Upcoming features for paid tiers

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.

The list is an outline of Direction issues coming up in each paid tier. These are tentpole features – the most important features of upcoming releases – and don't include most contributions from volunteers outside the company. You can also view features organized by upcoming releases or past releases.

Note that we often move things around, do things that are not listed, and cancel things that are listed. Some of the things listed here might not ever be in GitLab. This is our best estimate of where new features will land, but is in no way definitive.

Paid tiers

Premium

Premium features are only available to Premium (and Ultimate) subscribers.

Reorder project badges 17.11
Support creating static badge images 17.11
Add sort actions to all columns in Storage view in Usage quotas 17.11
Reorder group badges 17.11
Support modification of badge text value 17.11
Ability to disable user invitations for Enterprise Users 18.0
Group member access assignment to empty groups are not working when user has minimal access role 18.0
Protected Conan packages 18.0
Remove bot users from pending approval list 18.0
Remove limit CI_JOB_TOKEN access scope 18.0
Log connection errors with database load balancing, instead of returning nil 18.0
Count query for issues list is very slow due to banned_users filter 18.0
Deprecate sidekiq delivery method for email ingestion 18.0
Post-merge pipeline status isn't showing the correct pipeline 18.0
Deprecate the Terraform CI/CD templates 18.0
Code quality report issue count does not match report 18.0
Add API endpoint for "Allow anyone to pull from Package Registry" 18.0
Review access to /runners/all API endpoint 18.0
API for inactive groups and projects in a group 18.0
Commit signing for GitLab UI commits on GitLab.com 18.0
Add "Manage Protected Tags" as a customizable permission 18.0
Add a configuration option for Self-Managed to allow top-level CI group sharing 18.0
Ensure archived groups cannot be transferred 18.0
Create 'archive' setting and expose it on Groups API to be checked/unchecked 18.0
When a group is marked as 'archived', appropriate alerts should be shown 18.0
When a group is marked as 'archived', appropriate badges should be shown 18.0
Backend API for the K8s dashboard tree 18.0
Clarify settings changes in Project Feature Audit Event logs 18.0
Update environment detail page to use webSocket connection for the Watch API 18.0
Compliance Center Enhancement: Display and Filter Archived Projects in Compliance Projects Report 18.0
Project archived/unarchived with API will not create an audit event 18.0
Proposal: Query advisory information via GraphQL 18.0
Last owner of GitLab.com group can be a bot 18.0
K8s Tree View: Migrate existing view to a new backend 18.0
Add audit events for LDAP sign ins 18.0
Direct-transfer placeholder users: list Enterprise users for re-assignment on gitlab.com 18.0
Support migration from cert-based to agent-based cluster integration by automation 18.0
[Feature flag] Rollout of manage_pat_by_group_owners_ready 18.0
Cleanup after multiple_todos feature-flag 18.0
Allow group and project members to subscribe to service account pipeline notifications 18.0
Expose error "This alias has already been taken" for Slack integration 18.0
Notice: Removal of End-of-Support SAST analyzer jobs 18.0
Create API to list archived and unarchived groups 18.0
Update settings for groups archive and unarchive APIs 18.0
Select the namespace with the CI context when using managed Kubernetes resources 18.0
Support migration from predefined variables to pipelines 18.0
Downstream pipeline job that uses environments with approvals is not clickable 18.0
Spike: refine performance improvements to Pipeline execution policies 18.0
Improve Pod Status Visualization for CrashLoopBackOff and ImagePullBackOff States 18.0
Update project policy to take ancestor archival into account 18.0
Move project's archive update service to a new service 18.0
Hide or highlight features in GitLab that are not available for the product offering 18.0
Prevent relevant group policies abilities when its archived 18.0
Remove OpenTofu CI/CD backport templates 18.0
Enable delayed deletion for personal namespace projects 18.0
Make the user deactivation MINIMUM_DAYS_CREATED a configurable feature / constant 18.0
Iteration added when issue is moved 18.0
Changing autoscaler policy causes runners to stop accepting jobs 18.0
Retain properly attributed activity log events for expired/revoked project/group access token activity 18.1
Feature Request: Customize the 'This user is blocked' Message when logging into GitLab as a Blocked User 18.1
Package Registry Guest Access Control Enhancement 18.1
Geo Replicables API: Add query arguments to the Bulk Update Mutation 18.1
Allow group owners to delete users of Enterprise Users 18.1
Add Target path to Container Scanning schema 18.1
Removal: GraphQL dependencyProxyTotalSizeInBytes field 18.11
Remove deprecated ContainerExpirationPolicy Graphql type 18.11
Archiving a group should create an audit event 18.2
In groups with Enterprise user enabled, owner can search that group enterprise users by private email 18.2
Hosted runners on macOS for GitLab.com - General Availability 18.3
Make Notification emails for Personal Access Token creation a configurable setting 18.3
Email Notifications for Expiring Tokens Sent to Group 'Maintainer' 18.3
Deprecation issue: CodeClimate-based Code Quality scanning will be removed 19.0
Make pipeline mini-graph representation more useable Next 1-3 releases
Swap in-app healthcheck with PQL handraise Next 1-3 releases
Usage Data: Detect and report kubernetes distribution type Next 1-3 releases
Add quick actions to the command palette Next 1-3 releases
Surface Lets Encrypt certificate request errors in GitLab Pages Next 1-3 releases
Allow custom CA for gitlab-workspaces-proxy Next 1-3 releases
Allow project cloner image to trust custom CA cert Next 1-3 releases
Add track_onboarding_progress for group approval rules Next 1-3 releases
System hook to signal Application Settings change Next 1-3 releases
UX: Communication of Clickhouse status [Optimize] Next 1-3 releases
Hide model registry features with package registry disabled Next 1-3 releases
Geo: Metrics collection is too hard on the DB - (Proposal 3-4 follow up) Next 1-3 releases
DRAFT: Consumption-based pricing for Model Registry for .com and Dedicated customers Next 1-3 releases
Block deploy/promote/merge if degrade performance too much Next 4-6 releases
Burndown chart in issue boards Next 4-6 releases
Proposal: Remove feature that converts a Shared/Instance runner into a Specific/Project Runner Next 4-6 releases
Missing chat message integration for epics Next 4-6 releases
Measuring SPACE framework metrics in GitLab Next 4-6 releases
VSA - Iteration start event for issue Next 4-6 releases
Reflect in UI that Application Statistics in Admin Area can show approximate data for values more than 10,000 Next 4-6 releases
Convert FF "gitlab_ci_builds_queuing_metrics" to a setting Next 4-6 releases
Allow multiple queries per custom metric Next 7-12 releases
Visualize Language Trends over Time Next 7-12 releases
Support AWS secrets manager as alternative to Vault Next 7-12 releases
Seats Usage Quotas Export: Include Membership information Next 7-12 releases
[Proposal] Use API keys to control GraphQL API access Next 7-12 releases
Deprecate and remove workflow:rules templates Next 7-12 releases
[Meta] GitLab HA improvements post GA Next 7-12 releases
Operator role Awaiting further demand
[VSA] Display hints when necessary conditions are missing Awaiting further demand
Scale deployments directly from the deploy board Awaiting further demand
Historic review cycle time chart Awaiting further demand
Button to auto-provision required files for Maven integration Awaiting further demand
Direct object storage downloads for Debian packages Awaiting further demand
Conditional approval rules Awaiting further demand
Automatically create change request ticket in ServiceNow Awaiting further demand
Add non-overlapping option to % rollout with Feature Flags Awaiting further demand
Import JIRA Epics as project Milestones Awaiting further demand
[Discovery] Pipeline-based metrics Awaiting further demand
Merge request dependencies ensure downstream MRs are not stale Awaiting further demand
Release trains Awaiting further demand
Create a mirror of a namespace's GitLab.com Container Registry on S3 Awaiting further demand
Create a local, on-premise mirror of a namespace's GitLab.com Container Registry Awaiting further demand
Allow Labels to be Protected Awaiting further demand
Make projects under a subgroup be able to view the milestones of the parent group for release tagging Awaiting further demand
Protected Composer dependencies Awaiting further demand
Design: Explore sub-sections for the configuration page within security testing tools Awaiting further demand
Unable to view GitLab instance application logs on a single host/container install Awaiting further demand
Include scanning the wiki for secrets Awaiting further demand
Reduce impact of failed merge request on total time in Merge Train Awaiting further demand
Perforce Mirroring Awaiting further demand
Enable registering multiple Agents against the same agent configuration Awaiting further demand
Project Confidentiality Class Awaiting further demand
Geo: Allow partial, authentication-only promotion ("emergency outage mode") Awaiting further demand
Option to not cascade canceled pipelines to child pipelines Awaiting further demand
Enable CI to know if it is processing a Revert commit Awaiting further demand
Improve UI feedback for container scan results Awaiting further demand
Customise GitLab UI to reflect enterprises reality Awaiting further demand
Allow checklist task in markdown to be dragged to another list Awaiting further demand
Allow or disallow particular Runner configurations in GitLab Awaiting further demand
API endpoint to return code coverage statistics Awaiting further demand
Subepic tag or label in epic list Awaiting further demand
Allow sequential approvals to be required before starting deployment Awaiting further demand
Coder Integration Awaiting further demand
Allow GitLab issue labels to point to a specific Slack Channel Awaiting further demand
Compare release tags from the Releases page Awaiting further demand
Use a sidebar in Commit detail view Awaiting further demand
Permit selective restore of metadata from deleted iteration cadence Awaiting further demand
Setting milestones confidential Awaiting further demand
Show number of currently assigned && opened issues when assigning issue to a user Awaiting further demand
Ability to limit protected environments to specific tags and branches Awaiting further demand
Implement Unleash API endpoints /api/admin/state/import and /api/admin/state/export Awaiting further demand
Add how users are collaborating with their peers Awaiting further demand
OKTA integration using CODEOWNERS file Awaiting further demand
Quick View for comments: Ability to view the last comment by making the comment toggleable to the last action, specifically from within an Issue board. Awaiting further demand
When Creating a Task, Automatically Increase the Weight of the Issue Awaiting further demand
Allow merge request approval segregation of duties targeting "All Protected Branches" Awaiting further demand
Add remote development workspace support for Windows/macOS Awaiting further demand
Support for hardware keys via FIDO and/or WebAuthN as a second-factor for SSH Keys to sign commits in WebIDE Awaiting further demand
Move Create Merge Request closer to commits on Compare page Awaiting further demand
Additional timestamp options - Detailed Start/End times Awaiting further demand
Show the full list of added/removed vulnerabilities Awaiting further demand
Add GraphQL query to return branch creation date Awaiting further demand
Make the pull mirror interval settings more easily configurable Awaiting further demand
GitLab Status Page Change - Support OIDC Awaiting further demand
Add the ability to set access_level in Approval Rules API Awaiting further demand
Add capability of tracking when a branch in a repo was created Awaiting further demand
Enable SVG again at PlantUML integration in secure way Awaiting further demand
Ability to restrict Runner Registration to Specific IP Addresses Awaiting further demand
Warning for users who add potentially sensitive syntax into public issues Awaiting further demand
Feature: Issue submission validation Awaiting further demand
Add an allow list to Runner Registration restriction Awaiting further demand
Ability to send vulnerability reports automatically Awaiting further demand
Display all changes between two pipeline builds Awaiting further demand
Allow users the option to retain merge request head refs Awaiting further demand
VSD: Add visualization for number of closed epics Awaiting further demand
Issue analytics: support filtering for undefined categories Awaiting further demand
Admin ability to restrict certain runner executor types Awaiting further demand
Offer xlarge hosted runner on Linux Arm for GitLab.com Awaiting further demand
Offer 2xlarge hosted runner on Linux Arm for GitLab.com Awaiting further demand
Add option to preserve MAC address of VirtualBox VMs Awaiting further demand
Change clean up interval for stale runners Awaiting further demand
Filter vulnerabilities based on the environment they are deployed on Awaiting further demand
Provide a better interface for the vulnerability detail view for 3rd party vendors Awaiting further demand
regenerate ci_jwt_signing_key when lost/removed Awaiting further demand
Allow Restricting GitLab Agent for Kubernetes to Environment Tiers. Awaiting further demand
Duo Generate Summaries for Release Tags Awaiting further demand
Configure Kubernetes dashboard using annotations on Kustomization/HelmRelease Awaiting further demand
Consider adding ability to filter Security Dashboard to only display currently detected vulnerabilities instead of all activity Awaiting further demand
Root Level Control on Personal Notification Settings Awaiting further demand
Add agent config to existing agent registration using the default configuration Awaiting further demand
Differentiate long-lived and short-lived environments Awaiting further demand
Add more flexibility in Security Policies rules (Policy scope) Awaiting further demand
Provide API/UI to add Awaiting further demand
Add regex patterns in rules section of Security Policies Awaiting further demand
Reduce the amount of RAM required for IaC Scanning below 4GB Awaiting further demand
Allow ability to lock component input values Awaiting further demand
Feature Request - resolve dependancy vulnerability when trigger file removed Awaiting further demand
Allow the Gitlab Runner Helm Chart to create the required rbac resources, but not the service account Awaiting further demand
Approvers based on code history Backlog
Approvers based on code Git blame Backlog
Rebuild/update all containers Backlog
Verified and reproducible builds Backlog
Allow LDAP group to be attached at project level Backlog
Transition JIRA issue when GitLab merge request created Backlog
Group-Level Snippets Backlog
Admin Area Recent Builds Served By This Runner additional columns for branch, and task, and execution time? Backlog
Attachment Manager Backlog
Project based snippets should follow project access permissions Backlog
Feature monitoring Backlog
GitLab Quality Center Backlog
Use Case: Distributed Systems / Microservices Backlog
More control over manual action permissions Backlog
Validate commit email address against LDAP or GitLab user email addresses Backlog
Cycles as abstraction of work over multiple projects Backlog
View and sort how long Service Desk issues open Backlog
View customer contact counts for Service Desk issue Backlog
Custom workflows - Group configuration Backlog
Automatically Load-balance tests Backlog
Cascading merge requests into multiple branches Backlog
View GitLab merge request approvals information in associated JIRA issue Backlog
Service Desk Analytics Backlog
Multiple labels per board list Backlog
Code quality report for default branch Backlog
Support multiple artifacts generation per job Backlog
List filter for merge requests that have not reached required number of approvals (Web and API) Backlog
API Support for Add logical operators to issue and other search - and, not, or Backlog
Automatic flaky test minimization Backlog
Expand and collapse roadmap epic bars to show Issues Backlog
Add option to only allow GPG signed merge requests Backlog
Release Approval Sets and Chains Backlog
Pipelines list as project overview Backlog
Global pipelines list as user homepage Backlog
Prevent Enterprise Users from deleting own account on GitLab.com Backlog
Add LDAP filter option for specifying external users Backlog
Docs: update Configure GitLab using an external PostgreSQL service Backlog
Add option to disable file locking for GitLab instance Backlog
Option to schedule hourly pipeline for security testing CI/CD-only projects Backlog
One time-migration of TFS work items to GitLab issues Backlog
Link GitLab merge request and commits to TFS work item Backlog
Control incremental rollouts in the UI Backlog
Manage protected branch unprotection permissions via admin UI Backlog
Allow pipelines to be scheduled for an entire group Backlog
Show stopped pods in Deploy Boards Backlog
GitLab CI/CD for GitHub: Add notification for commit author Backlog
Disable file locking for projects and groups Backlog
Enforce code coverage % before merge Backlog
Auto parallelize as many parallel jobs as needed to keep tests under 5 minutes Backlog
Manage project protected branch unprotection permissions via UI - display interface for group owner & maintainers Backlog
Merge atomically in group merge request Backlog
Compliance features Backlog
Support rebase of source branch when merging is possible but you have no write permissions to that source branch Backlog
range-diff when comparing merge request versions Backlog
MVC: Consider adding the duration of each job in the pipeline graph Backlog
Failure Injection Testing (FIT) or Chaos as part of operations features Backlog
Automatic multi-cloud validation MVC Backlog
Add feature flag permissions Backlog
Add runner settings changes to audit events Backlog
Fork a role Backlog
Auditor role needs to be able to see project settings Backlog
Instance wide code statistics Backlog
Implement a dedicated tab for SmartCard login (no LDAP) Backlog
Logical operators in board scope Backlog
Feature Flags - Table View editing capabilities Backlog
Feature Flags - Table View Last requested column Backlog
Explicit logging for feature flags exposed to users Backlog
Cache frequently used Maven packages using the Gitlab Dependency Proxy Backlog
Built in support for visual regression testing Backlog
Shared runner cost allocation Backlog
Expose pipeline metrics reports to allow scrapping Backlog
Show frequently visited projects when adding projects to Operations Dashboard Backlog
CI View for detailed site speed metrics Backlog
Add link to detailed sitespeed report from Merge Request Backlog
Bookmark searches Backlog
View issue in Microsoft Teams Backlog
First class support for Bitbucket Cloud as an external repository for CI/CD Backlog
Extend metrics to allow for groups of metrics Backlog
Collect metrics from matrix builds Backlog
Expose previous stages metrics to the current job Backlog
Public pipeline page MVC Backlog
Automated inclusion of milestones as issue board lists Backlog
CI artifacts:reports should be available with GitHub PR integration (and other external repositories) Backlog
Skipping pipelines commit option does not work for merge request pipelines OR merged results pipelines Backlog
Link reviews to a set of commits, instead of to a merge request Backlog
Add cookie-based access to Feature Flags Backlog
Log originating IP address of Git every push Backlog
Log Git client for Git push operations Backlog
Log protocol for Git push operations Backlog
Group members autocomplete should adhere to domain whitelist Backlog
Expand pipeline dashboard to contain stages Backlog
Group level pipeline dashboard Backlog
Differentiate between jobs run with Enforce template inclusion in pipelines Backlog
Display the duration of each stage on the pipeline page Backlog
Avoid double 2FA when Group SAML has appropriate AuthnContextClassRef on GitLab.com Backlog
Include blocking merge requests in project import/export Backlog
[FE] Code Analytics- Files committed together Backlog
[BE] Code Analytics- Files committed together Backlog
"Squash commits" option and "Squash commit message" aren't stored for merge requests Backlog
Feature Flag Environment Permissions together with User IDs Backlog
Analyzing request on time spend vs initially calculated Backlog
Enable CSV export on Value Stream Analytics/ Productivity Analytics Backlog
Backend: Rollout limits for directed acyclic graph on gitlab.com Backlog
Optimize checksumming of Object Stored Packages Backlog
[BE] Trigger record creation for code analytics on new commit Backlog
[BE] Create backfill migration for code hotspots, MVP release Backlog
[BE] Use path param to return a drill down of code analytics Backlog
[BE] Convert bar charts in Productivity Analytics to Proper Histograms Backlog
[FE] Convert bar charts in Productivity Analytics to Proper Histograms Backlog
Productivity analytics scatterplot: Create light blue band between 25% and 75% percentile Backlog
Show status of all MRs Backlog
[BE] Tasks by STAGE chart to Visualize Flow and Type of Work Backlog
API support for merge trains merge when pipeline succeeds Backlog
Support Merge Train in Git Push Option Backlog
Code Hotspots - MVC/V1 Backlog
Add ability to associate feature flags with contextual epic Backlog
Cancel pipelines in merge train when the merge request is dropped Backlog
Allow forked projects to access secret variables in the parent projects Backlog
Guests cannot see a design they have been linked to is not the latest version Backlog
Mention that a higher license would unlock Personal access token expiry policy Backlog
Reorganize auto merge related information into the dedicated table - auto_merges Backlog
Graph Web Performance over time Backlog
MR fail on web performance degredation Backlog
Move service_desk_enabled column to service_desk_settings Backlog
Track accessibility results over time Backlog
Rework parallel merge trains concurrency Backlog
Do not add "detached" label for fast-forward merge request pipelines. Backlog
Diff screenshots on changed pages Backlog
Define Feature Flag type Backlog
Cannot pass variable to the jobs of pipeline when calling "Create MR Pipeline" API Backlog
Testing in Production Backlog
Backend: Allow Merge train to merge with Skipped jobs Backlog
Add Merge Train support to AutoDevOps Backlog
Group-level resource group Backlog
Support for multiple resources per resource group (Concurrency control) Backlog
Re-enable “Add to merge train” button in case pipeline was cancelled Backlog
Restrict instance membership changes to a single user Backlog
Control who can Merge Immediately when merge train is enabled Backlog
Mobile & Web - Side By Side Review App Backlog
Show Merge Trains Statistics Backlog
Add Alerts to Environment Dashboard Backlog
Drop all merge requests from merge train when the target branch is deleted Backlog
Use Gitlab::OptimisticLocking to avoid StaleObjectError when an object is updated by multiple processes Backlog
Value vs Cost view of issues Backlog
Add a "Related releases" section to Issue Backlog
Directly write SHA of a merge train ref to the target branch instead of creating a new commit Backlog
Display Feature Flags Metrics Backlog
Merge Request Approvals per commit Backlog
Additional Snippet edit permission options Backlog
Confusing UI grouping of Merge Train items together in MR Backlog
Geo: Check if mattermost, oAuth and LDAP are active on a secondary Backlog
Geo: Include running system checks Backlog
Resource group that spans multiple jobs in a pipeline Backlog
