teams. It does not send any project names, usernames, or any other specific data.
Our documentation shows all usage statistics and content that is sent back to GitLab and we will make sure if there are any changes to this list you will be updated. When we change / update telemetry you can view the exact JSON payload in the administration panel. To view the payload: Navigate to the Admin Area > Settings > Metrics and profiling. Expand the Usage statistics section. Click the Preview payload button.
There is no personal or private data in the payload. It simply aggregates counters to help us all understand how the product is being used and not used. Where value is being had. You can inspect the data yourselves and have your security team sign-off on it. They can continue to monitor (via ELK stack) that GitLab is not breaking security policy with new releases. Please review and let us know your specific security concerns. We invite you to ship this data to an internal ELK stack, and sanitize it before sending to your GitLab Technical Account Manager. If we can get your security team to review and approve, we can fully automate this process so you don't have to go to the trouble.We understand your concerns and would be happy to have a call with our security team, product team along with your security team to talk through any issues we may help resolve.
We understand and would like to understand more about your security requirements. We have some questions that would be helpful to get answers to in order to meet those requirements:
We respect your organizations' network security policies and restrictions and understand there are situations where it is not feasible or technically possible to submit usage ping over the Internet. If Usage Ping is blocked by a firewall, load balancer, or proxy, you might consider modifying your network configuration to un-block the Usage ping payload from being sent to GitLab.
Also,If you see value in sharing Usage Ping data, but it's not technically possible for you to do so directly, would you be interested in a method by which the Usage ping payload could be manually generated and submitted in a way that is in compliance with your network security policy?