Tactical Priorities - Compliance

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.

This page captures our priorities at a finer-grained level than the main group direction page. It shows major topics and projects that we are working on and prioritizing. It is stack ranked, which means that items at the top of the list are higher priority than items lower on the list.

This list highlights major initiatives but is not comprehensive. For specific work being done in an inidividual milestone, please refer to the appropriate milestone planning issues.

Priorities

Now

Priority	Name	DRI	Target release	Division
1	Custom compliance frameworks improvements	`hraghuvanshi, xanf`	`FY26Q2`	`Product`
2	(Size: XXL) Cells 1.0 - Compliance database tables work	`harsimarsandhu`	`FY26Q2`	`Engineering`
3	Adding key OOTB controls for most requested compliance frameworks	`andrew.jung`	`FY26Q2`	`Product`
4	Group Compliance overview dashboard	`harsimarsandhu, xanf`	`FY26Q2`	`Product`
5	Link violations to framework controls	`huzaifaiftikhar1, sam.figueroa`	`FY26Q2`	`Product`
6	OOTB Compliance Templates	`hraghuvanshi`	`FY26Q2`	`Product`
7	Consolidation of tables for streaming audit events to various external destinations	`hraghuvanshi`	`FY26Q2`	`Engineering`
8	Improve Compliance group metrics	`sam.figueroa`	`FY26Q2`	`Engineering`

Priority	Name	DRI	Target release	Division
1	Instance Level Compliance and Policy Management	`TBD`	`FY26Q3`	`Product`
2	Compliance Center Improvements	`xanf`	`FY26Q2`	`Product`
3	Migrate Audit Events to ClickHouse Cloud	`TBD`	`FY26Q3`	`Engineering`
4	Framework change history	`TBD`	`FY26Q2`	`Product`
5	Scaling Compliance testing	`TBD`	`FY26Q2`	`Engineering`
6	Standardise compliance group features components	`TBD`	`FY26Q3`	`Engineering`
7	Framework Review Date	`TBD`	`FY26Q3`	`Product`

Later

Priority	Name	DRI	Target release	Division
1	Compliance remediation workflow	`TBD`	`FY26Q4`	`Product`
2	Continuous Compliance Dashboard	`TBD`	`FY26Q4`	`Product`
3	Increase test coverage for Compliance features	`TBD`	`FY26Q3`	`Engineering`
4	Internal custom controls	`TBD`	`FY26Q4`	`Product`
5	Audit Event data retention settings	`TBD`	`FY26Q4`	`Engineering`
6	Compliance Center - Group Overview Dashboard Improvements	`TBD`	`ongoing`	`Product`
7	Explore using OPA to evaluate compliance controls	`TBD`	`FY26Q4`	`Engineering`
8	Automate the application of compliance frameworks as 'default' based on certain project meta-data (e.g. labels)	`TBD`	`uncategorised`	`Product`
9	Ability to create a common compliance framework (CCF)	`TBD`	`uncategorised`	`Product`
10	Split compliance frameworks from framework labels to use labels as group meta-data	`TBD`	`uncategorised`	`Product`
11	Include a requirements tab or a filtered view for Requirements	`TBD`	`TBD`	`Product`

Ongoing

Priority	Name	DRI	Target release	Division
1	Compliance Pipeline to Security Policy Migration	`sam.figueroa`	`FY26Q3`	`TBD`
2	Compliance UX improvement/bugs track	`TBD`	`ongoing`	`Product`

Uncategorised

Priority	Name	DRI	Target release	Division
1	Organization Level Compliance Management	`TBD`	`uncategorised`	`Product`
2	Enforce project settings with compliance frameworks	`TBD`	`uncategorised`	`TBD`
3	Improved discoverability and findability for compliance management and security features	`TBD`	`uncategorised`	`Product`
4	Third party connector to Snowflake	`TBD`	`uncategorised`	`Product`
5	Test Streaming Audit Events configuration and surface connection issues	`TBD`	`uncategorised`	`Product`
6	Framework controls to add	`TBD`	`uncategorised`	`Product`
7	Comprehensive audit log	`nrosandich`	`ongoing`	`Product`
8	Expand audit event report usability	`TBD`	`uncategorised`	`TBD`
9	Add a version field to the audit event schema	`TBD`	`uncategorised`	`Engineering`
10	Apply a requirement from a compliance framework across different groups	`TBD`	`uncategorised`	`Product`
11	Add categories for compliance frameworks	`TBD`	`uncategorised`	`Product`
12	Generate policies from compliance framework requirements	`TBD`	`uncategorised`	`Product`
13	Workflow to review and discuss changes before removing/adding compliance frameworks	`TBD`	`uncategorised`	`Product`
14	Upload or store compliance documentation directly in GitLab alongside the defined requirements	`TBD`	`uncategorised`	`Product`
15	Compliance AI ideas	`TBD`	`uncategorised`	`Product`
16	Update compliance framework project section to use hierarchy	`TBD`	`uncategorised`	`Product`
17	Enhance security policy integration with compliance frameworks	`TBD`	`uncategorised`	`Product`
18	Move audit event streaming to NATS.io queues and topics	`TBD`	`uncategorised`	`Engineering`
19	Improvements to Audit Events Stream Destinations UI	`TBD`	`uncategorised`	`Product`
20	Add event type information for all streaming audit events	`TBD`	`uncategorised`	`Engineering`
21	Compliance frameworks improvements	`TBD`	`ongoing`	`Product`
22	Improved Admin and Group-level branch protection settings	`TBD`	`ongoing`	`TBD`
23	Allow filtering of streamed audit events	`TBD`	`uncategorised`	`Product`
24	Integrate with 3rd-party storage systems	`TBD`	`uncategorised`	`Product`
25	Compliance Violations Report improvements	`TBD`	`ongoing`	`TBD`
26	Support for OCSF	`TBD`	`uncategorised`	`Product`
27	New policy type: overwrite group/project general settings	`TBD`	`uncategorised`	`TBD`
28	Chain of Custody report	`TBD`	`uncategorised`	`TBD`
29	Categorisation of Controls for Compliance Frameworks	`TBD`	`uncategorised`	`Product`
30	Streaming only audit events	`TBD`	`uncategorised`	`Product`
31	Pseudonymize of user data in audit events report	`TBD`	`uncategorised`	`Product`
32	Explore allowing audit events from external services	`TBD`	`FY26Q4`	`Engineering`
33	Link parts of security policy YAML to associate to requirements under compliance frameworks	`TBD`	`uncategorised`	`Product`

Tactical Priorities - Compliance

Priorities

Now

Next

Later

Ongoing

Uncategorised