Allow fork MRs to create a pipeline in a parent project if the pipeline triggerer has permission in the parent Backlog
Add education around unexpected states of swimlanes on boards Backlog
Allow users to reorder and/or sort swimlanes Backlog
Roadmaps: Filter by release Backlog
Merge trains should retry failed merges Backlog
Log Cancel Deployment action in the audit log Backlog
Graph metrics report data over time Backlog
User is asked to setup 2FA even if the subgroup that required 2FA is deleted Backlog
Add autochangelogs to Release Evidence Backlog
Instance-wide, mandatory project mirroring rules Backlog
Capture Switch blue/Green in audit log Backlog
Capture Change of canary weights in audit log Backlog
Refactoring EE::SystemNotes::MergeTrainService Backlog
Environment level - Feature Flags view Backlog
Group level Feature Flag Dashboard Backlog
needs does not work for parent-child pipelines when one project is private Backlog
Geo: Add i18n for replicables in the framework Backlog
Allow users to set work in progress limits on the number of epics per list Backlog
Allow users to add one or multiple preexisting epics to an epic board Backlog
Add configuration option to streamline developer protected access Backlog
Make successful regeneration of FF Instance ID clearer Backlog
Add an explicit license check for merge train conditionals in ready_to_merge Backlog
Geo: Add developer guidance for adding Blob types Backlog
Allow Quick Actions in Service Desk initial email Backlog
Create pipeline trend chart for CI/CD Dashboard Backlog
Add support for Vault's KV-V1 secrets engine Backlog
Log Auto Delete Environment action Backlog
MergeRequest#base_pipeline does not work with pipelines for merged results. Backlog
Search feature flag name in the codebase Backlog
Show related feature flags to a specific environment Backlog
Refactor environment's dashboard backend Backlog
Geo: Update introduction video Backlog
Prevent pushes to a branch once an MR is on the Merge Train Backlog
Fix gitlab:geo:check_replication_verification_status spec Backlog
Add Approval rules to group level (BE) Backlog
Define a new variable, similar to CI_COMMIT_SHA, that does not change in merged results pipelines Backlog
Clarifying what 0 required approvals means Backlog
Add pagination state to Environments Dashboard URL Backlog
ActiveRecord::StatementInvalidGroups::DependencyProxiesController#show - cannot execute INSERT in a read-only transaction Backlog
Show a visual indication when adding duplicate projects to the Environments Dashboard Backlog
Geo fails to sync logo and header_logo with missing mount_point Backlog
Support Vault EE Namespaces with JWT via YAML configuration Backlog
Add test coverage for retryable jobs if merge pipeline Backlog
Geo: Add support for "proxy to primary when there isn't a repo" for snippet repositories Backlog
Bring Audit Events CSV export to projects and gitlab.com Backlog
Improve Vault OIDC claims for users and projects Backlog
Terraform State details page and version management UI Backlog
Public API for the dynamically populated group environments page Backlog
Support LFS for group wikis Backlog
Expose DORA 4 CSV download to front end Backlog
Alert on failed deployments Backlog
Include sub-group projects in Group Code Coverage feature set Backlog
Work Item Approval Rules & Reviewers Backlog
Use workload capacity when returning reviewers to find reviewers with fewer reviews currently Backlog
Optional Admin Approval - Specify Admins to Approve Backlog
Service Desk: retain name from the e-mail header Backlog
Support JIRA Releases in GitLab Releases Backlog
Group milestones associated with a release when downgrading plan Backlog
Cannot run pipeline on merged result with extra variable Backlog
Action to remove only a single version of a state file Backlog
Investigate how well the Database loadbalancer works with a Patroni cluster Backlog
Add the ability to enable/disable merge trains programmatically Backlog
Fix groups dropdown for creating epics within an epic Backlog
SCIM Support for PingFederate Backlog
Improve transparency in the MR security widget loading message Backlog
MVC: Templates Subdirectory for Partner Managed CI / CD Integrations Backlog
Make feature name, maintenance mode, consistent throughout the codebase Backlog
Provide option for Forked projects to default to an internal merge Backlog
Iter1: Show Terraform state details and previous versions Backlog
Allow location aware URL for Registry with AWS Route 53 Backlog
Geo: When a Snippet is not yet replicated, it should redirect to the primary Backlog
Add a "Related releases" section to Merge Request Backlog
Design: "Protected" Terraform states Backlog
Match email to GitLab User Backlog
Explain what a "merge train" is Backlog
Research: Show additional download information about packages Backlog
Add a pipeline status indicator to the pipeline overview page Backlog
Include inherited membership in User Permissions CSV Backlog
Investigate backend design for group level merge request approval rules Backlog
Support RSA SecurID as a form of two-factor authentication Backlog
Geo: Sync requests are rate limited by the primary Backlog
Fix: Cannot close the error flash message “You cannot perform write operations…” in maintenance mode Backlog
Fix: Maintenance mode banner goes blank after updating profile picture Backlog
Fix: Visual bugs in maintenance mode (but no write operations) Backlog
Track Largest Contentful Paint for 4 key pages of GitLab project in Review Apps Backlog
Add rake task to disable/enable selected background jobs when enabling/disabling maintenance mode Backlog
Move Merge Options settings behavior to Vue Backlog
Group SAML - Check SSO status on API activity and direct user to SSO Backlog
Add support for Hashicorp Vault's Active Directory Secrets Engine Backlog
Generate notification emails for documentation Backlog
Add support for Hashicorp Vault's AWS Secrets Engine Backlog
Apply consistent defaults to Web IDE and Single File Editor Backlog
Add Ability To Remove or Change Redirects Created When Changing Namespace Paths Backlog
Group Sync using SCIM for GitLab.com Backlog
Feature Flags: Contextual code references Empty state Backlog
Drop worker_resource_boundary :cpu from AutoMergeProcessWorker and MergeTrains::RefreshWorker Backlog
Introduce MergeTrain::BaseService Backlog
AutoDevOps: Make final values.yaml available as a CI job artifact when customizing values for Helm Chart Backlog
Restrict Group and Project Membership Backlog
Allow Management of Project Aliases via Project Settings Backlog
Geo: Remove checksum_mismatch and verification_checksum_mismatched from SSF Backlog
SPIKE: Find a better Elasticsearch routing strategy to help speed up group level search Backlog
Edit User for Enterprise Users Backlog
Add GraphQL api for searching blobs in the codebase Backlog
Metrics Report in Merge Request only displayed after pipeline has finished Backlog
Show statistics of module usage by version Backlog
Subgroup & Member events Group Webhook - Add audit tracking information Backlog
Create a landing page for pages Backlog
Test: dependency proxy behaviour in maintenance mode Backlog
Test Secure's features Backlog
Allow multiple SSO providers within a Group Backlog
Minimal Access role to Free Backlog
Proactive notification for pipeline is likely to fail Backlog
Remember users tab after page refresh Backlog
Follow-up from "Add geo node status metrics to usage ping" Backlog
Group Webhook for Subgroups - Update Backlog
Test: alert management alerts being created in maintenance mode Backlog
Project level Release Metrics Backlog
Add approval rules vue app to group-level settings (FE) Backlog
Optionally permit notification emails to spoof primary email address of the user who triggered the notification email Backlog
Allow an organization to view activity for Enterprise Users Backlog
Support git CLI 2FA via push notification - FortiToken Cloud Backlog
Domain verification - Add domains Backlog
Domain verification - Verify domain Backlog
Maven plugin managing dependencies between separate jobs Backlog
Stage-specific metrics for VSA Backlog
use test_file_finder mapping to spot flaky tests Backlog
Investigate the relationship between Feature Flags and Issues inside of GitLab Backlog
Add Sort functionality to the Feature Flag list view Backlog
Change the Feature Flag list view to show Environments Backlog
Add a popover to the Environment UI for the Feature Flag List view that describes related strategy information Backlog
Update the Feature flag list view UI to use a complex list instead of a table. Backlog
Add metadata to the Feature Flag List View (To Be Broken Down) Backlog
Add a delete feature flag button to the Detail View UI Backlog
Upgrade the Feature Flag Name to title size in the Feature Flag Detail UI Backlog
Create a tabbed navigation structure inside of Feature Flags Detail UI Backlog
Add markdown support for Feature Flag Descriptions Backlog
Introduce an info bar to the Feature Flag detail view Backlog
Cleanup the user interface for Feature Flag Strategies Backlog
Add a history and discussion section of the Feature Flag UI Backlog
Improve discoverability of "Create new board" Backlog
Show old tests / tests that don't get changed with code Backlog
Only share user profile to connected users Backlog
Dependency Proxy - how to effect a migration to object storage? Backlog
Geo: improve snapshot approach to preserve existing copy on secondary in case primary is corrupt Backlog
Review UX of Metrics report MR widget Backlog
Merge Trains should allow non-interruptible jobs to complete Backlog
Build Protocol Fuzzer Community Edition in GitLab CI Backlog
Show job metrics in pipeline/merge request data Backlog
Provide a kubernetes cluster in GitLab CI Backlog
Elaborate on potential data loss when transferring project to another namespace Backlog
Geo: Use text limit constraints Backlog
Protocol Fuzzer Community Edition Repo Cleanup Backlog
Support push 2FA in internal API endpoint with polling (FortiToken Cloud) Backlog
Add pagination to group code coverage projects table Backlog
Protected NuGet packages Backlog
Protected generic packages Backlog
Protected RubyGems Backlog
Protected Debian packages Backlog
Protected Go dependencies Backlog
Mean time to merge calculations do not consider Draft/WIP states Backlog
Run CI pipeline only once when using merge trains and the MR gets merged Backlog
Move blocking calls to FortiAuthenticator push auth API to Sidekiq Backlog
Introduce Keyword for rollback for Helm K8s Backlog
Support push for web login Backlog
GEO: pausing and resuming replication using external databases Backlog
Group Code Coverage - Project and coverage job count should match table Backlog
Support Archive Feature Flag Backlog
Provide template data on how often they're used Backlog
Is there support for mixed versions of Linux distributions and Geo? Backlog
Show accessibility issues in review app post scan Backlog
Update group approval rules via API Backlog
Delete group approval rules via API Backlog
Get group approval rules via API Backlog
Integrate group level to project level MR approval rules Backlog
Integrate group level to merge request level MR approval rules Backlog
Filter by range in Advanced Search Backlog
Validate web-UI-relevant push rules before user submits input (commit message, branch name, etc.) Backlog
Geo: Migrate feature flagged settings to database Backlog
Track unique users approving MRs to override code coverage rule Backlog
Improve text in MR widget when pipeline fails Backlog
MVC: Expose Environments at Group Level Backlog
Create a way to add custom licences to the Add Licence dropdown Backlog
Update geo_node to use optimized base_and_descendants Backlog
Scheduled removal of groups fails silently when they contain an archived project. Backlog
Return a user's instance access level in API payload Backlog
SSO enforcement should redirect unauthenticated users to SSO signin page when visiting a private Pages project Backlog
Geo Docs Feedback: Zero Downtime Updates with Geo Deployments Backlog
Add project event to group & subgroup webhooks Backlog
SCIM User updates for Enterprise Users Backlog
Have a different welcome message for ssh connections with deploy keys Backlog
Microsoft Teams Bot Integration Backlog
GitLab runners should support clone over ssh Backlog
Implement ci_user impersonation in kas Backlog
Determine impact of downgrading tier for epics and multi-level epics Backlog
Releases cannot be associated with a supergroup milestone Backlog
Adding feature flag relationship from issues Backlog
Ensure the individual who merges a change is neither a committer or approver (merge request permissions segregation of duties) Backlog
Introduce consolidated object storage for backups to enable encrypted S3 buckets for backups Backlog
Generic Pipeline Message in the Merge Request Backlog
Deny-list support for Geo Selective Sync Backlog
Option to skip membership import when creating with templates Backlog
Enable any user to delete an epic Backlog
Expand CI_JOB_TOKEN to allow the packages from all projects in the group to be downloaded Backlog
Allow setting different tags for different environments on runners installed from a single cluster management project. Backlog
Provide option to disable Project Access Tokens at the instance level Backlog
SCIM Block/Unblock for Enterprise Users Backlog
Add ability to lock Epics Backlog
Geo: Optimize verification queries Backlog
SAST / Secret Detection configuration UI should handle the case when the repo is empty Backlog
Ability to change project member permission for "Manage project access tokens" to only "Owner" Backlog
Ability for User groups to Subscribe to Issue Labels Backlog
Make minimal access users or users not assigned to a group or project non-billable Backlog
Clarify compliance framework empty state in groups and subgroups Backlog
Expose MR source and target branch SHA consistently across Merge Request pipeline and Pipeline for Merged Result Backlog
Group-level audit event export for self-managed and GitLab.com Backlog
Project-level audit event export for self-managed and GitLab.com Backlog
Audit events for the enable shared runners for this group toggle switch Backlog
make Audit Events track when group is invited as a member of group/project Backlog
(Backend)Add a toggle in the Enable merge trains section to disable skip merge train Backlog
Design: Provide a user-based kubeconfig using the GitLab-Agent connection Backlog
Batch create todos Backlog
Add Filter functionality to the Feature Flag list view Backlog
Allow anonymous access to Epic Issues API for public groups & epics Backlog
Adding the option of Audit logging for Gitlab's Advanced Search Backlog
Improve visibility of CI/CD variables Backlog
Audit Events: Clarify messaging for the "no records" scenario Backlog
Add support for multiple on_stop jobs with parallel:matrix: deployments Backlog
Geo: rake gitlab:geo:check fails the HTTP connection check with Kerberos SPNEGO configured Backlog
Search commits based on LDAP name Backlog
UX Score card for Merge Trains Backlog
Option to disable LDAP auto-create users Backlog
Add search to Profile Activity Backlog
Separate user activity by type Backlog
Trigger Pipelines on Wiki Commits Backlog
Using merge trains with Jenkins pipelines Backlog
Replace "yes"/"no" Confirmation Modal with "type group/project name" when Deleting as Admin Backlog
Geo: Improve performance of automatic verification in SSF Backlog
Move cluster management project form under integrations Backlog
Geo: Replicate Packages::Debian::ComponentFileUploader Backlog
Geo: Replicate Packages::Debian::DistributionReleaseFileUploader Backlog
Ability to wrap a ci-process Backlog
Push rules: Secret files deny list should be configurable Backlog
SSO enforced on git activity: only top-level group owners should be able to bypass this with Private Access Token Backlog
Allow merging of MR when Pipeline must succeed is enabled in absence of pipeline Backlog
Slack Integration - Merge Request Reminders Backlog
To-Do mentions don't reflect closed Epics with a proper badge Backlog
LDAP: Support multiple values for admin_group Backlog
Enable a way for GitLab to confirm that issue exists in Jira before hyper-linking a string in the issue title or merge request title Backlog
Email users when account deactivated by DeactivateDormantUsersWorker Backlog
Conditionally email users when their account is blocked Backlog
CodeBeamer Integration Backlog
Reflect Deleted Branches and Tags as well as closed MR's in Downstream GitLab Pull Mirror Backlog
Add the ability to delete users that were deprovisioned via SCIM Backlog
Allow setting squash settings instance wide Backlog
Update last_activity_on for container registry access Backlog
Support MR search scope for pipelines Backlog
Improve flexibility of inherited permissions in groups Backlog
When searching for an epic in the sidebar, there is no group information shown Backlog
API endpoints to update attributes of a group invited to a group or project Backlog
UI pattern for flags on vulnerability detail pages Backlog
Automatically Associate Tags/Releases with Pipelines Backlog
Re-enable SaaS Internal visibility and scope to Organization Backlog
"Run Pipeline" button in Merge Requests Should Have Purpose Distinct Name Backlog
Audit all changes made to mergerequest-level approvers configuration Backlog
Include commit discussions in export/import Backlog
Pipeline Use of 'includes' Should Allow Developer and Maintainer Access Levels for YML Files in Other Projects. Backlog
Export results from Advanced Search Backlog
Feature Request: API endpoint for Praefect Dataloss Backlog
CI/CD Observability: Tracing with OpenTelemetry Backlog
Static Project URL Backlog
Keep repositories synchronized option when forking repos Backlog
Use MathJax instead of KaTeX Backlog
Merge Request can be added to the train without approval using /merge quick action Backlog
Feature Request: Ability to close Jira issue on non default branch Backlog
Geo: Use the remote Host in Absolute URLs generated by the primary during proxied requests Backlog
Use participation/commenting within an MR as a factor for sort order Backlog
forking a repository within the same group only possible through the API Backlog
Admin-controllable Encryption for Downloads Backlog
SAST for PowerShell Backlog
Allow downloading of latest job artifacts from jobs listing page when they are the last successful of a pipeline Backlog
Job/Pipeline logic to correctly handle temporary loss of gitlab runner orchestrator Backlog
SAST Support for 1C Backlog
Before exporting a project, run GitGarbageCollectWorker with prune Backlog
Improve merge train settings to match new merge strategy options Backlog
Show disabled state for owners, when Allow owners to manage default branch protection per group is not checked Backlog
Advanced search - authenticate with Elasticsearch instance via client certificates Backlog
Add a view all Boards with Recent at the top Backlog
Epics: the widgets should allow searching for the epic number Backlog
Choose NameID format of the request on GitLab.com. Backlog
Alert users on GitLab.com to rotate old Oauth secrets Backlog
add metrics reports to the pipeline 'tests' tab Backlog
Geo mimicry: Use relative URLs where possible Backlog
Detect system time zone and prompt user to change their time zone preference if it is different Backlog
Use unique temporary location for copying backup files before they're tar'ed while creating backups with STRATEGY=copy option Backlog
Allow setting of group pipeline quotas threshold for Buy more pipeline minutes banner appear Backlog
Provide method to allow user public SSH keys to be visible on instances with limited visibility Backlog
Revise coulmn headers to be clearer descriptors in Audit Events Backlog
Create a new issue button to prefill the correct Jira project id Backlog
Display failed jobs when viewing child pipeline overview Backlog
Improve feedback when taking action on a runner in the project view Backlog
Add target data as secondary info in Audit Events Backlog
Support for Shallow Forks Backlog
Prevent unprotected runners from executing protected branch jobs Backlog
"Prevent users from changing their profile name" setting should not affect LDAP sync profile name updates Backlog
Gitlab code viewer should enable devs to click through to other classes within the same repository Backlog
VSA: Support Jira issues Backlog
Editing release notes should generate "Activity" and Audit Events Backlog
Inform user about the role of OAS validation in preventing crashes Backlog
Option to see and remove a user from pipeline status integrations mailing list Backlog
Provide better error messages for metric reports Backlog
Add warning to subgroup settings when project sharing with a group is disabled Backlog
Add warning or hide Groups from Project members page when project sharing with a group is disabled Backlog
(Optionally) Enforce push rules at the group level Backlog
Default new users to be "watchers" of an issue tracker Backlog
Feature proposal: webhook triggers for protected branch and MR approval changes Backlog
Implement Double Submit Cookie Sessions to mitigate simple session hijacking methods Backlog
[VSA] Tooltip setting for custom value stream Backlog
Sort deploy keys under admin/deploykeys as well as repo settings Backlog
Create Quadrants to Facilitate Planning Discussions Backlog
Former user of a customer organisation on GitLab.com should be able to authenticate when his email is reactivated Backlog
Customize permissions for retrying jobs Backlog
Run Geo::VerificationStateBackfillWorker on gitlab.com Backlog
Scan GitLab and Runner configs for security issues in IaC Scanning Backlog
GitLab UI should handle two non-conflicting edits to a file Backlog
Remove source_type/source_id from members table Backlog
Support for Alternative Workflows when using Monorepo Backlog
Configurable timezones for when iterations are considered current on GitLab.com Backlog
Implement logging of the OAuth2/OIDC ID Tokens for troubleshooting Backlog
Review / update documentation for v4 and GraphQL API for Merge Trains Backlog
Geo: Improve synchronization status UX Backlog
Update manual jobs UI across GitLab to support deployment approvals Backlog
Provide more distinguishing details when searching users Backlog
Improve runner support for maintenance mode Backlog
Geo: Investigate issues with secondary git push metrics Backlog
On-Call at Group/Subgroup Level Backlog
Add Reviewers to merge request event webhook payload Backlog
Instrument projects_using_merge_trains Backlog
Instrument projects_using_merge_trains_l28 Backlog
Consider deprecating kubesec in favor of kics Backlog
Restore from backup fails with missing data if I/O is overloaded Backlog
Move MR Analytics to the group/workspace level Backlog
ee/browser_ui/4_verify/user_cancel_merge_request_in_merge_train_spec.rb | Verify Cancelling merge request in merge train when user cancels the merge request does not create a TODO task Backlog
ee/browser_ui/4_verify/system_cancel_merge_request_in_merge_train_spec.rb | Verify Cancelling merge request in merge train when system cancels the merge request creates a TODO task Backlog
[Test] ee/browser_ui/4_verify/merge_train_with_multiple_cars_spec.rb | Verify Merge train with multiple cars successfully merges all merge requests Backlog
[Test] ee/browser_ui/4_verify/pipelines_for_merged_results_and_merge_trains_spec.rb | Verify Pipelines for merged results and merge trains merges via a merge train Backlog
[Test] ee/browser_ui/4_verify/pipeline_for_merged_result_spec.rb | Verify Pipeline for merged result merge request can be merged immediately Backlog
browser_ui/4_verify/pipeline/merge_mr_when_pipline_is_blocked_spec.rb | Verify when pipeline is blocked can still merge MR successfully Backlog
ee/browser_ui/4_verify/new_discussion_not_dropping_merge_trains_mr_spec.rb | Verify In merge trains new thread discussion does not drop MR Backlog
Indicate users that are a sole owner of a group in Admin -> Users -> Groups and projects Backlog
Add support of google_oauth2 with multiple google accounts. Backlog
Provide an instance-wide config equivalent to prevent external invitations from a group Backlog
Allow admins to disable the HTTP git access protocol but allow Geo HTTP replication to continue Backlog
When SAML and/or SCIM is Enabled, Users Outside the Organization should not be able to be added Backlog
Disable Personal Billing Page for Enterprise Users Backlog
Provide a quick way to remove blocked users from a group Backlog
Automatic back-off and retry for failed daily backup uploads Backlog
Improve "most recent deployment" for API, Environments Index, Job note Backlog
Allow subgroups to re-inherit parent group settings after overriding them Backlog
Increase default limit of ci_max_artifact_size_terraform Backlog
Don't match project name in settings search Backlog
SAML Group Link not compatible with some IdPs integrated with Cloudflare Access such as Google Workspace and Okta OIDC Backlog
Implement an exception list to bypass SAML SSO Enforcement Backlog
Deployment Page Backlog
Add a tree view to top-level Epic List Backlog
OAuth2 permission granting screen needs an overhaul Backlog
Add an organization-level dynamic deployments list Backlog
Administrators receive access requests in addition to group/project owners Backlog
Clearly communicate the impact of Merge immediately with Merge trains enabled Backlog
Dynamically generated child pipelines intermittently fail, reporting "Undefined error()" Backlog
It is not possible to get information regarding which account is associated to which deploy key Backlog
Add to the GitLab GUI interface which account created each deploy keys Backlog
Make it possible to set different types of variables values (dropdown, checkbox, etc) Backlog
Allow username customization for Okta SCIM provisioned users Backlog
Add user option to list users under namespace Backlog
Add remove user option to namespace Backlog
Extend Group level ban feature for public projects and non-members Backlog
Ability to search based on filters at the group level Backlog
Make "Remember me" cookie duration configurable Backlog
CI/CD: Add only: default-branch shorthand for rules.if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH Backlog
Repository analytics project page is inconsistent and not easy to read Backlog
License usage data at the group level Backlog
Unable to load user profile page if start with admin. Backlog
Deprecate gRPC proxies between gitaly and the rest of GitLab Backlog
Geo: Add a how to doc for creating a secondary from a backup of the primary or another secondary Backlog
Add "Allow subgroups to set up their own two-factor authentication rules" Attribute to Group API Backlog
Sub-groups API returns require_two_factor_authentication = false despite top-level group restriction Backlog
Add connection of a merged MR to a review app Backlog
Allow for availability of licensed features to be checked via the API Backlog
Remove date range segmented controls from all audit event pages Backlog
Add WARNING headers to API responses that have deprecated features Backlog
Invite users to group with minimal access Backlog
Google Cloud Platform Error Reporting Integration Backlog
Backend: Implement Pipeline Execution Feature Tracking in Service Ping Backlog
Provide a CI/CD Token with Admin capabilities Backlog
Add ability to filter only active license seats in the Users API Backlog
Notify users of Deployment Approval events via email Backlog
Add Geo support for Harbor Registry Backlog
Provide a way to monitor rollbacks Backlog
Show API triggered pipelines in the pipeline graph Backlog
Allow use of other index extensions (htm, xhtml, etc) Backlog
Prevent admins from accessing group-level protected environment (optional) Backlog
UX: Alert system for storage usage activity Backlog
Manage push rules for existing groups and projects Backlog
Using !reference in a YAML merge key causes server-side exception Backlog
Central Management of Active User Sessions (And Session Termination) Backlog
User contributions events API endpoint be available for group owners in SaaS Backlog
Add events target_type to the user contribution events API endpoints Backlog
Add tracking for PE features Backlog
Geo: Test and document upgrading tracking database with Patroni to Postgres 12 Backlog
Filter for deployment approval in the to-do list Backlog
Security Configuration: Move features available in Free above Ultimate-only features Backlog
Agent status error communication Backlog
Enhance Flag to Prevent Direct Memberships to Projects Backlog
Docs - product feedback: Importing issues from CSV should produce an error in UI if it fails Backlog
Feature Request: Clicking Headers in markdown add it to the clipboard Backlog
Make "Enable SAST/Secret Detection" MR title and description more self-documenting Backlog
Log backup environment for audit purposes Backlog
CI_MERGE_REQUEST_EVENT_TYPE output changed on Merged Results Pipelines Backlog
Optionally require membership to view epics Backlog
Group Epics should not be visible for users without Group Role assigned Backlog
Make "release/deploy" easy and "destroy" difficult Backlog
Show the latest infrastructure changes on the environments page with the "apply" (manual, waiting for approval) job Backlog
Enable CI_JOB_TOKEN as accepted header to log into access-controlled GitLab Page Backlog
New audit events: Audit event retention period Backlog
Improve logging for Git over HTTP with 2FA Backlog
Add a Semi-Internal Level of visibility for Projects and Groups Backlog
GitLab Jira Integration - Users don't exist in GitLab but they do in JIRA Backlog
Detailed Admin Mode & Impersonations Audit Event Streaming Backlog
IP Allowlist Control should allow CSV input Backlog
Automate Auto DevOps Helm3 upgrades to scaled environments Backlog
Custom environment URL schemas Backlog
Add special support for datetime markers in GitLab Flavoured Markdown Backlog
Exempt Bot Accounts from Email Notifications Backlog
Enable Ascii folding when searching for names with special characters Backlog
Backend: Use the default secret file to scan, mark job log as private, todo for user Backlog
Backend: Use secret customizations, mark job log as private, todo for user Backlog
Commit and run CI from last stop Backlog
Missing ability to pre-query branches deleted by "delete merged branches" API endpoint Backlog
Respect CI timeout value by all the expensive operations in SAST analyzers. Backlog
Support billable_members at the subgroup level Backlog
Support variable expansion in environment.on_stop Backlog
Add CI_REGISTRY_VISIBILITY variable for Auto DevOps Backlog
Provide join merge train immediately option Backlog
Design: Improve the user experience for adding passwords so they're evaluated as raw and are masked by default Backlog
Design: Make it easier to create the necessary variable configuration based on predefined variable types Backlog
Design: Evaluate CI/CD variables as raw strings by default unless the user is creating a variable reference Backlog
Design: Improve the experience for troubleshooting pipeline config errors in the pipeline editor Backlog
Group level Kubernetes page should explain agent CI/CD workflow for groups Backlog
ID feature request, webhook trigger Backlog
Enable downstream retry from mini-graph Backlog
Create untarred backups in named directories Backlog
Design: Explore more prominent ways to signify trigger jobs in the mini pipeline graph Backlog
Make webhook payload variables available in CI/CD rules:if Backlog
Design: Update the "Run pipeline" form value dropdown to a combobox to accept new values Backlog
Frontend: Trigger job pending status is unclear Backlog
Link the "There are X merge requests waiting to be merged" to a list of the merge train pipelines Backlog
Add Sort by Job Duration to Jobs tab of Pipeline details Backlog
Job artifacts should be encryptable Backlog
Updating references to Jira issues on GitLab should update the previously created backlink Backlog
Allow child pipelines to inherit global default parameters Backlog
Verify Group Link Configuration button Backlog
Archive an Iteration Cadence Backlog
Support keyless commit signing with GitSign Backlog
Add user_block and user_unblock events to system hooks Backlog
Code coverage statistics not updating after 18th of March Backlog
Update accessibility MR widget expand/collapse tooltip Backlog
Global storage quota management (GitLab self-hosted) Backlog
Global storage quota management (GitLab self-hosted) Backlog
Group-Level Merge & Squash Commit Templates Backlog
Sub-group-level enforcement for merge request approval SETTINGS Backlog
Enable stale runner cleanup Admin Area > Runners Backlog
API endpoint for Repository Analytics Backlog
Add SEVERITY_THRESHOLD variable to dependency scanning Backlog
API Support for user management - Remove from project/group Backlog
API Support for user management - block / unblock user (only provisioned users) Backlog
API Support for user management - delete users (only provisioned users) Backlog
Allow an arbitrary number of jobs from a list of jobs to be required when using the needs: keyword Backlog
Backend: Additional inputs for job:when: to allow for more flexible pipeline execution Backlog
Geo: Accelerate container images by serving read request from secondary site Backlog
Geo: Accelerate web UI and API read requests for LFS objects at secondary sites Backlog
Geo: Accelerate CI pipeline artifacts Backlog
Geo:Accelerate CI job artifacts Backlog
Include support for projects with Windows-based dependencies Backlog
Feature Request - Expand Dynamic Pipeline .gitlab-ci.yml Backlog
Make User Cap available via application settings API Backlog
Geo: Read-only Geo secondary sites Backlog
WIP: Improving usability of one cross CI/CD workflows Backlog
Enhance search in the audit event screen Backlog
Allow audit event screen to show more than 30 days of history Backlog
Enhance ping usage information on Geo UI actions Backlog
Refresh site health status Backlog
Stats for data type status counts persistent on UI Backlog
Usage stats on Geo API Backlog
Sync a child work item's iteration with its parent's iteration Backlog
Resync a work item's iteration to its parent Backlog
Display all iterations that a work item has been associated with Backlog
Sync a child work item's milestone with its parent's milestone Backlog
Resync a work item's milestone to its parent Backlog
Display all milestones that a work item has been associated with Backlog
Regulated e-signature approvals for Merge Requests (CFR part 11) Backlog
Sort service desk issue by email Backlog
Facilitate Git LFS synchronization between Geo nodes Backlog
ArgoCD agent Importer Backlog
Create a new milestone from the milestone widget Backlog
Update GitLab Postman Collection / OpenAPI Spec & publish to Postman API Network Backlog
Implement monthly, quatertly and yearly automated Iteration Cadences Backlog
Improve and expand existing OpenAPI 2 / Swagger Documentation for REST API v4 Backlog
Add Ability To Force Delete Projects That Failed To Delete Backlog
Automate child work items setting to Confidential Backlog
Promote Subgroup labels to Parent Group from UI Backlog
Misleading error on missing job dependencies Backlog
Decouple the variables available to the upstream job from the ones being passed to downstream pipeline Backlog
Show before_script and after_script inheritance in "View merged YAML" view Backlog
Add support for injecting the host IP address into k8s pods as an environment variable Backlog
Add another layer of reviews for SAST scan reports Backlog
Housekeeping of container images based on "last pulled" timestamp Backlog
Geo: New API endpoint for geo_sites to supersede geo_nodes Backlog
Feature Request - BroadCast Message: Restore Ability to customize Font color and Background color using Hex Color Codes Backlog
Make Merge Trains available for Merge Request Dependencies Backlog
When syntax errors are present, pipeline simulation doesn't show logical errors Backlog
How long will this merge train take? -> Merge Train stats summary in merge request widget Backlog
Allow passing artifacts for multi-project merged results pipelines Backlog
Allow editing of group description from the group overview page Backlog
Add a group description during group creation Backlog
Add a project description during blank project creation Backlog
Allow editing of project description from the project overview page Backlog
Merge Request API endpoint should allow filtering by merge user ID Backlog
API should support looking up all deployments by user Backlog
Geo Replicables - Add REST API for the SSF Backlog
Continuously mirror the DSP status to the trigger job status with strategy: depend Backlog
Permit multiple email addresses during user provisioning via SCIM Backlog
Support keyset pagination for the Container Registry API Backlog
Filter issues list by an epic in a subgroup Backlog
Group Test Webhook - Determine Project based on hook type's requirement Backlog
Add Users API endpoint to require a password reset Backlog
Support getting started with the agent configuration Backlog
Add time zone to user administration pages Backlog
Make it easier to find Runner Metrics (Memory, CPU) for a specific job Backlog
Refactor the stat anchor list on the project home page Backlog
Improve the interaction for selecting a profile in DAST Backlog
Follow-up: Restrict license removal for GitLab.com (SaaS) Backlog
Provide deployment approver/executor information in pipelines Backlog
Filter deployments by date on the Environment detail page Backlog
Let subgroups override "Prevent project forking outside current group" setting of top-level namespace Backlog
LDAP user should display source group Backlog
Enforce delayed deletion of user contributions upon user deletion Backlog
Allow creation/management of Resource Groups Outside of Pipeline Backlog
Allow global dismissal of subscription expiry by an instance admin or group owner Backlog
Pipeline Execution N Aged S2 Triage Backlog
Geo: Implement "container_repositories_max_capacity" for SSF Backlog
Pipeline Execution N+1 Aged S2 Bug Triage Backlog
Enable notification about deployments in Google Chat and other services. Backlog
Create a predefined variable for MR approved by code owners Backlog
Support Cyberark as SCIM identity provider - add the /schema SCIM Endpoint Backlog
Allow Owners/Maintainers to approve Deployments that were created by themselves Backlog
Configurable maximum number of pipelines in a merge train Backlog
Provide task to check integrity of backup file and display backup metadata Backlog
VSA - Expose timestamp in VSA created_after and created_before dates Backlog
VSA - Support full UTC timestamp for date range filters Backlog
Verify receiving server with certificate pinning Backlog
Reflect most recent hook event's status code on /hooks page Backlog
Setting Global / Group level codeowners / merge approval configurations to use across multiple repos (shared configs) Backlog
Generate short lived access token Backlog
Investigation - allow user to re-import failed relations and relations created after previous import Backlog
Accelerate most GET requests which don't depend on Geo-replicated data Backlog
Use Secret Detection to find/mask default secrets matched in job logs and raw output Backlog
Audit Events - Log initial trigger of project and group deletions, and/or make it clear why deletions are taking place Backlog
Support coordinating values for variables / secrets across environment Backlog
Bump Gemnasium image dependencies when they're updated by scheduled updates Backlog
Record when a group's Max Role is changed under membership in a group or project to the audit_json.log file Backlog
Adds configuration to admin dashboard to restrict only push mirroring to a project Backlog
Make it easier to revert changes Backlog
Don't allow duplicate resource links (by URL) in incidents Backlog
Support specifying path/group searches in navbar search field Backlog
Add SAML tag to SAML users in Admin Area page for self-managed instance Backlog
Add user state to member list of projects or groups Backlog
Add Ability To Share Iteration Report Filtered By Label Backlog
Automatically update environments tier based on presence of deployment_tier in pipeline configuration Backlog
Support hash-checking and version specification in requirements.txt for License Compliance Backlog
Include a customizable fiscal view for epic roadmaps Backlog
Treat MR integration sources as unified Observability data (test, security, metrics, etc.) and provide correlation & focused views Backlog
Geo: Replicate Packages::Debian::RepositoryFileUploader Backlog
Rate limits consumtion summary Backlog
Automatic sidebar creation for wiki Backlog
Geo: More detailed site status Backlog
Geo: 10 min old status is not a critical failure Backlog
Ability to restrict Access tokens to Specific IP Addresses Backlog
Introduce a project's settings to reset integrations and webhooks Backlog
delete environments using CI Backlog
Backend: Agent activity event for configuration changes Backlog
Restrict access to subgroup by IP address Backlog
Backend: Add support to rules:exists keyword to match multiple files (AND operation) Backlog
.gitlab-ci.yml's Parsed YAML Size Limit - surface information to user so they can manage this Backlog
Windows SaaS Runner enable core.longpaths true Backlog
Implement dropdown for primary email change Backlog
Ability to set 'gitlab_username_changing_enabled' via Application Settings API Backlog
Bulk moving of closed issues errors out after ~10 issues Backlog
Create Advanced Search Information API endpoint for UI parity Backlog
Restrict access to subgroup by IP address Backlog
Add Support for Stackrox CI Integration Backlog
Improve process for adding a project template Backlog
Convert/promote Jira issue to GitLab issue Backlog
Ability to completely disable built-in wiki functionality Backlog
Add Storage Limit Option for Cached Files Backlog
Optionally disable inheritance Backlog
Have security findings/vulnerabilities created as a result of operational container scanning created in originating projects Backlog
WebHooks - Cannot create Group member event via the API Backlog
Advanced Search only within my namespace Backlog
Define the rules around READMEs for Project Templates Backlog
Add community members as reviewers of Project Templates Backlog
Ensure Project Template MRs are counted in throughput stats Backlog
Add an airgapped? configuration state Backlog
There should be a way to surface "status updates" to a parent sub-epic/epic Backlog
User Should Be Able to Self Approve Deployment after Manual Job is Played Backlog
Create to-dos when someone replies to a thread Backlog
Visualise Cucumber test reports in pipeline view and/or Merge Requests Backlog
Backend: Surface pre-defined variables used by a job in the job detail page Backlog
Support OIDC as a provider for Group SSO on GitLab.com Backlog
Provide a way to compare tags more easily Backlog
Pipeline triggerer is shown as the user who created the mirror, instead of user who started the mirror process Backlog
Add password requirements in a tooltip Backlog
Enable two_factor_enabled API field for group owners Backlog
Customizable Permissions: Prevent users from applying Default GitLab Roles Backlog
Customizable Roles: Bulk migrate users from default roles to custom roles Backlog
Extend API to return group and user-level apps. Backlog
Support FQDN in exists/changes Backlog
Add pending deployment approvals to custom notification events Backlog
Geo: Add Unified URL configuration flag to Geo Site Backlog
Geo: Use a special header to tell Workhorse not to proxy current request Backlog
Make Subscription Details visible in when printed Backlog
Improve Bulk Edit Issues error reporting Backlog
Add owner / creator field to deploy key API endpoints Backlog
Make Markdown preview more obvious/enabled by default in the new Web IDE Backlog
Add Git decorators in file explorer and Gutter indicators for changed files in new Web IDE Backlog
Ability to increase active session limit Backlog
[DEBATED] License Scanning using SBOM components stored in DB for default branch Backlog
Send alert notifications to specific email addresses Backlog
Disable all existing project wikis functionality at once Backlog
Let namespace admins set sub-group CI Minute Limits in UI Backlog
Remove runnerPlatforms and runnerSetup GraphQL queries Backlog
GitLab for Slack app Token rotation Backlog
Make expired users easier to re-add Backlog
Extend group activity to go further back in history Backlog
Require Pipelines To Be Based on Syntactically Valid YAML Backlog
Make Groups the default value for group_attribute in SAML configuration Backlog
Restrict access to a tunnel to specific branches Backlog
Consider implementing SAML authentication request signing on GitLab.com Backlog
GitLab LDAP Group Sync "Dry Run" functionality Backlog
Add absolute date to Instance setting Backlog
Parse CODEOWNERS into DB tables Backlog
Expose CODEOWNERS rules via API Backlog
Geo : Ping usage for accelerated runner jobs by secondary sites Backlog
Brainstorm: Deployment policies Backlog
Flux to GitLab access management Backlog
Alert Only groups enrolled in quarterly subscription reconciliation about True-Up Backlog
Allow Exposure of Vault Token Used by Gitlab Runner Pipeline via ENV VAR Backlog
Feature Request - personal timesheet Backlog
Dashboard for namespace / multi-project view Backlog
Decouple Classification Labels from External Authorization Backlog
Improve workspace data isolation with micro VMs Backlog
Allow disabling New Snippets for Enterprise users Backlog
Merge request drop down in the top bar and MR section of Your Work should also have an Authored option Backlog
Add option to export all members contained by a group as a CSV Backlog
Customize LDAP Error Message when Invalid Login Occurs Backlog
rake task for removing unreferenced LFS objects from S3 bucket Backlog
Expand Secret Detection post-processing and revocation to all tiers Backlog
Improve Member Role API response when group is not root Backlog
Request: See Issue due date in Milestone view Backlog
Split jobs in a parallel matrix jobs Backlog
Enable Bulk Issue Create from Vulnerability Report Backlog
Add Default membership for members without SAML group link for Self-Managed Backlog
Control project visibility based on role Backlog
Silent mode - suppress outbound file hook traffic Backlog
Service Portal Backlog
Allow profiles to display or hide information Backlog
Indicate on the Vulnerability page if a vulnerability has been disputed in NVD Backlog
Create forkSynced subscription Backlog
Improve messaging for when a merge request is dropped from a merge train Backlog
Activity page should list user invite and deletion events Backlog
Create API calls for repository check last_repository_check_failed Backlog
Geo: Silent mode - Suppress outbound Deprecated Kubernetes Connections Backlog
Geo - New GraphQL endpoint geoSite to supersede geoNode Backlog
Geo - New geo/site_proxy endpoint to supersede geo/node_proxy Backlog
Geo - Static redirect_uri for OIDC SSO Backlog
Geo Settings - Update geo_node_allowed_ips to geo_site_allowed_ips in Application Settings Backlog
Add support for Hashicorp Vault's PKI Secrets Engine Backlog
Connect feature flags with error reporting (sentry) and automatic switchback Backlog
Add support for Hashicorp Vault's Database Secrets Engine Backlog
SCIM de-provisioning: remove user from subgroups even if already removed from parent group Backlog
Decide what to do with Yarn berry patch packages Backlog
Labels created from the Admin Area are available to groups Backlog
Test Coverage visualization even if of manual jobs do not finish Backlog
Disable topic creation for non-admin users Backlog
Backend: Investigate adding dependencies to rules on jobs (in needs) Backlog
Customize OIDC Error Message Backlog
Allow new Administrators to create groups by default Backlog
Support $search for the agentConfigurations query Backlog
Azure AD Authentication for Azure Flex Postgres Service Backlog
Provide option to avoid running a Merge Request pipeline when there is a merge conflict Backlog
Add ability to skip tar creation to backup-utility Backlog
Move Reserved Domain list to be configurable Backlog
Provide a new area for actions in blob view to minimize gutter Backlog
Service Desk Email Issue Debugging Backlog
All images in the issue description should be part of Design management so that they can be commented on Backlog
Better LDAP error logging Backlog
Create a "Label Management" permission Backlog
Associate pipeline schedules with bot users Backlog
CI support for triggering a Flux sync Backlog
Rotate the CHANGELOG through the API Backlog
Support for OCSF (Open Cyber Security Format) for GitLab AUDIT EVENT Streaming Backlog
Add blocked status to pipeline email notifications Backlog
Increase Service Desk incoming mail attachments to 25MB Backlog
Geo: add settings to allow disabling proxy to primary Backlog
Allow role override for SAML group-synced inherited members Backlog
Docs feedback - feature proposal: custom GitLab quick actions for premium tier Backlog
Add support for non npm packages in Yarn berry Dependency Scanning Backlog
Setting custom additional text in deactivation emails via the API Backlog
The default role of Guest for Project/Group access tokens can cause confusion about token permissions Backlog
Add support for scanning images hosted on remote registries when FIPS mode is enabled Backlog
Include user-managed libraries in the Cyclone DX SBOM output file Backlog
Export PM Data from GitLab to Microsoft Project Backlog
Ability to view stats/assignees/weight of a task without having to click into the task from the issue board. Backlog
Ability to set capacity for each iteration for the team Backlog
Use Jupyter Notebook as the editor in a workspace Backlog
Kubernetes service maps auto-discovery using eBPF with the agent for Kubernetes Backlog
Backend: Allow Docker Layer Caching for Merged Results Pipelines Backlog
Ability to attach artifacts to a Jira issue Backlog
Terraform state cleanup policy Backlog
Feature Proposal: Character Count in UI for Time Tracking Summary Backlog
Inject the glab CLI into every workspace Backlog
Add a hosted/managed Unleash proxy service for GitLab SaaS Customers to use Feature Flags at Scale Backlog
Geo: Add object storage replication and verification settings to service ping Backlog
Geo: Add UI checkbox to enable object storage verification Backlog
Ability to enforce SSO for git SSH at the instance level Backlog
Allow variable expansion for image:entrypoint Backlog
Geo: Silent mode - Suppress Snowplow traffic Backlog
Merge Trains without Merged Results Pipelines Backlog
Geo: Silent mode - Suppress outgoing external traffic from container registry webhooks Backlog
Add read_package_registry and write_package_registry access scopes to Personal and Group/Project Access Tokens Backlog
Support Gradle in Coverage-guided fuzz testing Backlog
Gitlab api - List project jobs - allow to filter by ref name Backlog
Add Rails/Sidekiq version consistency check as part of post-deployment validation for multi-node environments Backlog
Instrument Reference Architecture alignment via Product Usage Data Backlog
View rich content (HTML) in description and comments Backlog
Make original Email downloadable Backlog
Feature Request: support pre-commit hooks to validate Jira Issue IDs included in commit messages Backlog
GitLab Runners should report all IP addresses in X-Forwarded-For header Backlog
Geo: Show count of items in replicables list view Backlog
Deprecate running a single database and require main and ci database instead Backlog
Allow configurable markdown rendering limits Backlog
Possibility of adding a comment in Jira while the build completes Backlog
Turn geo:status output into a table Backlog
Restrict Enterprise Users' all emails to verified domains only Backlog
Enable SaaS users to keep user profiles up to date using SAML Backlog
Dependency proxy for packages: update how the credentials are encrypted Backlog
Get insight into how long workspaces are active Backlog
Make notifications more discoverable Backlog
Give project/group notification grouping options Backlog
Host files in login page for alternative sign up Backlog
Expose reason for not creating the on_stop job on stopping the environment Backlog
Add API endpoint to download release evidence Backlog
Ability to override runner tags via a new global keyword Backlog
Increase Gitaly timeouts Backlog
Improve the layout of jobs tab in pipeline details page Backlog
Service Desk Automation Backlog
Allow configuration of project cloning approach Backlog
Markdown pre-set image sizes Backlog
Notification emails for newly authorized OAuth applications Backlog
Application setting to control the dependency proxy for packages Backlog
API endpoint to retrieve all audit events under a given group Backlog
Housekeeping of redundant Sidekiq queues when moving to routing rules Backlog
Recurring broadcast messages Backlog
Advanced Search: Code search doesn't mention which branch the search was done when no search results are returned Backlog
Progress bar is not the most helpful representation for replication slots on Geo dashboard Backlog
agentk should notify Flux about new OCI artifacts when they are available Backlog
Improve file verification status presentation in replication summary table Backlog
Geo Admin Dashboard: Explain replication slots and replication slot WAL and link to help pages from UI Backlog
Compact Geo dashboard layout Backlog
Batched, rate limited merge trains MVC Backlog
Frontend: Audit history for CI Variables Backlog
Domain verification certificate failure notifications should not be sent to entire group Backlog
Deprecate remediation of Dependency Scanning vulnerabilities Backlog
Backend: Audit history for CI Variables Backlog
Support for OCSF (Open Cyber Security Format) for GitLab SECURITY FINDINGS Streaming Backlog
Custom Iteration Cadence Start/End Date Backlog
Design the external job visuals Backlog
Feature request: SCIM with OpenID Connect OmniAuth Backlog
Keyset Pagination is not working for Jobs API Endpoint Backlog
Make it easier to change your GitHub access token on the import page Backlog
Create SAML Group Lock for SaaS Backlog
Allow disable 2FA enforcement for admin users Backlog
Exempt git fetch operations from Git abuse rate limit Backlog
Show instance level default branch name value in group settings Backlog
Update Geo docs: Git pull/push over SSH against a secondary site Backlog
Group owners should be able to customize Owner assignment strategy for new projects Backlog
Make service desk emails immutable for gitlab.com Backlog
Can we integrate kics scanning of a terraform plan Backlog
Removing email addresses in replies should remove external participants Backlog
Service configuration through the UI and in code Backlog
Change default process_mode of resource groups to oldest_first Backlog
Exempt Slack integration operations from Group IP restriction Backlog
Enable training providers by converting brakeman vulnerability warnings to CWEs Backlog
Automatically re-add MRs to merge train once pipeline passes Backlog
Replace MergeToRefService with CreateRefService for merged results pipelines and mergability check - Backend Backlog
Include the project name or the project url of the repository with the vulnerability while creating Jira issue Backlog
Integrate Harbor as a proxy cache for GitLab Container Registry Backlog
Allow Jenkins to publish build status to merge request pipelines Backlog
Support adding CA to a group via UI for enabling auth via SSH certificates Backlog
Pipelines view in Merge Requests should display parent commit when using pipelines for merge requests Backlog
Design for multiple editor support Backlog
Increase max sources limit for Cobertura files for test coverage visualization Backlog
Consider extending the lifetime limit of access tokens from just the ultimate tier to also premium Backlog
Show Minimal Access groups in admin/users/USERNAME/projects Backlog
Make Pipeline editor responsive, to fill the available window height Backlog
Instance with multiple LDAP servers hit 500 after activating cloud license Backlog
Navigation to Kubernetes Dashboard with Agent Connection Issues Backlog
Custom fields for GitLab Releases Backlog
Excluding Merge Commit from Regex based Push Rule Backlog
Migrate to only using HEAD to determine default branch Backlog
Checksum GitLab managed object storage replication Backlog
Unable to delete a project Backlog
Allow users to find branches with recent pipelines faster Backlog
AI/ML Based Feature for Managing Grouping Users and Managing an Organization's Access Backlog
Be Able to Disable "Setup Personal Access Token Banner" Backlog
Integrity check rake task for package registry Backlog
Create Additional Auditing Capabilities Backlog
Allow enable/disable of automatic account creation at sign-in Backlog
Add support for rules:needs:pipeline in the existing rules:needs feature Backlog
Sort Admin Group list by member count Backlog
Auto-create Alert based on Errors Backlog
Allow to turn off Service Desk thank_you email per project Backlog
Gemnasium: Specify line number in "invalid spec" error Backlog
filter epics by parent epic Backlog
Help text changes for New API token or Password when setting up Jira integration is confusing Backlog
Consistently alert anyone pushing to a protected branch in the Web IDE Backlog
Make user profile visibility restriction available on SaaS Backlog
Implement group level MR approval rules Backlog
Project level MR approval rules UI changes Backlog
Map BitBicket Issue status to GitLab labels Backlog
Deprecate the operations dashboard Backlog
Embedded User Access Reviews in GitLab Backlog
Streamline Export SBOM feature Backlog
Add version control for Project Variables, or at least some log or audit log or last update time Backlog
Direct Viewing of Generated Pipeline Files with Syntax Highlighting Backlog
Improve Parent Pipeline Status Reporting When Child Pipeline Jobs Are Canceled Backlog
Provide a mechanism to reliably freeze application state to create backups with data integrity Backlog
Allow Group Owners to change primary emails for Enterprise Users Backlog
Git Client Policy Based Configuration Via GitLab Policy Git Hook Backlog
Inform external participants that ticket has been closed Backlog
Add Data Loss Prevention Dashboard Backlog
Feature: WebIDE Support for Push Options Backlog
Allow option to globally disable public pipelines Backlog
CI rules if:exists to AND multiple files instead of OR Backlog
Add access_as: user support for web terminal Backlog
SSH Lifetime Limit: reference original SSH key and prevent addition of key previously used Backlog
Proposal: Financial administrator role that does not consume a seat in a GitLab group Backlog
Support MR-based GitOps-style automated review environments Backlog
Grace period for SSH key restrictions Backlog
Enabling All users in this group must set up two-factor authentication on a subgroup should only apply to direct members in that subgroup Backlog
Store time-until timestamp within the $CI_DEPLOY_FREEZE variable Backlog
"Re-deploy" buttons for protected environment is displayed to users who are not allowed to deploy Backlog
Drill down into code coverage from the overall solution to individual lines of code Backlog
Embedded User Access Reviews in GitLab Backlog
Return an error when using the /projects/:id/jobs/:job_id/play endpoint to a job that already ran. Backlog
Allow simulating security policy changes Backlog
Efficient AI DevSecOps for Ops/Sec: CI/CD, GitOps, Kubernetes, Observability: AI-assisted Auto DevOps (Auto DevOps++) Backlog
Create Policy Admin Permission/Role Backlog
CI secrets - per-secret variable configuration Backlog
Feature: Copy milestone and associated issues between projects Backlog
Consider exempting group/project and service account access tokens from IP restrictions Backlog
Add option to include or exclude dormant bot accounts from being automatically deactivated Backlog
Environment Approval Workflow Unusable Backlog
Permit customers to pass a file containing hostnames to be excluded or ignored from DAST Backlog
Add option to prevent transfer of projects and subgroups outside of top level group Backlog
Rebase merge train refs in fast-forward or semi-linear train after a skip-merge Backlog
Assign multiple milestone to an issue Backlog
Ability to save/export expanded gitlab-ci.yml with dynamic/child pipelines Backlog
Add ability to search pipelines and jobs using raw text Backlog
Improve user search in admin area Backlog
Address analysers generating inconsistent vulnerability identifiers Backlog
Allow configuring Advanced Search outside UI/Rails Console Backlog
Route sub-pages of /pipelines/latest to the actual latest sub-page, instead of yielding 404 Backlog
Project Merge Method Setting - Front end Backlog
Enforce README creation at project level Backlog
Ability to create template for readme Backlog
Add a Start and End dates to the Objective Records Backlog
Actionable Insights: Approval jobs as part of the pipeline Backlog
Prevent bot accounts elevation to Administrator accounts Backlog
Add recommendations for securing existing projects for CI_JOB_TOKEN scope changes Backlog
Service description field Backlog
Improve informativeness of the @ mention of a group Backlog
Alert when Personal Access Token (PAT) is used from a new location Backlog
Map Jira status to a scoped label Backlog
Jira importer - MR links Backlog
Add merge train health statistics Backlog
Display of languages in repository analytics should not be bar chart Backlog
Ensure OIDC token mapping can be policy enforced and not be manipulated by project settings or CI. Backlog
Add support for configuring number of shards and replicas for gitlab-production-migrations index Backlog
Implement API/GraphQL endpoint for "Require an associated issue from Jira" Backlog
Make GitLab Backups more robust Backlog
Feature Flag approval_group_rules Backlog
Revoke all active sessions for a user Backlog
Add 302 error handling to group imports Backlog
Add created at time for running pipelines on pipeline list view page Backlog
Add ability to set and enforce SSH key expiration dates at the group level Backlog
Allow searching an environment to apply from the middle of the environment name Backlog
Show the release process related to environments Backlog
Keep last run Test Results on merge requests Backlog
Unify the way that project/group access tokens are referred to Backlog
Ability to be able to disable Oauth applications at the Group level Backlog
Add a "quality report" generated by AI Backlog
Implement a UI option to force stop an environment. Backlog
Prioritize Organisation Users in invitation modals Backlog
Feature request: Allow self-managed service accounts to be locked to a specific group or project Backlog
Log scanners causing scan_finding rule violation for MR approval rule Backlog
Document how approver permissions change when the list of approvers changes on an existing deployment Backlog
Get times labels were applied to and removed from issues Backlog
Measure duration of time a label has been applied across an instance Backlog
Limit viewable users when inviting members to a project Backlog
Allow Dynamic pipelines to use project and includes keyword together Backlog
Implement unsubscribing from the stream Backlog
Option to auto-add SCIM identity when an account is provisioned by SAML sign in Backlog
Support multiple Slack integration for the same repository Backlog
Code Suggestions: Enable more context (open files, all repo files) as opt-in request Backlog
Self-Managed Container Registry Feature Request: Add a way to generate a report that shows reported registry usage for all projects at once and takes blob storage deduplication into account Backlog
GitLab Duo: Generate Mermaid charts in the Rich Text editor (using the GitLab Duo Chat framework) Backlog
Container Registry Feature Request: Add at least one field per-image for custom/user-defined use (e.g. an "in-use" field) Backlog
Support AWS Systems Manager Parameter Store Backlog
No cleanup policy for different version of assets in same maven snapshot version Backlog
Make improvements to the ability to traverse error in logs Backlog
Make evidence field a first class database field Backlog
Project Setting: Run Destroy Job Before Branch Delete Backlog
Scan for vulnerabilities in Go binaries caused by vulnerable versions of the std library Backlog
Add configurable option to restrict what non-member users show in auto-complete fields Backlog
New API endpoint: GET a list of registry tags in a group Backlog
Auditor users unable to view blocked users via the list users API endpoint Backlog
Feature Request: Viewing failed pipelines Backlog
Show a read-only version of the related protected environment settings under the environment settings Backlog
Add authentication management method to replace PATs with configuration file Backlog
Add support for needs:parallel:matrix between parallel matrix jobs Backlog
NPM dependency proxy: metadata cache update background job Backlog
NPM dependency proxy: implemented the metadata endpoint (cache miss case) Backlog
NPM dependency proxy: GraphQL changes Backlog
NPM dependency proxy: frontend changes Backlog
NPM dependency proxy: documentation Backlog
Allow users to choose a branch pipeline merge strategy Backlog
Add missing tooltips on pipeline and job list view Backlog
Code scanning feature to highlight potential security issues in source code Backlog
Move GitLab data integrity checks into default installation Backlog
Geo: Separate proxy controls for UI and the rest Backlog
Allow the use of service accounts when PATs are disabled by API Backlog
Add Approvals to MR Widget Backlog
Enable a Flag to prevent project pipelines to be retried Backlog
Extend GET to create and manage backup infrastructure Backlog
Help users select the correct project type during project creation Backlog
Add description to input fields missing them during project creation Backlog
Create audit events for the enabling or disabling of AutoDevOps Backlog
Proposal: Add projects pending deletion to the Inactive tab in Explore > Projects Backlog
Exporting all jobs at the Instance into JSON or CSV Backlog
Improve Kubernetes resource annotations UI Backlog
Point-In-Time-Recovery Backlog
Visualize debug log for pipeline creation Backlog
Improve test summary information on job logs page Backlog
Backups : Create a standardized communication interface between Gitaly backup and Unified backup Backlog
Run pipeline when a tag is deleted Backlog
Pass Trivy's SBOM's filepath field into Container Scanning report for pipeline security tab Backlog
Expose a gitlab object to components, as a safer alternative to predefined CI variables Backlog
Cells/Regions: Select low-CO2 regions/zones Backlog
Downstream pipeline permission should mention affected user Backlog
Add date filter or slider to /usage_quotas Backlog
Vulnerability Report (excel) doesn't have a link back to the issue within the UI Backlog
Support a central Flux installation with application status information from the leaf clusters Backlog
Improve Merge Train messaging for when a Merge Request fails push rules. Backlog
Evaluate workflow to remove a child item in work items child items widget Backlog
Build a cloud configuration backend for Opentofu Backlog
Admin Usage Trends should show monthly usage and average usage per month Backlog
Gather unique monthly secondary site users for git operations when using unique secondary URLs Backlog
Add option to export/import CI job output logs Backlog
Merge requests - assurance that code changes are reviewed by second authorized individual [group and project access token] Backlog
System hook should fire project_update event when push access levels changed Backlog
Add audit event for for Iterations Backlog
Enable PUT to projects API for moved projects Backlog
Disable Password Authentication from gitlab.rb in addition to Admin Area Backlog
UX / Frontend: Link back to MR from Pipeline, Job, and Artifact pages in the same place Backlog
NPM dependency proxy: implement the upload endpoint Backlog
Feature: Create pipeline_api token scope Backlog
Allow "Approve & Deploy" when all approval conditions for a protected environment are met Backlog
Add deployment approval webhook events Backlog
Design investigation: Batched merge trains Backlog
Allow users to start and retry pipelines for protected tags they don't have access to Backlog
Group Membership Visual Indicator in nav_user_menu Backlog
Group Access Token availability on GitLab.com SaaS is unclear (docs, settings) Backlog
Define and correct behavior for webhook pipeline events and manual jobs Backlog
api call to update issues health_status Backlog
Move subgroups and projects pending deletion from 'Subgroups and projects' to 'Inactive' in group overview Backlog
Allow deletion of projects from group overview Backlog
Request: Ability to supply generic external secrets provider Backlog
Support unit testing for pipeline development Backlog
Expand User details included in Export as CSV Backlog
Provide a way to show projects where a group has "inherited" permissions to projects from being invited to another group, in the Groups API Backlog
Make tls_options.cert and tls_options.key externalizable Backlog
Feature Request: Support dynamic variables/inputs for nested components within a component Backlog
Request direct access button for projects. Backlog
Dynamically Managing Runner Resources at Scale Backlog
Allow the installation of the Slack APP in projects via the API Backlog
Add project avatar during blank project creation Backlog
Add group avatar during group creation Backlog
WORM storage compatibility Backlog
Allow the configuration of Slack slash commands for the GitLab for Slack integration on GitLab SaaS Backlog
Provide AWS CodeDeploy with the package version number in deploy_to_ec2 Backlog
Feature Request: Add notification for own merge Backlog
Geo: Improve chances of the first stage of the pipeline being accelerated by Geo secondary Backlog
Increase Rate Limit on User API Threshold to 1000 for SaaS customers Backlog
Support custom roles on protected branches Backlog
Include full Gitaly error message in the UI when repository import fails Backlog
Feature: permit administrators to revoke active user sessions directly and in bulk/en masse (UI and API) Backlog
Allow grouping deployment environments at the project level for monorepo Backlog
Restrict instance runner access enablement to top-level group owner only Backlog
gitlab:db:decomposition:connection_status Rake task doesn't include connection info after ci: database has been created Backlog
Allowlist for Use by Project Access Tokens Defined at the Organization Level Backlog
Instance-level SAML API Backlog
Restrict/Control OAuth Application Connections for dotcom Enterprise Users Backlog
Compare test coverage for a merge request by job names Backlog
GitLab Secrets Manager - Bring Your Own Key option Backlog
Record Milestone author Backlog
Add customisable SAML failure messages when authentication fails Backlog
Reorganize social contacts in the user profile settings Backlog
Feedback from Operational container Scanning in the UI Backlog
Google chat integration: Thread Support for comments in Issues and Merge Requests Backlog
Add example AWS keys to allowlist for Secret Detection Backlog
Complete implementation of SCIM 2.0 per RFC7644 - ServiceProviderConfigs Backlog
GitLab unexpectedly reports pending obsolete elastic migrations Backlog
Enforced allowlist for CI job token at group level Backlog
Allow Feed token to be empty (and default to empty) Backlog
Check CI log checksum before displaying in the UI Backlog
Geo: Skipping sudo -i when starting replication results in postgresql data directory to inherit the root owner instead gitlab-psql Backlog
Deprecation: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN Backlog
[Custom roles] Permission to add labels to MR Backlog
Merge train visualization: Add estimated time to merge Backlog
Enhancement - deployment approvals from Environments dashboard Backlog
Backend: Show estimated time to merge for merge trains Backlog
Merge train visualization: Show removed MRs from the queue Backlog
Merge train visualization: Improve the warning for merge request removal to communicate impact Backlog
Make Merge Train commit message customizable via API Backlog
Trend chart that displays the count of CI/CD jobs run in a GitLab instance over time Backlog
Allow service accounts to sign commits Backlog
Autocomplete support for group level wikis in projects Backlog
Better error information for failed reports when processing coverage reports Backlog
Improve Protected Tag deletion error message Backlog
Geo: Improve repository acceleration performance for monorepos with high activity Backlog
Feature Request: Provide a way for GitLab administrators to easily track feature flag changes across GitLab versions Backlog
Globally change the default of unique pages domain feature and add a per-project API to toggle it Backlog
Reword "Delete" to "Delete immediately" in groups/projects list contextual action Backlog
Introduce more ANSI formatting to CI job log parser Backlog
Feature Request: Support for SMTP Relay Without Authentication for Service Desk Backlog
Feature Request: Instance Level Configuration for SMTP Server in Service Desk Backlog
Setting to completely disallow 2FA enrollment Backlog
Add 'Resolution' field in Vulnerability Report Export Details Backlog
Display velocity and volatility in the iteration cadence list Backlog
Consider adding more details about upstream vulnerabilities to Vulnerability Report Backlog
Add option to remove metrics in logs Backlog
Marking a group as 'pending deletion' should put all subgroups and projects into a read only state Backlog
Maximum allowable lifetime for access token - alternatives to revoking out-of-compliance tokens Backlog
Add option to increase rules:exists file limit Backlog
Add editable sign-in 'order' Backlog
Feature Request: Enhance GitLab Service Desk with Direct Integration of Custom Email Addresses via Azure Graph Backlog
Follow-up: Add UI components for Beyond Identity check exclusions by Projects Backlog
Present job failure error on pipeline list view Backlog
Feature Request: Enhanced Project Deletion API with Cascading Image Repository Removal Backlog
CI/CD Component Badges for SM customers Backlog
Add configurable character limit for Service Desk subaddressing Backlog
Feature Request: Enhance Container Registry Cleanup with "In-Use" Image Detection Backlog
MVC: Use Stars on Source Repository as Component "Stars" Backlog
Provide API endpoint for Pages with Access Control enabled Backlog
Show a deployment's merge requests in the Deployments page Backlog
Separate deployment comments from approval/rejection actions Backlog
Feature request: Service accounts should be able to use SSH certificates Backlog
Improve experience when MR is pending pipeline status Backlog
Expose SAML session expiry time in the GUI Backlog
Create to-dos when someone comments on an issue you watch Backlog
Support wiki_access_level filter in Projects API Backlog
Support additional action type for Merge request approval policies Backlog
Add instrumentation for resource group usage Backlog
Indicate group transfer is still running Backlog
Test potential latency gains from distributing KAS across multiple regions Backlog
Support YAML anchors/aliases when configuring security via MR Backlog
Resolve Merge Request Approval Policy violation comment when approved Backlog
Ability to create pipeline when pipeline configuration is external and user who created the pipeline doesn't have access to the external project Backlog
Support for Google Artifact Registry integration for self-managed instances Backlog
Increase CI/CD YAML Global 'Retry' Keyword Default Options from (0,1,2) to (0,1,2,3,4,5) Backlog
Create remote workspace for mobile development Backlog
Allow customization of the size of persistent storage that the GitLab workspace uses per pod Backlog
Define a resource group for a pipeline Backlog
Filter schedule rule type Scan Execution Policies Backlog
Users API doesn't support inherited or shared memberships Backlog
Ability to disable GraphQL Explorer endpoint Backlog
Ability to disable GraphQL introspection Backlog
Feature Proposal: Expose package metadata to Dependency and Container Scanning users Backlog
Feature Proposal: Contextual Patching for Dependency Scanning Backlog
Track the number of deployments rendered for the Tree view Backlog
Render a branch with replicaSets and pods for each deployment Backlog
Track user click on a deployment to view the branch Backlog
Implement reconnect to stream for the tree view Backlog
Document Kubernetes tree view Backlog
Create to-dos for newly-mentioned users in edited notes Backlog
Add Test Coverage Visualization validation Backlog
Troubleshoot support of MS edge tools extension in Remote Workspace VS Code Backlog
Add support for members API to be fetched by created_at Backlog
Vulnerability Management Integration with Jira - Allow Population of Custom Fields Backlog
Support Direct membership for Group Sync with same role Backlog
Present an option to retry jobs in a merge train pipeline while its still running Backlog
Make pipeline job name clearly visible on job page Backlog
Enhance API Consistency and Flexibility Backlog
Create Dynamic Jobs Using Different Secrets Where You Can Refer To Specific Vault-Paths. Backlog
Jira integration: Password cannot be blank error when switching to default settings Backlog
Support input scenario for Pipeline Editor validation Backlog
Full-text search for notifications Backlog
Provide a "pipeline performance profiler" or "heat map" to show where jobs are consuming the most CI minutes Backlog
Feature proposal: Container Scanning support for Kaniko tar files Backlog
feature proposal: Jira issues visible from the group level Backlog
Group Sync: Provide alert when last group link is removed from subgroup Backlog
Add ability to disable code completion and just have code suggestions Backlog
Discussion on use of Release posts for bug notification Backlog
Allow Jira issue integration to customize required fields. Backlog
Geo: Re-introduce the Redownload behaviour as a fallback to recover from repeated failed clone/fetch sync requests Backlog
Add a SAML Authentication Button Backlog
Allow group owners to modify names and usernames of Enterprise Users Backlog
Correctly compare wildcard segments before end of version string Backlog
Support historical value of schedule pipeline variables Backlog
Enable delay before modifying protected env, approvers, owners or deployers Backlog
CI/CD component to update a git repository Backlog
Configure Profile Visibility to Require Authentication on Self-Hosted GitLab Instances Backlog
Add git operations Audit event to saved to database Backlog
Supports closed set of extensions in the WebIDE Backlog
Codequality with dind on rootless docker runner Backlog
Filter vulnerabilities by group Backlog
Clarify when kics scanner cannot scan Helm chart templates Backlog
Provide Code Quality reports at the group level Backlog
Monitoring for Security Scan Jobs and Results. Backlog
Create a dedicated GitLab service account for every agent Backlog
Configure license approval rules with regex or wildcard pattern Backlog
LDAP group sync does not throw error for users with no LDAP identities Backlog
Feature Request - static URLs for assets Backlog
Syntax highlighting theme that follows system preference for dark mode Backlog
Prefill variables based on conditions Backlog
Add "read" state for notifications Backlog
Add "Ability to change MR Template" as a customizable permission Backlog
Add "Ability to remove a fork relationship on a project" as a customizable permission Backlog
Create follow-up task from notification Backlog
Make Automated Token Reuse detection optional Backlog
Add SPP to security upgrade banner Backlog
Standardized format for expires_at field between deploy tokens and access tokens Backlog
Implement a SAST_INCLUDED_PATH variable Backlog
Upon deactivation of current token, activate a new token after the first usage Backlog
Audit event when accessing Terraform states Backlog
Allow customizable expiration interval for tokens, greater than 365 days Backlog
Dependency path support for language dependency vulnerabilities found by container-scanning Backlog
Enable 'Report Abuse' button on Snippets Backlog
Remove graphql fields merge_trains_index and count from merge requests Backlog
Add "Ability to Reclaim Scheduled Pipeline" as a customizable permission Backlog
"No Longer Detected" Field Available Through Jira API Backlog
Deprecate 'Mutation.ciJobTokenScopeAddProject' API Backlog
Allow Pipeline Notification emails to be sent to custom email Backlog
Notify the agent owners that their agent is outdated Backlog
New audit event on the first connection of an agent with a new version - backend work Backlog
Allow setting an owner for the agents Backlog
Secondary email confirmation sent when skip_confirmation is false Backlog
Allow more granularity for the "Keep artifacts from most recent successful jobs" setting Backlog
Filter deployment jobs for jobs waiting for approval Backlog
Invoke previous prompts in Duo Chat Backlog
Expose the Helm managed resource list for the frontend without giving access to the underlying secret Backlog
Discussion: Elimination of custom-rulesets Backlog
Create an .duoignore file to ignore some files when sending context to AI LLM Backlog
Capability of setting 'Pipeline must succeed' to specific branches only Backlog
Add support for approving the remaining pipeline, not just a single job Backlog
Allow A Component To Be Configured With "Minimum Licensed Tier" Backlog
Allow shortening of GitLab generated service desk email address Backlog
Feature Request: Improve Sorting of Iteration Lists on Boards Backlog
Add the ability in the UI to export a list of all projects in a group and its subgroups to a csv Backlog
Support GitLab <> GCP Workload Identity Federation Integration on Self Managed Backlog
Gitlab Email Notifications When Storage Size Exceeds a Threshold Backlog
Add email notification setting changes to audit events Backlog
Add pipeline status email changes to audit events Backlog
Add possibility to configure event_name in the System hook Backlog
Confusion around Cleanup policies for Container Registry Backlog
Add a Resource Group process_mode that functions similar to oldest_first but sorts by job_id instead of pipeline_id Backlog
SAML Authentication not working with GEO Backlog
Better handling of Rate Limited LDAP Servers Backlog
Support group archiving and unarchiving in settings Backlog
Add archived groups to 'Inactive' tab in Your Work Backlog
Alert for archived groups and their content Backlog
Add archived groups to 'Inactive' tab in group overview Backlog
Allow keeping empty commits when deleting blobs Backlog
Persistent volumes for workspaces Backlog
New audit event on the first connection of an agent with a new version Backlog
Add A cancel button to stop execution of the policy jobs Backlog
Deep Link into Project and Group Settings Backlog
Expose the commit information (author, hash, etc) in the Vulnerabilities API/GraphQL Backlog
Integrations REST API requires different arguments when setting use_inherited_setting to true Backlog
Deprecate non-nullable target field on Todo in favor of nullable target_entity Backlog
Add the ability to control who can authenticate to a group using SAML only when they have a SCIM identity Backlog
Customization for pipeline raw output background Backlog
Make deployment approvals affect jobs in downstream pipeline when the deploy job triggers a downstream pipeline Backlog
Zoekt search should implement the repo: option Backlog
Show projects in the Shared Project tab when a group has "inherited" permissions to projects from being invited to another group Backlog
Add the ability to set a project's external_webhook_token using the API Backlog
GraphQL access for badge retrieval Backlog
Support Using nodeSelector to Select Nodes for New Workspaces Backlog
Grant Developers (and GitLab Admins) The Ability to Trigger/Retry Pipelines on Protected Tags For Pipelines Triggered by Tag Creation Backlog
Provide Quick Navigation from Access Token to Bot User Backlog
Setting to allow sub-group owners to create Service Accounts on Self-Managed Backlog
Allow users to disable "Member added" notifications Backlog
Add markdown support to deployment approval comments Backlog
Security Bot Enhancement - Notify Severity Changes for Existing Vulnerabilities Backlog
Improving UX for group-level IP Filtering Backlog
Further customization of the "Keep latest artifacts" setting Backlog
Make allow_anonymous_searches feature flag available in Admin UI Backlog
Add metrics-server data to Kubernetes resource details view Backlog
Support AKS Workload Identity with Azure Key Vault secrets in a CI/CD job Backlog
GitLab for Slack notification: Include pipeline creation failure Backlog
Show the previous (successful) deployment job on the deployment details page Backlog
Show sum of issue weights when group by epic in Issue Board Backlog
Fire an audit even when the agent configuration file changes Backlog
Add "token just expired" email notification for Group and Project tokens on expiration Day Backlog
Create top level view of shared groups. Backlog
Support automatic user deletion after removal from Identity Provider Backlog
Tasks aren't automatically moved to the next iteration Backlog
Geo: Surface failure messages to items in the Replicable List View Backlog
Geo: Find the most common sync failures Backlog
Retrieve CI/CD component metadata from the pipeline Backlog
Disable Quick Actions via Email on SaaS Backlog
Add container scanning test to catch Trivy Java DB regressions Backlog
Option to Exempt Specified Repos from an Approval Policy Backlog
Add "reason" to self-revocation API Backlog
Improved support for GCP Secret Manager secrets in monorepos on GitLab for improved security and access control Backlog
GitLab Runner config.toml editor Backlog
Automatically remove users that are not part of the LDAP group on the subgroups when "Lock memberships to LDAP synchronization" is configured Backlog
Add "gitlab:packages:migrate_to_local" rake task Backlog
Create a GraphQL query for contributed groups Backlog
Add variable to control delay for DAST_AUTH_SUCCESS_IF_ELEMENT_FOUND Backlog
Support finding breaking change usage of environment.action prepare and verify Backlog
Improve tracking of revoked tokens after lifetime limits are updated Backlog
Safe, dependency aware merge train car re-ordering Backlog
Require comment when approving a Merge Request Backlog
GitLab Model Registry GA Feedback Issue Backlog
Improving the Geo UI when object storage is configured with 3rd party replication or with the same buckets on primary and secondary Backlog
Create new Kubernetes resource through UI form based on the OpenAPI spec of the resource kind Backlog
Clean up the Infrastructure as Code documentation to user Opentofu instead of Terraform Backlog
Re-structure and accordingly extend the Kubernetes integration documentation Backlog
Restrict Role access in Forked Projects to Prevent License Exhaustion Backlog
Removal of gl-dependency-scanning-report.json as an artifact in the Jobs/Container-Scanning.gitlab-ci.yml template Backlog
Select the agent context given in environment.kubernetes.agent in CI Backlog
Helper text for pipeline execution policy configuration Backlog
Add new setting to enforce WebAuthn and disable OTP for Enterprise Users Backlog
Add support for defining an expiration to license approval policy exceptions Backlog
Block creation of groups whose paths have recently been changed Backlog
SAST Semgrep support for Typescript 4.9 "Satisfies" operator Backlog
Instrument agent for Kubernetes ci_access impersonation Backlog
Support multiple namespaces on a single dashboard Backlog
Allow CI/CD job token to access Jobs and Pipelines API Backlog
Retain approval history for successful deployments after rules have changed Backlog
Add template support - Rails Backlog
Docs: Document migration from GitLab-managed cluster to GitLab-managed Kubernetes resources Backlog
Auto configure the K8s dashboard based on the stored, rendered template Backlog
Ability to configure the imagePullPolicy of the init container image (alpine/git) of the workspace pod Backlog
Add support to remove resource on environment deletion, instead of stop Backlog
Add support to apply resources on environment creation, instead of (re)start Backlog
List the related deployments on the releases list page Backlog
Geo: Replication slots to turn red when it's less than 100% Backlog
Add option to create a template in the create wiki flow Backlog
Semgrep (Kotlin) Detect SharedPreferences declaration with world-readable flag Backlog
Retrieving Object Storage Paths for Deleted Project/Group Data Backlog
Add since and before/until to GET /users/:user_id/contributed_projects Backlog
Run SAST on Spring properties and yaml files Backlog
Replace example questions in Duo Chat with something like "What questions can I ask?" to improve discovery of relevant capabilities Backlog
Add more options for customizing JWT sub claim Backlog
Add more intuitive message for disabled password authentication Backlog
when SQL is provided for customers to run, provide it as a file Backlog
Nginx-ingress will be superseded by InGate Backlog
Filter out a group and its subgroups/projects in advanced search Backlog
Display an error message if the rollback of an environment fails Backlog
Project webhook for expiring deploy token notifications Backlog
Group webhook for expiring deploy token notifications Backlog
Send an e-mail notification to group owners for expiring deploy tokens Backlog
Send an e-mail notification to project owners for expiring deploy tokens Backlog
Allowlist for service accounts Backlog
Option to change the order of pipelines displayed in merge requests Backlog
Get "group memberships" info with the enterprise users API Backlog
Allow multiple configuration for omniauth providers Backlog
When a job with environment.action: validate fails, mark the related environment as failed Backlog
Add ability to add secondary email address to Service Account on GitLab.com Backlog
Show latest pipeline on Compliance Adherence checks for SAST and DAST Backlog
Create a unified tool to generate GitLab secrets Backlog
OpenID Connect: Add support for signed JWT responses from the UserInfo endpoint Backlog
Geo Replicables List: Add ability to sort replicables in UI Backlog
Geo Replicables List: Expose Verification states in UI Backlog
Geo Replicables List: Add ability to filter by verification state in UI Backlog
Geo Replicables List: Add ability to find a record by ID in UI Backlog
Show source in the 'Pending invitations' tab in the project Backlog
Expand capabilities of Accessibility testing CI/CD feature Backlog
Authenticating with Vault for each secret even though Vault has already given a token to use. Backlog
Feature Request: Native Git Client Version Control for GitLab Admins Backlog
geo:check should verify that the node has Unique Internal URL when unified URL feature is enabled Backlog
Aggregate project CI/CD analytics panel for groups Backlog
Prevent Service Account from Locking Backlog
Search/Filter Enterprise Users by Email Address Backlog
Add "View User Details" for Enterprise Users Backlog
Allow Group Owner to Initiate Password reset for Enterprise Users Backlog
Allow GitLab administrators to view all details of a specific scheduled pipeline without taking ownership Backlog
Geo Replicables: Improve Bulk Actions Experience in UI Backlog
Geo Replicables: Explain technical details of bulk actions in docs Backlog
Instrument Adoption of DPoP Backlog
Allow any project in a user's namespace to be a user profile readme project Backlog
Allow Group Owner to migrate SSO/SCIM Enterprise user to local user Backlog
Org Mover: Double check for dropped create or delete events prior to cutover Backlog
Add admin controls to restrict public SSH key visibility for enhanced security Backlog
Geo: Add relevant links to the Single Replicable view Backlog
Migrate SSO/SCIM user to local user Backlog
Add ability to change commit and public email address via API for service accounts Backlog
Add ability to set private_profile for Service Accounts via the API Backlog
Filter vulnerabilities by validity status Backlog
Improve policy violation description on merge request overview Backlog
Add support for .gitignore style files as a source of excluded paths Backlog
Make it easier to understand how to write SAST/secrets override rules Backlog
Geo: Unblock the updating of site status even if some metrics are slow to collect Backlog
Deprecation of registry.database.{enabled, name, user, host, port, password} configuration in GitLab Chart Backlog
Enable external users to access internal-visibility GitLab Pages deployments without direct invitations Backlog
Vulnerability Explanation in the Security finding widget in the MR workflow Backlog
Add Possibility to Restrict allowed SSH key technologies for GitLab.com Backlog
NPM virtual registries: cached metadata responses and Dedicated Backlog
Ability to show unique dependencies on the Dependency list page Backlog
Add active parameter in Group::ChildrenController Backlog
Add aimed_for_deletion parameter to GroupsFinder Backlog
Allow users to delete title history on Issues Backlog
Provide REST API endpoint to list pipeline schedule variables Backlog
Allow Download of Release Evidence Files using Personal Access Tokens Backlog
Centralized Security Alert Management for customers Backlog
AI Power Web Development Platform for GitLab Pages Backlog
Overlay value stream analytics with AI acceptance rate Backlog
Allow customization of scan execution policy stage insertion Backlog
Allow admin to revoke User Support Pin Backlog
New API End Point: Epic Position on Kanban Board Backlog
Current issue / work item context unavailable to Duo Chat in the GitLab UI Backlog
Allow Pipeline Usage Quota page to filter on a weekly basis Backlog
Display all image tags in the available space in the package registry view Backlog
Broadcast Message should show for all push and pull operations on all interfaces. Backlog
Follow-up from "Geo Replication List: Shared Bulk Actions Component" Backlog
Deprecate duo_pro:bulk_user_assignment Rake Task Backlog
Send enterprise user welcome email to only active users in the group Backlog
Cascade Dependency Proxy Dockerhub Authentication Settings Backlog
Geo Replicables List: Add ability to store pagination in URL Backlog
Improve GitLab Pages Administration Experience Backlog
Ability to display maximum value from multiple jobs with coverage reporting Backlog
Ability for coverage reporting to automatically parse coverage statistics from coverage artifact Backlog
Geo Primary Verification List: Init Vue App Backlog
Geo Shared UI: Migrate Replicables List view to geo_shared Backlog
Geo Primary Verification List: Hookup geo_shared list view components to UI Backlog
Geo Primary Verification List: Hookup filters to UI Backlog
Geo Primary Verification List: Hookup API to UI Backlog
Geo Primary Verification List: Hookup actions to UI Backlog
Allow Setting readme_url for Groups via API, Supporting External Git Repository References Backlog
Geo Primary Verification Details: Init Vue App Backlog
Geo Shared UI: Migrate Replicables Details view to geo_shared Backlog
Geo Primary Verification Details: Hookup geo_shared details view components to UI Backlog
Geo Primary Verification Details: Hookup API to UI Backlog
Geo Primary Verification Details: Hookup actions to UI Backlog
Geo: Gracefully handle gitlab-reconfigure on Patroni Leader Backlog
Geo: Define upgrade process for a Patroni standby cluster for major PG versions Backlog
Add pgaudit extension to packaged database for omnibus installs Backlog
Add global tolerations in charts for all GitLab components Backlog
500s errors persist with LDAP removed but minimal configuration remains in chart values Backlog
Resource usage reports once jobs complete Backlog
Edited commit message cannot be accessed from Runner shell Backlog
The environment is too large for exec when using a window runner error being issued by find command Backlog
Detect build directory permissions before starting GitLab Runner Backlog
Add debug functionality to a runner worker pod on Kubernetes Backlog

Ultimate

Ultimate is for organizations that have a need to build secure, compliant software and that want to gain visibility of - and be able to influence - their entire organization from a high level. Ultimate features are only be available to Ultimate subscribers.

Reorder project badges 17.11
Support creating static badge images 17.11
Add sort actions to all columns in Storage view in Usage quotas 17.11
Reorder group badges 17.11
Support modification of badge text value 17.11
API for Stopping and Snoozing Scheduled Pipeline Execution Policies 17.11
Scan Execution Policy Tag Validation Fails for Certain Existing Runner Tags 17.11
New REVISION of the security report schema prevents ingestion of security reports on previous 17.x GitLab releases, breaking the expected backward compatibility 17.5
Add "Manage Protected Environments" as a customizable permission 17.9
Always generate secure scanning report regardless of success or failure 18.0
Group member access assignment to empty groups are not working when user has minimal access role 18.0
Add ability to optionally ignore dev dependencies in Yarn projects 18.0
Remove bot users from pending approval list 18.0
Remove limit CI_JOB_TOKEN access scope 18.0
Include iteration information within items on work item list page 18.0
Log connection errors with database load balancing, instead of returning nil 18.0
Deprecate sidekiq delivery method for email ingestion 18.0
Protected containers: Delete protection 18.0
Update user counts when applying a new SM license 18.0
Deprecate the Terraform CI/CD templates 18.0
Code quality report issue count does not match report 18.0
Add API endpoint for "Allow anyone to pull from Package Registry" 18.0
:mega: Feedback - GitLab Vulnerabilities Retention Policy 18.0
GitLab Secret Detection should detect Azure service principal tokens 18.0
Review access to /runners/all API endpoint 18.0
API for inactive groups and projects in a group 18.0
Commit signing for GitLab UI commits on GitLab.com 18.0
Preserve comments in the yaml when editing a security policy in the policy editor 18.0
Add "Manage Protected Tags" as a customizable permission 18.0
Support for license scanning of OS packages provided by CycloneDX SBOM report 18.0
Add a configuration option for Self-Managed to allow top-level CI group sharing 18.0
Vulnerability Report supports grouping by OWASP Top 10 2021 18.0
DAST: Add metrics to security report 18.0
Ensure archived groups cannot be transferred 18.0
Create 'archive' setting and expose it on Groups API to be checked/unchecked 18.0
When a group is marked as 'archived', appropriate alerts should be shown 18.0
When a group is marked as 'archived', appropriate badges should be shown 18.0
Backend API for the K8s dashboard tree 18.0
Clarify settings changes in Project Feature Audit Event logs 18.0
Create new section in merge request approval policy editor for non-standard modifications 18.0
[Feature flag] Enable static_licenses 18.0
Update environment detail page to use webSocket connection for the Watch API 18.0
Show why Merge Request requires approval 18.0
Compliance Center Enhancement: Display and Filter Archived Projects in Compliance Projects Report 18.0
Project archived/unarchived with API will not create an audit event 18.0
Allow user to disable using the cycloneDX report as the data source for license information 18.0
Proposal: Query advisory information via GraphQL 18.0
Resolution of MR compliance to approval_policy fails because it does not resolve scan reports on first common ancestor 18.0
[backend] Add documentation pipeline execution schedule policy schema 18.0
Last owner of GitLab.com group can be a bot 18.0
Determine if specification impacts DAST 18.0
[Feature flag] Enable security_policy_approval_warn_mode 18.0
[Feature flag] Rollout of remove_cross_join_from_vulnerabilities_projects_grade 18.0
K8s Tree View: Migrate existing view to a new backend 18.0
Add audit events for LDAP sign ins 18.0
Direct-transfer placeholder users: list Enterprise users for re-assignment on gitlab.com 18.0
Support migration from cert-based to agent-based cluster integration by automation 18.0
Implicit creation of pipelines for scan execution policy does not occur under certain conditions 18.0
Cleanup after multiple_todos feature-flag 18.0
Inform users when a SPP is being created 18.0
[Feature flag] Rollout of group_vulnerability_scanners_using_statistics 18.0
Unexpected behavior with non-default branches configured in MR approval policies for overriding settings 18.0
Document current DAST design 18.0
Define analyzer event to drive adoption dashboards 18.0
Notice: API Discovery will use branch pipelines by default 18.0
Allow group and project members to subscribe to service account pipeline notifications 18.0
Merge Request Licence Widget to align with full report 18.0
Telemetry - add the ability to tie rule type to analyzer version 18.0
Expose error "This alias has already been taken" for Slack integration 18.0
Enhance performance testing infrastructure 18.0
Announce the deprecation of the Coverage-guided fuzz testing feature 18.0
Notice: Removal of End-of-Support SAST analyzer jobs 18.0
Spike: Explore Changing Security Policy Limits Application 18.0
Create API to list archived and unarchived groups 18.0
Update settings for groups archive and unarchive APIs 18.0
17.10 Planning - Dynamic Analysis 18.0
Select the namespace with the CI context when using managed Kubernetes resources 18.0
Support migration from predefined variables to pipelines 18.0
Downstream pipeline job that uses environments with approvals is not clickable 18.0
Spike: refine performance improvements to Pipeline execution policies 18.0
Spike: Refactoring Merge Request Approval Policies with Strategy Pattern 18.0
Add OTP MFA configuration variables 18.0
Update policies list to account for a large number of policies 18.0
Security Risk Management: Security Policies 17.11 Planning Issue 18.0
Backfill pipeline execution policy enforced scans 18.0
[BE] Refactor PromotionManagementUtils to be class level util instead of instance level 18.0
Document proposed changes to DAST design 18.0
Improve Pod Status Visualization for CrashLoopBackOff and ImagePullBackOff States 18.0
Write an architecure design document for the on-demand DS service and DS using SBOM 18.0
Spike: Decide on monolithic versus composable architecture for pipeline based SCA features 18.0
Pipeline Execution Policy Custom Stages Inserted After Project Stages Instead of After .pre Stage 18.0
Handle invalid types in schedule pipeline form 18.0
Handle duplicate branches in schedule pipeline form 18.0
The CI job image for the new DS analyzer ignores the SECURE_ANALYZERS_PREFIX CI variable 18.0
Spike: Proof of Concept for Security Policy Audit Events Implementation 18.0
[BE] Add schema validation specs for pipeline execution schedule policy schema 18.0
Policy branch rules configured to require approval only on release/production are requiring approval on release/staging 18.0
Create experimental helm chart to deploy Secrets Manager backend 18.0
New merge request approval policy grammatical bugs 18.0
Approval required for all protected branches if the listed branches in the rule do not exist. 18.0
Audit grammar in PEP policy editor 18.0
Update project policy to take ancestor archival into account 18.0
Move project's archive update service to a new service 18.0
Hide or highlight features in GitLab that are not available for the product offering 18.0
clangsa-sast: implement report parser 18.0
clangsa-sast: implement analyzer configuration 18.0
Prevent relevant group policies abilities when its archived 18.0
Failing .pipeline-policy-pre stage should fail the pipeline to prevent jobs with empty needs from running 18.0
Design: [General Availability] - Detect secrets in job artifacts 18.0
Migrate API Security FIPS images to UBI9 18.0
[FE] Add form section for Stopping/Snoozing 18.0
Change 'Go back to Compliance center' to 'Go to 'Edit Framework' (or similar) button and redirect user to 'Edit Framework' page 18.0
Automatically grant access to SPP after creating a scheduled PEP 18.0
Draft: 18.0 Planning - Dynamic Analysis 18.0
Spike: Backend PoC for Centralized Security Policy Management in CSP 18.0
Spike: Prepare Architectural Blueprint for MR Approval Policy Exceptions/Bypass 18.0
Security Risk Management: Security Policies 18.0 Planning Issue 18.0
Add "Load more" pagination support for related vulnerabilities container 18.0
Remove OpenTofu CI/CD backport templates 18.0
18.0 Planning Issue - Secret Detection 18.0
[Backend] Add variable precedence controls for pipeline execution policies 18.0
[FE] Clean up pipeline execution policy code 18.0
Enable delayed deletion for personal namespace projects 18.0
Share more information about the compliance control selected when mapping internal compliance controls to requirements 18.0
New GCP Credential Type 18.0
Spike diff based scanning for advanced SAST 18.0
Make the user deactivation MINIMUM_DAYS_CREATED a configurable feature / constant 18.0
What artifacts will be scanned for secrets in job artifacts? 18.0
Update "pipeline_execution_schedule_policy" to "scheduled_pipeline_execution_policy" 18.0
SPIKE: Support SPDX license expressions in License Compliance (scanning & approval) 18.1
Retain properly attributed activity log events for expired/revoked project/group access token activity 18.1
[Feature flag] Cleanup track_semver_dialect_errors_for_cvs_in_sentry 18.1
Feature Request: Customize the 'This user is blocked' Message when logging into GitLab as a Blocked User 18.1
Add GPG Keys to group credentials inventory 18.1
Spike: Performance Testing and Optimization Plan for Merge Request Approval Policies limits 18.1
Refactor pipeline execution policy stages injection 18.1
Package Registry Guest Access Control Enhancement 18.1
Update integration tests to account for partial disabling 18.1
Batch Execution for Scheduled Pipeline Execution Policies 18.1
Geo Replicables API: Add query arguments to the Bulk Update Mutation 18.1
Set dynamic TTL for PipelineExecutionPolicies::RunScheduleWorker 18.1
Allow group owners to delete users of Enterprise Users 18.1
Time Window Policy Tuning for Merge Request Approval Policy 18.1
Move ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/branch_selection.vue into a shared location 18.1
Create new constants file from util file 18.1
[FE] Add latest pipeline information into the policy editor 18.1
Runner tag defined in scan execution policy is ignored 18.1
MR approval policy from previous parent (sub)group continues to be enforced to move projects 18.1
Security Widget contradict the security bot comment 18.1
Add Target path to Container Scanning schema 18.1
Improve error on trying to create more than max allowed Schedule PEPs 18.1
PoC: Role-Based Access Control for GitLab Pages 18.1
Removal: GraphQL dependencyProxyTotalSizeInBytes field 18.11
Remove deprecated ContainerExpirationPolicy Graphql type 18.11
Spike: Prepare Security Policies Scalability Review 18.2
SBOM based security scanning UATs - GA 18.2
Archiving a group should create an audit event 18.2
In groups with Enterprise user enabled, owner can search that group enterprise users by private email 18.2
Add OAuth Tokens to Credentials Inventory 18.2
Protected‑branch tooltip links to invalid URL when “Prevent group branch modification” Merge Approval Policy is enabled 18.2
Make Notification emails for Personal Access Token creation a configurable setting 18.3
Email Notifications for Expiring Tokens Sent to Group 'Maintainer' 18.3
The policy list intermittently shows policies from recently removed security policy project 18.3
Add pagination to dependantSecurityPolicies property 18.3
Auto disable "Pipeline Must Succeed" not clear in UI 18.3
Audit grammar in SEP policy editor 18.4
Audit grammar in Vulnerability Management policy editor 18.4
Prepare separate PolicyBranchesServices for Scan Execution Policies and MR Approval Policies 18.4
Deprecation issue: CodeClimate-based Code Quality scanning will be removed 19.0
Make pipeline mini-graph representation more useable Next 1-3 releases
extend json schema - allow directions on if and where to link vulnerability location.file Next 1-3 releases
Swap in-app healthcheck with PQL handraise Next 1-3 releases
Usage Data: Detect and report kubernetes distribution type Next 1-3 releases
Display CWEs on the Vulnerability Details dialog page for Dependency Scanning Next 1-3 releases
Add quick actions to the command palette Next 1-3 releases
Surface Lets Encrypt certificate request errors in GitLab Pages Next 1-3 releases
Allow custom CA for gitlab-workspaces-proxy Next 1-3 releases
Allow project cloner image to trust custom CA cert Next 1-3 releases
Add track_onboarding_progress for group approval rules Next 1-3 releases
VSD - Add link to VSD from the groups page Next 1-3 releases
System hook to signal Application Settings change Next 1-3 releases
UX: Communication of Clickhouse status [Optimize] Next 1-3 releases
Increase max limit of custom roles that can be created for a namespace. Next 1-3 releases
Hide model registry features with package registry disabled Next 1-3 releases
DRAFT: Consumption-based pricing for Model Registry for .com and Dedicated customers Next 1-3 releases
Proposal: Mirror chart images to external registry Next 1-3 releases
Burndown chart in issue boards Next 4-6 releases
Provide Dashboard for insight into production monitoring of applications MVC Next 4-6 releases
Download historical data for Deployment Frequency at the group level Next 4-6 releases
Extend DORA4 API support for environment name Next 4-6 releases
Comparison View For DORA4 between different production environments Next 4-6 releases
Pipeline permissions should be separate from push/merge Next 4-6 releases
UX Theme: Ensure Security teams can audit and triage their software components for risk to maintain compliance Next 4-6 releases
UX Theme: Increase Security teams efficiency when triaging their software components for policy violations Next 4-6 releases
UX Theme: Help Security & Compliance teams orchestrate 3rd party software policies to ensure compliance Next 4-6 releases
Add coverage filter to pipelines resolver/finder Next 4-6 releases
Measuring SPACE framework metrics in GitLab Next 4-6 releases
VSD - Adding business value metrics panel Next 4-6 releases
Value Stream Dashboard: Adding OKR Health status to the metrics comparison panel. Next 4-6 releases
VSA overview - Adding "change rate %" badges to the stage navigation bar Next 4-6 releases
VSA & VSD - "Flow Distribution" (Aka Task by Type) - add widgets with work type distribution Next 4-6 releases
VSD: Add "MR Rate" to the "Metrics comparative" widget Next 4-6 releases
Increase pipeline schedule limit for Ultimate plan Next 4-6 releases
Issues Analytics: Add "Total open issues" - open issues at the end of the month (Issue backlog). Next 4-6 releases
Issues Analytics - Add stats above chart Next 4-6 releases
VSA - Iteration start event for issue Next 4-6 releases
Reflect in UI that Application Statistics in Admin Area can show approximate data for values more than 10,000 Next 4-6 releases
Make the default insights.yml configurable for self-managed instances Next 4-6 releases
Convert FF "gitlab_ci_builds_queuing_metrics" to a setting Next 4-6 releases
Support custom roles on protected environments Next 4-6 releases
Additions to the DORA Metrics Dashboard Next 4-6 releases
AI Analytics - Duo usage analysis missing (Trend/Sparkline) Next 4-6 releases
Web Terminal with persistent disk Next 7-12 releases
Risk management Next 7-12 releases
Cumulative flow diagram in board Next 7-12 releases
UX Theme: Increase Security and Compliance teams confidence in the system's assessment of their application's components Next 7-12 releases
VSD - Adding "Flow efficiency" metrics - Total items completed / Items in progress ("Stream efficiency") Next 7-12 releases
VSD - Adding "Flow Load" metrics - work-in-progress across all stages ("Stream load") Next 7-12 releases
[Proposal] Use API keys to control GraphQL API access Next 7-12 releases
Deprecate scanResultPolicies GraphQL field Next 7-12 releases
Deprecate and remove workflow:rules templates Next 7-12 releases
Manage Vault secrets using GitLab UI Awaiting further demand
Autodetect Jaeger on Kubernetes Awaiting further demand
Monitor device-plugin resources in Kubernetes Awaiting further demand
Instance level Security Dashboard as an option for default dashboard Awaiting further demand
Automatically create change request ticket in ServiceNow Awaiting further demand
Revert and rollback Auto Remediation deployments in case of problems Awaiting further demand
Customer POC metrics for Secure Awaiting further demand
Ability to add selected Kubernetes clusters to Operations Dashboard Awaiting further demand
Dependency graph for the Maven Repository Awaiting further demand
Allow to set a custom label for the "undefined" serie in stacked-bar charts Awaiting further demand
Backend: id_token: Configurable expiry time Awaiting further demand
OAuth2 authentication support Awaiting further demand
Research: Use NVD's Common Platform Enumeration (CPE) dictionary for asset classification Awaiting further demand
Bulk import of vulnerability data Awaiting further demand
Manage instance-level protected branches Awaiting further demand
Global Changelog for Secure Analyzers Awaiting further demand
Design: Enhance the layout and new capabilities in the vulnerability details page Awaiting further demand
Add Package Hunter as a product feature Awaiting further demand
Make projects under a subgroup be able to view the milestones of the parent group for release tagging Awaiting further demand
Design: Explore sub-sections for the configuration page within security testing tools Awaiting further demand
Unable to view GitLab instance application logs on a single host/container install Awaiting further demand
Allow forcing vulnerability findings storage and deduplication before pipeline completion Awaiting further demand
Include scanning the wiki for secrets Awaiting further demand
Domain-based CI Job Firewall Awaiting further demand
Perforce Mirroring Awaiting further demand
Project Confidentiality Class Awaiting further demand
Geo: Allow partial, authentication-only promotion ("emergency outage mode") Awaiting further demand
Add API for Setting Vulnerability False Positive Flag Awaiting further demand
Create scoring for Health Status on Issues Awaiting further demand
Improve UI feedback for container scan results Awaiting further demand
UX Theme: Reducing the time engineering teams spend patching out-of-date components Awaiting further demand
Allow checklist task in markdown to be dragged to another list Awaiting further demand
Allow or disallow particular Runner configurations in GitLab Awaiting further demand
How to open JIRA ticket automatically based on findings in sast scan or vulnerability Awaiting further demand
API endpoint to return code coverage statistics Awaiting further demand
Subepic tag or label in epic list Awaiting further demand
Allow sequential approvals to be required before starting deployment Awaiting further demand
Coder Integration Awaiting further demand
Allow GitLab issue labels to point to a specific Slack Channel Awaiting further demand
Compare release tags from the Releases page Awaiting further demand
Use a sidebar in Commit detail view Awaiting further demand
Permit selective restore of metadata from deleted iteration cadence Awaiting further demand
Setting milestones confidential Awaiting further demand
Show number of currently assigned && opened issues when assigning issue to a user Awaiting further demand
Ability to limit protected environments to specific tags and branches Awaiting further demand
Implement Unleash API endpoints /api/admin/state/import and /api/admin/state/export Awaiting further demand
Add how users are collaborating with their peers Awaiting further demand
OKTA integration using CODEOWNERS file Awaiting further demand
Quick View for comments: Ability to view the last comment by making the comment toggleable to the last action, specifically from within an Issue board. Awaiting further demand
When Creating a Task, Automatically Increase the Weight of the Issue Awaiting further demand
[Proposal] CVE severity override for Dependency and Container Scanning - MVC Awaiting further demand
Option to have no pipelines created on merge request Awaiting further demand
Feature Request: Custom HTML Pipeline Reports with Configurable Tab Labels and Artifact Names Awaiting further demand
Add remote development workspace support for Windows/macOS Awaiting further demand
Support for hardware keys via FIDO and/or WebAuthN as a second-factor for SSH Keys to sign commits in WebIDE Awaiting further demand
Move Create Merge Request closer to commits on Compare page Awaiting further demand
Proposal: Model and represent "Assets" related to security findings or scans generically Awaiting further demand
Show the full list of added/removed vulnerabilities Awaiting further demand
Add GraphQL query to return branch creation date Awaiting further demand
Make the pull mirror interval settings more easily configurable Awaiting further demand
GitLab Status Page Change - Support OIDC Awaiting further demand
Add the ability to set access_level in Approval Rules API Awaiting further demand
Intelligent Dependency Management with AI: Dependency updates and code change suggestions (on breaking changes, etc.) Awaiting further demand
VSA settings: [UX] Value Stream inheritance within the group hierarchy Awaiting further demand
Add capability of tracking when a branch in a repo was created Awaiting further demand
Add detective functionality for catching Segregation of Duties violations in the MR process Awaiting further demand
Runner Fleet Dashboard - Admin View: Display compute minutes used on instance runners by project - full report page (capstone issue) Awaiting further demand
Spike: Prepare PoC for feature to catch Segregation of Duties violations in the MR process Awaiting further demand
Ability to restrict Runner Registration to Specific IP Addresses Awaiting further demand
Link vulnerabilities to company-specific security knowledge bases Awaiting further demand
Increase the 1,000 project limit for Security Dashboard Awaiting further demand
Warning for users who add potentially sensitive syntax into public issues Awaiting further demand
Feature: Issue submission validation Awaiting further demand
Add an allow list to Runner Registration restriction Awaiting further demand
Ability to send vulnerability reports automatically Awaiting further demand
Add full page report of compute minutes Awaiting further demand
Add chart to full page compute minutes report Awaiting further demand
Export full report Awaiting further demand
Filter by runner type Awaiting further demand
Add total minutes and total jobs single stats to full report Awaiting further demand
Filter by groups and projects Awaiting further demand
Filter by runner tag on full report Awaiting further demand
Filter by time on full report Awaiting further demand
Filter by custom time period Awaiting further demand
Display all changes between two pipeline builds Awaiting further demand
VSD: Add visualization for number of closed epics Awaiting further demand
Issue analytics: support filtering for undefined categories Awaiting further demand
Admin ability to restrict certain runner executor types Awaiting further demand
Offer xlarge hosted runner on Linux Arm for GitLab.com Awaiting further demand
Offer 2xlarge hosted runner on Linux Arm for GitLab.com Awaiting further demand
Add option to preserve MAC address of VirtualBox VMs Awaiting further demand
Allow notifications on MR approval policy Awaiting further demand
Filter vulnerabilities based on the environment they are deployed on Awaiting further demand
Provide a better interface for the vulnerability detail view for 3rd party vendors Awaiting further demand
Add possibility of continuous security monitoring of specific commits / tags Awaiting further demand
regenerate ci_jwt_signing_key when lost/removed Awaiting further demand
Allow Restricting GitLab Agent for Kubernetes to Environment Tiers. Awaiting further demand
Configure Kubernetes dashboard using annotations on Kustomization/HelmRelease Awaiting further demand
Consider adding ability to filter Security Dashboard to only display currently detected vulnerabilities instead of all activity Awaiting further demand
Mark Vulnerability Resolution code commits / MRs as AI-generated by GitLab Duo Awaiting further demand
Root Level Control on Personal Notification Settings Awaiting further demand
Add agent config to existing agent registration using the default configuration Awaiting further demand
Provide Visibility of GitLab Agents at Instance Level Awaiting further demand
Differentiate long-lived and short-lived environments Awaiting further demand
Add more flexibility in Security Policies rules (Policy scope) Awaiting further demand
Provide API/UI to add Awaiting further demand
Add regex patterns in rules section of Security Policies Awaiting further demand
Reduce the amount of RAM required for IaC Scanning below 4GB Awaiting further demand
Allow ability to lock component input values Awaiting further demand
Request for ability to add inputs to separate file and call from files Awaiting further demand
GraphQL query for security policies linked to security policy projects Awaiting further demand
Feature Request - resolve dependancy vulnerability when trigger file removed Awaiting further demand
Identify stale deploy keys Awaiting further demand
Feature request - Custom timeout for security jobs Awaiting further demand
Feature Request: Add wildcard pattern support for branch targeting in security policies Awaiting further demand
Create a GitLab + Salesforce.com connector for issues and cases Backlog
Automate the removal of inactive runners from GitLab UI Backlog
Granular permissions for Container Registry Backlog
Single page to display all runners and the build each working on for Project Runners Backlog
Pipeline analyses to find transient failure Backlog
Show current status of pods in deploy board Backlog
Disable deleting issues and merge requests instance wide Backlog
Custom fields with required validation Backlog
Configure group-level issue custom field Backlog
Director Level Management Dashboard Backlog
Editing using GitLab interface Backlog
Synthetic monitoring (production scripted testing) Backlog
Anomaly alerts MVC Backlog
Expand and collapse roadmap epic bars to show Issues Backlog
View roadmap at group level for mobile Backlog
What-if scenario planning Backlog
Undo stolen issue from epic Backlog
Detect & Alert on manual changes to Kubernetes configuration Backlog
Deploy Jaeger to connected Kubernetes cluster Backlog
Scan code for licenses not declared in dependency files Backlog
Run Git hooks in Web IDE Backlog
Pod View Backlog
Node View Backlog
Node and Pod summary views Backlog
Burndown chart with stacked lines in boards Backlog
Add CI variable to indicate job was a rollback Backlog
Planning Breakdown: Update documentation for Dependency Scanning to work with private registries Backlog
Time analytics line chart Backlog
Time analytics integrated into board Backlog
Broaden Kubernetes pod log access Backlog
Gather Merge Request related to Pipeline via API Backlog
Notify users when a vulnerability fix is automatically merged Backlog
Store history of deleted/edited comments in database Backlog
The "Shared Runners pipeline minutes quota" feature is not tied to a license Backlog
Binary Authorization MVC Backlog
Multiple VSM line charts and bar charts per page Backlog
Discussion thread in board Backlog
Test run object (or issue verification object generally) Backlog
Benefit-weight ratio (WSJF in SAFe) visualization Backlog
Option to enable Binary Authorization in new GKE clusters Backlog
Epic cost, benefit, ROI fields Backlog
Custom workflows - Issue display Backlog
Custom workflows - System notes Backlog
Planning epics with WSJF in SAFe (benefit-weight ratio) Backlog
Show individual file history in code analytics Backlog
Show commit/LOC history for individual files Backlog
Specify minimum number of approvals for default branch Backlog
Automatically notify and update dependencies Backlog
View Access to Managed License of CI/CD settings of Project(Privilege escalation) Backlog
Calendar showing issues on issue due dates Backlog
Ensure security features can be tested in GitLab review apps Backlog
Follow up "Open Web Terminal from attached CI runner in Web IDE" Backlog
Detect and mark unknown components with no security data available Backlog
Disable patch creation via environment variables Backlog
Fully unattended Auto Remediation Backlog
Check if a vulnerable component is really used by a container Backlog
Support multiple Auto Remediation patches when applying a vulnerability solution Backlog
Add an optional reason when approving/denying licenses Backlog
Backend: Organize and define behavior of jobs templates to be included Backlog
Dependency Scanning fails to find nodejs vulnerability Backlog
Implement Snippet Matching (open source code fragment reuse) Security Scanning Backlog
Backend: Use CI/CD UI variables to define parallelism Backlog
List by name/path detected but unsupported dependency files in Dependency List Backlog
Integrate Auto-dependency update into GitLab AutoDevops Backlog
Time boxed Engineering Discovery: Dependency List: Show when a component is out of date Backlog
Include classification to license name in dependency list Backlog
DISCOVERY: Provide Dashboard for insight into production monitoring of applications Backlog
Backend: Rollout limits for directed acyclic graph on gitlab.com Backlog
[Container Scanning] Add information about image name Backlog
Optimize checksumming of Object Stored Packages Backlog
Add an option to ignore failure when dependency scanning has nothing to do Backlog
Allow blocking / denying by library name Backlog
Poetry's pyproject.toml support for Dependency scanning Backlog
Discovery: display license obligations in UI Backlog
Prevent merge on code quality degradation Backlog
Dependency scanning for Yocto/OpenEmbedded Backlog
Backend: Removing user access to Shared Runners UI Backlog
Automate dependency updates for gemnasium-maven-plugin Backlog
Proposal: Dependency scanning Auto Remediation for Rails Backlog
Browsable Code Quality report Backlog
Discovery, Auto-remediation: auto-merge merge request with fixes Backlog
Add GitLab license to license compliance check Backlog
Add out of date issues to the unscanned projects widget on the group security dashboard Backlog
Included projects with failed security jobs in unscanned projects widget on the group security dashboard Backlog
Create an issue from the code quality report Backlog
Make convert function of Analyzers Common Library more generic Backlog
Auto Remediation: auto-merge the auto-created merge requests Backlog
Container Scanning: Allow configurable allowlist path Backlog
Support Ruby Gems gemspec.yml in dependency scanning Backlog
Limit access to the instance security dashboard Backlog
Release Efficiency Dashboard Backlog
OPA (Open Policy Agent) integration Backlog
Use dumb-init for all Docker based analyzers Backlog
Elixir/Erlang Support for Dependency Scanning Backlog
Document a standardized OWASP category in the vulnerability identifiers array Backlog
Use a consistent HTTP status code for authorization failures in /projects/dependencies Backlog
Group npm dependencies by scope Backlog
Analytics for financial planning and accounting Backlog
Toggle Children Epics and Issues to Confidential Backlog
Do a proof of concept then break down next steps: Leverage SAST to improve accuracy of Dependency Scanning Backlog
Move Auto-Remediation out of the Dependency Scanning job Backlog
Extract interpreter, compiler name and version, to check for vulnerabilities (Gemnasium) Backlog
Link Jupyter Hub Notebooks for Releases Backlog
Report exact location of vulnerable npm module installed during dependency scan Backlog
Add dependency scanning for Clojure projects Backlog
Enforce project creation from group or instance templates Backlog
Provide users a way to enable HTTPS certificate monitoring for a GitLab-hosted application. Backlog
Periodically run a scan on the given URLs to check the status of their certificates Backlog
Provide notice to users if a certificate is invalid or expired. Backlog
gemnasium-python fails to install psycopg2 (Dependency Scanning) Backlog
Awareness of Type of license Backlog
Infer Advisories for Forks from Parent Projects Backlog
POC - Add variable to ignore dev. dependencies in License Scanning Backlog
Document multi-image container scanning Backlog
Make the override settings of the Secure features more clear Backlog
Report on difficulty of dependency upgrades Backlog
Validate License-Check earlier in the pipeline Backlog
Short Message Service (SMS) notification Backlog
Evaluate work for a python 3 only image for license scanning Backlog
Evaluate work for a python 3 only image for dependency scanning Backlog
Support multi-year releases Backlog
Parse Security and License Compliance reports after CI job is finished, not when Pipeline is completed Backlog
Project level Test Result history for default branch Backlog
Investigate supporting "golden files" for analyzer unit tests Backlog
Remove Security traits from Core Build factory Backlog
Show projects that include security bot (suggested solution feature opted-in/active) Backlog
Customize Default View for Project Overview > Details Backlog
Regression testing for vulnerability DB of gemnasium, retire.js Backlog
API Fuzz testing in AutoDevOps Backlog
Add Release Evidence detail to the chain of custody export Backlog
Optionally generate a tamper-proof chain of custody csv report Backlog
Allow user to specify opt-in/out setting for suggested solution per scan type Backlog
Provide more details when creating an issue for a container scanning finding Backlog
Extend Post Deployment Metrics support to Kubernetes Metrics Backlog
Extend Post Deployment metrics to support Canary metrics Backlog
Add scanner name, version and URL to finding display - Parse and expose properties to the API Backlog
Use the Dependency Firewall to flag suspicious packages downloaded from npmjs.org Backlog
Allow to filter vulnerabilities by image name on the project dashboard - Backend Backlog
Container Scanning - Enable scan of multiple images Backlog
Problem Validation: Progress Secure Report Format schemas beyond release-candidate Backlog
Consider a unified component section Backlog
Promote usage of Common library to integrate Security scanners Backlog
Provide a risk data for dependencies based on a number of factors Backlog
API Fuzz test Rails code in GitLab Backlog
Trigger integration notification when Secret Detection identifies secret in repository Backlog
"Freeze Environment when its target environment gets an alert Backlog
State the cancel pipeline reason n the Jobs page in case an incremental rollout was stopped due to error rate threshold Backlog
Connect post deployment monitoring to AutoDevOps Backlog
request to add Dep (Golang) support to Dependency Scanning Backlog
Technical Research: Fuzzing of non-instrumented apps Backlog
Allow to filter vulnerabilities by image name on the group dashboard Backlog
Allow to filter vulnerabilities by image name on the instance dashboard Backlog
Allow to filter vulnerabilities by image name on the pipeline security tab Backlog
Allow to filter vulnerabilities by image name on the MR view Backlog
Resource group that spans multiple jobs in a pipeline Backlog
Design: Track and Display Vulnerability Remediation Time Backlog
Roadmaps: Filter by release Backlog
how to handle artifacts differently when they will exceed the limit Backlog
Add cancel rollout button to the alerts page Backlog
[blocked] Use existing deduplication logic in dependency list to remove duplicated vulnerabilities Backlog
Expose PersonalAccessTokens via GraphQL Backlog
Adapt Vulnerability page for Dependency Scanning findings Backlog
Rename SCA into Compliance Backlog
Use unified affected ranges in Gemnasium Vulnerability DB Backlog
Add admin impersonation tokens to the credential inventory Backlog
Inform users when a publicly known widespread issue is present in their project Backlog
Make common's update_analyzers job create branches with predictable names Backlog
Use set -ex in RUN command of Dockerfile, in analyzer projects Backlog
Coverage guided fuzzing - C# language Backlog
Rework permissions for Security Configuration page Backlog
Make update_analyzers job assign MRs it creates (analyzers/common) Backlog
Add security report version parsing usage metrics Backlog
Allow users to assign labels to Requirements Backlog
Host asdf compatible java versions locally Backlog
Replace Gemnasium Maven plugin with mvn dependency:tree Backlog
Secure analyzers don't debug CLI commands before they complete Backlog
Discuss implications of multiple PIP_REQUIREMENTS_FILE implementation Backlog
Show path to any dependency, and not only vulnerable ones Backlog
Show all paths to a vulnerable dependency Backlog
Publish JUnit integration for API Fuzzing Backlog
Update MRs of Secure analyzers to show they've been released, deployed Backlog
Feedback issue: Add additional Dependency Scanning Package Manager Support Backlog
Provide vulnerability remediations for npm projects Backlog
Provide vulnerability remediations for PHP Composer projects Backlog
Allow users to set work in progress limits on the number of epics per list Backlog
Allow users to add one or multiple preexisting epics to an epic board Backlog
Vulnerability identifiers list always triggers security approval Backlog
Pin Composition Analysis tools and analyzers to the minor version Backlog
Show code coverage by file/package in a project Backlog
Remove issue.Scanner and issue.Category from analyzer projects Backlog
Add Support for Specific Directory Specification for Dependency Scanning Backlog
Remove scanner, category fields from vulnerabilities, in Security reports Backlog
Add the ability for a user to test their API-based approval rules Backlog
look at https://clearlydefined.io/about Backlog
Coverage-guided fuzz test crash reproduction binaries Backlog
Design: Display vulnerabilities by age in security dashboards Backlog
MS Licenses are shown as URL's Backlog
Extend the Secure Report Format to allow multiple scanners generating a single scan Backlog
Add JIRA change ticket ID to chain of custody report Backlog
Add an instance-level setting to require Jira association in Merge Requests Backlog
Add Pre-Compile flag for License Scanning Backlog
Add Pre-Compile flag for Dependency Scanning Backlog
Capability for GitLab CI/CD to sign artifacts Backlog
Tests that changed most by execution time in Test Summary Widget Backlog
Send emails for vulnerability notes Backlog
Discuss: Gemnasium scanning multiple files - new architecture Backlog
enable removal of Self-Hosted Instance Level software_licenses table contents by users Backlog
Discovery: calculate and note database size related to license compliance Backlog
Add Deploy Tokens to the Credential Inventory Backlog
UX: Add the ability to create Jira issues within GitLab Backlog
Enforce go struct field comments in go lint job of secure analyzer.yml template Backlog
Refactor credentials inventory structure Backlog
GraphQL: mutation to import Requirements Backlog
Report gemnasium-gradle-plugin version in gemnasium-maven logs Backlog
Insert gemnasium-gradle-plugin version into gemnasium-maven project when building Docker image Backlog
Host Git-based Dependency Scanning vulnerability databases entirely on GitLab.com Backlog
Select projects to get data / display with a specific coverage value Backlog
Check protected branches of Secure Test projects Backlog
Remove all unprotected branches from Secure test projects Backlog
Close old open MRs in Secure test projects Backlog
Discovery - Engineering Research: Consider changing how dependency_scanning sets dependencies: [] Backlog
Auto-Remediation - Show available solutions in Project Security Dashboard - Add filtering capability - Documentation Backlog
Auto-Remediation - Show available solutions in Project Security Dashboard - Add filtering capability by "With Auto-fix solution" - Frontend Backlog
Show project average coverage on the project coverage graph Backlog
Show multiple coverages over time on the project coverage graph Backlog
Link fixed vulnerability to project release Backlog
Add Trigger Tokens to Credential Inventory Backlog
Track unique users who see Code Quality Notices on the MR Diff with usage ping Backlog
Add "clean up policy" to corpus management Backlog
Add sort feature to corpus management list Backlog
Build Secure analyzer images using Docker BuildKit Backlog
Add a resolve Jira Association button to Merge Requests Backlog
Improve de-dup and display of related dependency scanning findings Backlog
Better inform users about depth of search and skips in dependency scanning Backlog
Continuous Fuzz testing - Allow user setup environmental variable during continuous scan creation Backlog
Add configuration option for when a Vault (or other secrets manager) is enabled on a project, a user cannot add CI variables. Backlog
DESIGN: Support To-Dos in vulnerability details Backlog
In product guidance for auto rollback from Alerts page Backlog
Provide artifact expiration time to frontend for API Fuzzing Backlog
Add brief description of how License Compliance detects licenses Backlog
DESIGN: Vulnerability comment enhancements Backlog
[design] next iteration - add config to enable /disable Backlog
[Design] On-Demand Dependency Scans MVC Backlog
Optional Admin Approval - Specify Admins to Approve Backlog
Track changes to existing vulnerabilities when scanners update definitions Backlog
Service Desk: retain name from the e-mail header Backlog
Present the number of rollbacks that were done from produciton Backlog
Warn about Dependency Scanning variables not covered by integration tests Backlog
Fuzz corpus management: Add drag-and-drop for uploading new file - version 2 of file upload Backlog
Add revoke and delete button to GPG keys view in the Admin Credentials Inventory Backlog
Add delete button to GPG keys view in the Admin Credentials Inventory Backlog
Deploy tokens to have read/write access to Artifacts Backlog
display security and compliance scanner output for triage upon catching non-zero exit codes Backlog
Support passing lock files from build job to Dependency Scanning job Backlog
Track coverage per team in one project Backlog
How to handle secrets in API Security reports and assets Backlog
Add more frequent mirroring on Gitlab.com for higher tiers Backlog
SCIM Support for PingFederate Backlog
Add comments about un-documented variables to Security CI templates Backlog
Improve transparency in the MR security widget loading message Backlog
MVC: Templates Subdirectory for Partner Managed CI / CD Integrations Backlog
Fuzz corpus management - Add more details to corpus management page - crash % & coverage Backlog
Remove duplication from secure analyzer Dockerfiles Backlog
Technical Discovery: Migrate away from user direct editing in pipeline yml for secure analyzers Backlog
Vulnerability Report option to view tags Backlog
Vulnerability Report diff view between two branches or tags Backlog
Add tests for noexit in the py lib's session_setup for API Fuzzing Backlog
Implementation: Iteration 1- Inform user about price(pipeline minutes) when we introduce continuous fuzzing Backlog
Implementation: Iteration 2- Inform shared-runner-user about price(pipeline minutes) when we introduce continuous fuzzing Backlog
Group Level - links to project level CI/CD Analytics Backlog
Download historical data for Deployment Frequency at the project level Backlog
Support RSA SecurID as a form of two-factor authentication Backlog
🎨 Design: Show user the findings ONLY from the scan user just run (Continuous fuzzing) Backlog
🎨 Design: show num of findings in on-demand(continuous fuzzing)scan list page Backlog
🎨 Design: notify user about corpus needed to be cleaned up Backlog
🎨 Design: Description for corpus Backlog
🎨 Design: easy way to link between corpus and target Backlog
🎨 Design: clarify definition of code coverage Backlog
🎨 Design: Upload multiple files Backlog
Test SECURE_LOG_LEVEL environment variable for Dependency Scanning Backlog
Test SECURE_ANALYZERS_PREFIX environment variable for Dependency Scanning Backlog
Docs feedback: Dependency Scanning section missing DS_MAJOR_VERSION variable setting Backlog
Check compatibility of Dependency Scanning with latest versions of supported package managers Backlog
Group SAML - Check SSO status on API activity and direct user to SSO Backlog
Allow group owners to define PAT expiration for scoped tokens Backlog
Make group-level PAT expiration enforcement optional Backlog
Allow group owners to define an SSH key expiration Backlog
Add IP allow/deny listing to credential inventory for SaaS Backlog
Add IP allow/deny listing to credential inventory for self-managed Backlog
Add API to let group owners list PATs scoped to their group Backlog
Add a group-level setting to require Jira association in Merge Requests Backlog
Generate notification emails for documentation Backlog
Apply consistent defaults to Web IDE and Single File Editor Backlog
Verify if lock file matches dependencies declared Backlog
Add Ability To Remove or Change Redirects Created When Changing Namespace Paths Backlog
Import SPDX licenses on a newly installed GitLab environment Backlog
Group Sync using SCIM for GitLab.com Backlog
Dependency Scanning of Pipfile.lock without installing project dependencies Backlog
AutoDevOps: Make final values.yaml available as a CI job artifact when customizing values for Helm Chart Backlog
Restrict Group and Project Membership Backlog
Allow CI Reports to be Namespaced to support monorepos Backlog
Edit User for Enterprise Users Backlog
Upgrade asdf to 0.8.0 in License Finder Backlog
Docs: Document troubleshooting process for License Finder Backlog
Add filtering by user access to the DeploymentsFinder Backlog
Deploy keys credentials inventory - backend Backlog
Deploy keys credentials inventory - remove On suffixes from column headers Backlog
Deploy keys credentials inventory - frontend Backlog
Subgroup & Member events Group Webhook - Add audit tracking information Backlog
Create a landing page for pages Backlog
Proposal: Add new metrics for pipelines and jobs and export metrics to OpenMetrics format (ideally) or Prometheus Backlog
Allow multiple SSO providers within a Group Backlog
Minimal Access role to Free Backlog
Explicitly document supported versions of package managers and file formats for License Compliance Backlog
Bazel support inside gitlab-cov-fuzz Backlog
Enable API Fuzzing and DAST API to generate sample data for XML from OpenAPI spec Backlog
Improve error handling for fetching API fuzzing scan profiles Backlog
Remember users tab after page refresh Backlog
Group Webhook for Subgroups - Update Backlog
Scan generic packages uploaded to the registry for known vulnerabilities Backlog
Automate the tagging and labeling of issues created from security vulnerabilities Backlog
Remove workaround in gemnasium-gradle-plugin for making Dependency Scanning work Backlog
Implement Countermeasures to "dependency confusion" in repositories Backlog
Project level Release Metrics Backlog
Add Gradle support to Fuzz Coverage Backlog
Optionally permit notification emails to spoof primary email address of the user who triggered the notification email Backlog
Suppress no-password-message alert for iAP-authenticated users Backlog
Metric: Establish the prevalence of "before script" use by customers (including) self hosted who use secure Backlog
Domain verification - Add domains Backlog
Domain verification - Verify domain Backlog
CWE-918 Server-Side Request Forgery (SSRF) for DAST API Backlog
CWE-79 Persistent XSS for DAST API Backlog
Expand Gemnasium-maven supported Java Platform gradle plugins Backlog
Document usage of before_script in Dependency Scanning jobs Backlog
Test Execution Summary Data for projects - internal end point only Backlog
Investigate the relationship between Feature Flags and Issues inside of GitLab Backlog
Add Sort functionality to the Feature Flag list view Backlog
Change the Feature Flag list view to show Environments Backlog
Add a popover to the Environment UI for the Feature Flag List view that describes related strategy information Backlog
Update the Feature flag list view UI to use a complex list instead of a table. Backlog
Add metadata to the Feature Flag List View (To Be Broken Down) Backlog
Add a delete feature flag button to the Detail View UI Backlog
Upgrade the Feature Flag Name to title size in the Feature Flag Detail UI Backlog
Create a tabbed navigation structure inside of Feature Flags Detail UI Backlog
Add markdown support for Feature Flag Descriptions Backlog
Introduce an info bar to the Feature Flag detail view Backlog
Cleanup the user interface for Feature Flag Strategies Backlog
Add a history and discussion section of the Feature Flag UI Backlog
Improve discoverability of "Create new board" Backlog
Look at what these OSS POCs provide and effort to bake into CE+ - also does it feed into risk metric for EE? Backlog
Show 30/90 day diff in group code coverage data Backlog
Allow Dependency Scanning to analyze maven projects without the install step Backlog
Only share user profile to connected users Backlog
Dependency Proxy - how to effect a migration to object storage? Backlog
Zero-downtime updated for a Gitaly cluster on secondary Geo site cause read-only repositories Backlog
Comparative view (Benchmark) of DORA4 metrics for SM users Backlog
Build Protocol Fuzzer Community Edition in GitLab CI Backlog
Vulnerability report should use relative links if ANALYZER_TARGET_DIR is set Backlog
Elaborate on potential data loss when transferring project to another namespace Backlog
Expose issue links widget for Requirements and Test Cases Backlog
Allow Auditor users access to all Vulnerability Management features Backlog
Protocol Fuzzer Community Edition Repo Cleanup Backlog
Support Gradle root project with custom buildFileName in Dependency Scanning Backlog
Update ApproversSelect to use GlSearchBoxByType and remove the jQuery and Select2 dependencies Backlog
🎨 Design: DAST Site profile: Header addition redesign Backlog
Show Dependency Scanning info in file view Backlog
Release Frequency Metrics Backlog
Non-Standard Release Frequency (Unplanned) Backlog
Introduce Keyword for rollback for Helm K8s Backlog
Support Archive Feature Flag Backlog
Reuse dependency graph in Gemnasium codebase Backlog
Auto-Remediation - Show available solutions in Vulnerability Report - Add filtering by auto-fix solutions [backend] Backlog
Consider NuGet's Native Vulnerability Scanner for Inclusion in SAST for C# / NuGet Backlog
License Finder should change the way it installs pip Backlog
Create vulnerabilities by age wrapper chart component Backlog
Add vulnerabilities by age chart component to Project Security Dashboard Backlog
Add vulnerabilities by age chart component to Group Security Dashboard Backlog
In product guidance for groups with no releases detected Backlog
Add vulnerabilities by age chart component to Security Center Dashboard Backlog
Allow for Group Level Review Apps as a Service Backlog
Validate web-UI-relevant push rules before user submits input (commit message, branch name, etc.) Backlog
Add a potential cost savings dashboard for CI Backlog
Create a way to add custom licences to the Add Licence dropdown Backlog
Migrate outbound connections to SslStream Backlog
Browserker should crawl navigations in the order they were found Backlog
Expose vulnerabilities by age in Project Security Dashboard Backlog
Technical Spike: Security Dashboard - quickly load Vulnerabilities for Groups and Instances Backlog
Update Resolvers::VulnerabilitiesCountByAgeResolver to handle Group and Instance-level Vulnerability count queries Backlog
support gradle auto remediation Backlog
support maven auto remediation Backlog
Investigate supporting golang auto remediation Backlog
investigate python auto remediation support Backlog
Return a user's instance access level in API payload Backlog
SSO enforcement should redirect unauthenticated users to SSO signin page when visiting a private Pages project Backlog
Dropdown selector to change data grouping between "Day" and "Week" for Lead time for MRs chart Backlog
Refactor approval rules form to move the context out of the form itself Backlog
Select multiple vulnerabilities like gmail Backlog
Add project event to group & subgroup webhooks Backlog
Project Code Quality Graph Backlog
Design: Scanner job status widget on Project Security Dashboard Backlog
Update very outdated Dependency Scanning report fixtures Backlog
Refactor Navigation creation to use functional options Backlog
Extend DORA4 API support for a specific environment name Backlog
Have a different welcome message for ssh connections with deploy keys Backlog
Microsoft Teams Bot Integration Backlog
GitLab runners should support clone over ssh Backlog
Prevent non-compliant dependencies from being proxied with dependency proxy Backlog
Determine impact of downgrading tier for epics and multi-level epics Backlog
Collect Release Evidence through Release-CLI Backlog
Set target for graphs Backlog
Discussion: How could we leverage the new cascading setting option? Backlog
Features to reduce false positives in security scanners Backlog
Provide customizable "Terms of Service" for Groups Backlog
Introduce consolidated object storage for backups to enable encrypted S3 buckets for backups Backlog
Extend CI_PIPELINE_SOURCE values to distinguish between a git push and a rebase Backlog
Optimize order of auto-remediations for Dependency Scanning Backlog
Mixed log levels in Secret Detection job log output Backlog
Deny-list support for Geo Selective Sync Backlog
Dashboard for Feature Flag Usage Backlog
Enable any user to delete an epic Backlog
Allow setting different tags for different environments on runners installed from a single cluster management project. Backlog
Include an X-Request-Id in outgoing requests Backlog
Provide option to disable Project Access Tokens at the instance level Backlog
SCIM Block/Unblock for Enterprise Users Backlog
Add ability to lock Epics Backlog
SAST / Secret Detection configuration UI should handle the case when the repo is empty Backlog
Show CodeQuality annotations inline in WebIDE Backlog
Group Code Quality report Backlog
Report gitlab-runner job activity Backlog
Modernize API Security python library Backlog
Default to "Quick-10" profile for API Fuzzing Backlog
Remove remote job code from API Security Backlog
Remove remaining portions of rest api authentication code Backlog
Ability for User groups to Subscribe to Issue Labels Backlog
Skip dismissed vulnerabilities during Auto Remediation for Dependency Scanning Backlog
Status checks API does not return duplicate value errors on update Backlog
Check feature category assignments for the Threat Insight group Backlog
Support fuzzing ECMAScript modules with jsfuzz Backlog
Follow-up: Generate the branches list for status checks form once and save in the store Backlog
Remove sub-faults and instead produce multiple unique findings Backlog
Track Browserker vulnerability findings in the outputted Secure report Backlog
make Audit Events track when group is invited as a member of group/project Backlog
Include merge request details in Pipeline API Backlog
Batch create todos Backlog
Add Filter functionality to the Feature Flag list view Backlog
Runner Fleet Dashboard - Admin View: Runner Compute Costs Backlog
What do we want to do with dismissed and un-dismissed vulns & Auto Remediation? Backlog
be more efficient with Auto Remediation calculations Backlog
List dependency updates in MR Backlog
Add scanner name with version and definition version to the Merge Requests and Pipeline Backlog
Adding the option of Audit logging for Gitlab's Advanced Search Backlog
Improve visibility of CI/CD variables Backlog
Search commits based on LDAP name Backlog
Allow scanner to receive external requests to perform assertions in API Fuzzing and API DAST Backlog
Documentation update - Clarify Dependency Scanning behavior when project doesn't have a lockfile Backlog
Improve Dependency Scanning behavior when project doesn't have a lockfile Backlog
Dependency Scanning scans multiple Python projects in monorepos Backlog
Make Projects::LicensesController use query cache when retrieving builds the second time around Backlog
Investigate better way to fetch pipeline for Dependency and License list Backlog
Suggest similar vulnerabilities Backlog
Option to disable LDAP auto-create users Backlog
Add search to Profile Activity Backlog
Separate user activity by type Backlog
SAST for IBM z/OS: PL/I (and Cobol) Backlog
Using merge trains with Jenkins pipelines Backlog
Replace "yes"/"no" Confirmation Modal with "type group/project name" when Deleting as Admin Backlog
Handle remaining of Usage Ping metrics from license_management to `license_scanning Backlog
Remove ci_max_artifact_size_license_management column in the plan_limits table Backlog
allow grouping / bucketing of dependency findings Backlog
Move cluster management project form under integrations Backlog
Add Evidence section and fields to "add manual vulnerability" page Backlog
DAST callback service endpoint Backlog
improve data available for troubleshooting purposes Backlog
Generate callback checks from YAML payload Backlog
License Compliance for C/C++ using vcpkg Backlog
Make image integration tests part of the Secure QA Process Backlog
SSO enforced on git activity: only top-level group owners should be able to bypass this with Private Access Token Backlog
Update compliance framework label instances to use GlLabel style Backlog
Check semgrep rules at initialization time and error out if incorrectly formatted Backlog
Add updated_at period_field to Insights Backlog
Remove rules:exists from Dependency Scanning jobs Backlog
Enable a way for GitLab to confirm that issue exists in Jira before hyper-linking a string in the issue title or merge request title Backlog
Discovery: Full viewport modal detection Backlog
Email users when account deactivated by DeactivateDormantUsersWorker Backlog
Conditionally email users when their account is blocked Backlog
Create a global Dependency Scanning variable to allow file-only fast scans vs built longer scans Backlog
CodeBeamer Integration Backlog
Reflect Deleted Branches and Tags as well as closed MR's in Downstream GitLab Pull Mirror Backlog
Add the ability to delete users that were deprovisioned via SCIM Backlog
Dependency Path Step 1: add text path info to vulnerability detail page Backlog
Dependency Path Step 2: add full graphs to vulnerability detail page Backlog
Dependency Path Step 3: add additional info to the graph Backlog
Auto-Remediation - Show available solutions in Vulnerability Report - Add filtering by Merge Requests Backlog
Auto-Remediation - Show available solutions in Project Security Dashboard - Add filtering capability by "With Merge-Request" - Frontend Backlog
Support dynamic counts from checks Backlog
Allow setting squash settings instance wide Backlog
Allow target dir and configuration name to be customizable in sbt dependency scanning Backlog
Allow scanner to accept an arbitrary value for a project's location Backlog
Implement a Whitelist approach to the License-Check rule. Backlog
Update last_activity_on for container registry access Backlog
Breakdown the specifics for pipelines in the compliance report Backlog
Replace downstream pipelines with child pipelines in Dependency Scanning analyzer projects Backlog
Improve flexibility of inherited permissions in groups Backlog
Show a test case in a review app Backlog
API endpoints to update attributes of a group invited to a group or project Backlog
Retire analyzer fails with no explanation (Dependency Scanning) Backlog
Track source of license information provided by License Scanning Backlog
UI pattern for flags on vulnerability detail pages Backlog
Detection job to control images of the Dependency Scanning jobs Backlog
GraphQL end point for Latest Project Test Summary Data Backlog
GraphQL end point for Test Coverage data Backlog
Visual alert on Project Quality Summary passing a negative threshold Backlog
Investigate and improve performance of Projects::PipelinesController#licenses Backlog
Investigate and improve performance of Projects::DependenciesController#index Backlog
Automatically Associate Tags/Releases with Pipelines Backlog
[DevOps Adoption] Add totals line to "trend over time" graph Backlog
[DevOps Adoption] Show percentage on hover over "trend over time" TOTALS LINE Backlog
[DevOps Adoption] Show percentage on hover over "trend over time" COLUMNS Backlog
Re-enable SaaS Internal visibility and scope to Organization Backlog
Remove support for parsing legacy DAST JSON reports Backlog
Follow-up from "GraphQL Vuln Modal: Add solution and report-type" Backlog
Migrate requirement policies to Issue policies Backlog
Include commit discussions in export/import Backlog
Artifact scanning for JAR files Backlog
Speed: Optimize logging on hot-path Backlog
Android Support - License Scanning Backlog
Convert HIPAA project template issues into requirements Backlog
Static Project URL Backlog
New Audit Event: Pipeline created Backlog
Use MathJax instead of KaTeX Backlog
Update Mutations::Vulnerabilities::Create to accept a Vulnerability location Backlog
Feature Request: Ability to close Jira issue on non default branch Backlog
Dependency Scanning findings should include line number Backlog
Add Additional Link To Vulnerability Report That Brings User To FIRST Commit Where The Secret Was Introduced Backlog
[DevOps Adoption] Allow users to customize which features are displayed Backlog
Close dependency scanning finding automatically based on rules Backlog
License Finder cannot analyze maven projects with versions of java that are not pre-installed Backlog
forking a repository within the same group only possible through the API Backlog
Add support for running DAST scan on android applications Backlog
Admin-controllable Encryption for Downloads Backlog
Run Dependency, SAST, and Secret Detection Security Scanning within Developers IDE Backlog
Improve vulnerability triage by leveraging codeowners Backlog
SAST for PowerShell Backlog
Speed: Rewrite networking code to use System.IO.Pipelines Backlog
Job/Pipeline logic to correctly handle temporary loss of gitlab runner orchestrator Backlog
SAST Support for 1C Backlog
Before exporting a project, run GitGarbageCollectWorker with prune Backlog
Make sure to record specific lock file (source) of dependency Backlog
UX Research - Make state of approval more clear Backlog
soften (permit circumventing) license approval Backlog
Advanced search - authenticate with Elasticsearch instance via client certificates Backlog
Add a view all Boards with Recent at the top Backlog
Display "Start" date for repeating on-demand DAST scans Backlog
Choose NameID format of the request on GitLab.com. Backlog
Display pipeline deletion allowed status to compliance framework page Backlog
Alert users on GitLab.com to rotate old Oauth secrets Backlog
Add graph exports to job artifacts when Gemnasium fails Backlog
Part 1 - Corpus Management more info - add additional columns Backlog
Part 2 - Corpus Management more info - add row expansion Backlog
Run on-demand DAST scans without saving : Backend (Iteration 1) Backlog
Improve efficiency of configuring Jira issue creation from vulnerabilities at scale Backlog
Run on-demand DAST scans without saving : Backend (Iteration 2) Backlog
License Scanning doesn't handle gradle subprojects Backlog
🎨 Design: Search and filter on-demand scans list Backlog
Support Arm hardware for Coverage Guided Fuzz Testing Backlog
Detect system time zone and prompt user to change their time zone preference if it is different Backlog
Use unique temporary location for copying backup files before they're tar'ed while creating backups with STRATEGY=copy option Backlog
Allow setting of group pipeline quotas threshold for Buy more pipeline minutes banner appear Backlog
Simplify DS QA job by using inherited variables Backlog
Create a new issue button to prefill the correct Jira project id Backlog
Filter data on Project Quality Summary by pipeline Backlog
Rename sast_fp_reduction to be generic for all scanners Backlog
Support for Shallow Forks Backlog
Dependency Scanning Support for Bazel Backlog
License compliance scanning feature for Dart projects using pub package manager Backlog
utilize new "no link" schema variable in frontend Backlog
Explore security alerts/hygiene area for projects Backlog
DESIGN: how does backend need to modify to always make reports Backlog
Gitlab code viewer should enable devs to click through to other classes within the same repository Backlog
VSA: Support Jira issues Backlog
Editing release notes should generate "Activity" and Audit Events Backlog
Inform user about the role of OAS validation in preventing crashes Backlog
DAST engine stats output of nav_action_count is misleading Backlog
DAST authentication should support a secondary username field Backlog
Scalable bulk data export Backlog
Option to see and remove a user from pipeline status integrations mailing list Backlog
Make Gemnasium scan, report Sbt dependencies of all scopes Backlog
Add warning to subgroup settings when project sharing with a group is disabled Backlog
Add warning or hide Groups from Project members page when project sharing with a group is disabled Backlog
Default new users to be "watchers" of an issue tracker Backlog
Feature proposal: webhook triggers for protected branch and MR approval changes Backlog
Implement Double Submit Cookie Sessions to mitigate simple session hijacking methods Backlog
Notify SCA BE team on Slack when scheduled pipeline that republishes analyzer images fails Backlog
Design: Edit a manually created vulnerability Backlog
[VSA] Tooltip setting for custom value stream Backlog
Sort deploy keys under admin/deploykeys as well as repo settings Backlog
Create Quadrants to Facilitate Planning Discussions Backlog
Former user of a customer organisation on GitLab.com should be able to authenticate when his email is reactivated Backlog
Display Analytics for Deployment history Backlog
Modular Group Authentication Backlog
Document types of dependencies scanned by Dependency Scanning Backlog
Scan GitLab and Runner configs for security issues in IaC Scanning Backlog
GitLab UI should handle two non-conflicting edits to a file Backlog
Create php-composer branch to test Composer v2 lockfiles Backlog
Remove source_type/source_id from members table Backlog
Support for Alternative Workflows when using Monorepo Backlog
Scope Security Dashboard for Projects with Production deployments or Releases Backlog
Configurable timezones for when iterations are considered current on GitLab.com Backlog
Implement logging of the OAuth2/OIDC ID Tokens for troubleshooting Backlog
Leverage CODEOWNERS in Vulnerability Reports Backlog
Provide more distinguishing details when searching users Backlog
Corpus Management - Test resolvers Backlog
Enforce max scan duration in Dependency Scanning analyzers' pipelines Backlog
Project Quality Empty State for No Coverage Backlog
Project Quality Empty State for no Code Quality Backlog
Project Quality learn more about other testing features Backlog
license-finder cannot be published: "version" job fails when extracting version number (flaky) Backlog
Consider deprecating kubesec in favor of kics Backlog
we need ways to spin up versioned testing environments that can live as long as needed Backlog
we need a permanent always on (or frequently on on schedule) offline environment for testing Backlog
enable users to augment the advisory-DB privately Backlog
Investigate project "topics" as a way to filter and view data on vulnerability reports Backlog
we need both a permanent openShift environment as well ways to spin up versioned testing environments that can live as long as needed Backlog
Dependency Scanning for .NET projects without packages.lock.json (aka Direct support for .csproj) Backlog
Support separate locations per group or project for artifact storage Backlog
Test summary should explain if junit tests are expired Backlog
Indicate users that are a sole owner of a group in Admin -> Users -> Groups and projects Backlog
Fire Webhooks Upon CI Report Data Ingestion Backlog
Add support of google_oauth2 with multiple google accounts. Backlog
Creating and assigning the security policy project executes more than 100 SQL queries Backlog
Support for adding custom ruleset queries to SAST IaC Backlog
Add Java 17 support for License Compliance Backlog
Allow admins to disable the HTTP git access protocol but allow Geo HTTP replication to continue Backlog
Show one longest path to the vulnerable package Backlog
Include source in dependency scanning reports Backlog
Disable Personal Billing Page for Enterprise Users Backlog
Provide a quick way to remove blocked users from a group Backlog
Automatic back-off and retry for failed daily backup uploads Backlog
Automatically action on advisories that change to false positive (and/or other?) Backlog
Improve "most recent deployment" for API, Environments Index, Job note Backlog
Allow subgroups to re-inherit parent group settings after overriding them Backlog
Increase default limit of ci_max_artifact_size_terraform Backlog
Don't match project name in settings search Backlog
SAML Group Link not compatible with some IdPs integrated with Cloudflare Access such as Google Workspace and Okta OIDC Backlog
Scala dependency scanning support for Mill Backlog
Deployment Page Backlog
Backlink to GitLab project from Jira issues created from security findings Backlog
Estimated job wait time by runner tag Backlog
OAuth2 permission granting screen needs an overhaul Backlog
Technical: Increase unit test coverage of the Browserker Scanner Backlog
Add an organization-level dynamic deployments list Backlog
Administrators receive access requests in addition to group/project owners Backlog
Create tabs for Merge request violations and Commit custody Backlog
Add a commit custody list view Backlog
Add pagination to commit custody Backlog
Add an individual export option to each commit Backlog
Allow users to search for a specific commit SHA in the list Backlog
Make DevOps adoption report more granular Backlog
Combine git tag and default branch pipeline jobs from secure ci-templates Backlog
Passing through non-defined CI variables assigns them a literal value instead of remaining empty Backlog
It is not possible to get information regarding which account is associated to which deploy key Backlog
Add to the GitLab GUI interface which account created each deploy keys Backlog
Testing graph exports to job artifacts when Gemnasium fails or when debugging Backlog
INITIATIVE: Cycles and Review Backlog
Rulesets for Salesforce-specific JavaScript Frameworks (Aura and Lightning Component Framework) Backlog
Improve Dependency List Empty State Backlog
Allow username customization for Okta SCIM provisioned users Backlog
Add user option to list users under namespace Backlog
Add remove user option to namespace Backlog
Extend Group level ban feature for public projects and non-members Backlog
Security Dashboard: Offer project sorting options within security status lists Backlog
Ability to search based on filters at the group level Backlog
DAST browser-based check documentation contains field templates Backlog
graph exports to be available when running Dependency Scanning in debug mode Backlog
Adjust pre-filtration for dependency scanning and license compliance - editable and auditable Backlog
Show Vulnerability Status in Link Backlog
Make "Remember me" cookie duration configurable Backlog
CI/CD: Add only: default-branch shorthand for rules.if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH Backlog
Design: Cancel vulnerabilities detected in a pipeline Backlog
License usage data at the group level Backlog
[Frontend] Suggest available Jira issues when editing a Merge Request title or description Backlog
[Backend] Suggest available Jira issues when editing a Merge Request title or description Backlog
Deprecate gRPC proxies between gitaly and the rest of GitLab Backlog
CI Insights: Group View for Pipeline Metrics Backlog
Alert the user when the agent connection breaks down Backlog
E2E testing https checks Backlog
Add "Allow subgroups to set up their own two-factor authentication rules" Attribute to Group API Backlog
Sub-groups API returns require_two_factor_authentication = false despite top-level group restriction Backlog
Incorporate delta of changed metrics in metrics MR widget Backlog
Add pending information to the Status field to the drawer for Scan Execution policies Backlog
Add Latest Scan field to the drawer for Scan Execution policies Backlog
Add Change History field to the drawer for Scan Execution policies Backlog
Allow for availability of licensed features to be checked via the API Backlog
Move Security vendored templates into the Jobs subdir - part 2 Backlog
Dependency Scanner Support for Conda Backlog
Add WARNING headers to API responses that have deprecated features Backlog
Refactor IWebMachine in regards to new WebRunnerMachine Backlog
Make Project Dependency List page show only active vulnerabilities Backlog
Invite users to group with minimal access Backlog
Update DAST CWE schema match_locations to reflect their input Backlog
Google Cloud Platform Error Reporting Integration Backlog
Provide a CI/CD Token with Admin capabilities Backlog
Dependency Scanning support type of project Backlog
Update gemnasium scanner package to include additional information Backlog
Disallow outdated gitlab-runner from gitlab server Backlog
Add ability to filter only active license seats in the Users API Backlog
Provide a way to monitor rollbacks Backlog
Update the stack trace regex for .NET Core/Java Backlog
Keep Variables Masked during Debug Logging, add Flag to Unmask Backlog
Enforcement and auditing of scan execution policies Backlog
Review graphql-cop capabilities Backlog
UX: Alert system for storage usage activity Backlog
[License Compliance MR Widget Extension] - Frontend - Implement wider container height by consuming MR widget extension API Backlog
Coverage-guided fuzzing language auto-detection Backlog
Add more filtering to compliance violations API Backlog
Using !reference in a YAML merge key causes server-side exception Backlog
Central Management of Active User Sessions (And Session Termination) Backlog
Store API spec document from external files as job artifacts Backlog
Retrieve api spec documents from protected URIs by using overrides config Backlog
User contributions events API endpoint be available for group owners in SaaS Backlog
Add events target_type to the user contribution events API endpoints Backlog
Agent status error communication Backlog
Enhance Flag to Prevent Direct Memberships to Projects Backlog
Docs - product feedback: Importing issues from CSV should produce an error in UI if it fails Backlog
Show project level insights around pipeline performance Backlog
Feature Request: Clicking Headers in markdown add it to the clipboard Backlog
Track CA Keywords Backlog
Add Dependency Information to database Backlog
MVC: Configure CI/CD Limit by project Backlog
Make "Enable SAST/Secret Detection" MR title and description more self-documenting Backlog
Log backup environment for audit purposes Backlog
License Compliance page - warning pill text should match background color not be black Backlog
Description and remediation can include matched values Backlog
Optionally require membership to view epics Backlog
Vulnerability Report fails to update if scanner exit code is not 0 Backlog
Group Epics should not be visible for users without Group Role assigned Backlog
Add flag to allow uploading dependency scan result as artifact Backlog
Make "release/deploy" easy and "destroy" difficult Backlog
Show the latest infrastructure changes on the environments page with the "apply" (manual, waiting for approval) job Backlog
Enable CI_JOB_TOKEN as accepted header to log into access-controlled GitLab Page Backlog
[Frontend] Filter compliance violations by branch names Backlog
New audit events: Audit event retention period Backlog
Improve logging for Git over HTTP with 2FA Backlog
Build integration-test gem and update README Backlog
Add a Semi-Internal Level of visibility for Projects and Groups Backlog
GitLab Jira Integration - Users don't exist in GitLab but they do in JIRA Backlog
Detailed Admin Mode & Impersonations Audit Event Streaming Backlog
IP Allowlist Control should allow CSV input Backlog
Display streaming audit event destination in the UI Backlog
Automate Auto DevOps Helm3 upgrades to scaled environments Backlog
Custom environment URL schemas Backlog
Add special support for datetime markers in GitLab Flavoured Markdown Backlog
Exempt Bot Accounts from Email Notifications Backlog
Allow markdown in Solutions field for MR security widget Backlog
Allow markdown in Solution field for pipeline security tab Backlog
Differentiate between regular push and force push for audit event streaming on git operations with GraphQL Backlog
Add "source" attribute to vulnerability records Backlog
Enable Ascii folding when searching for names with special characters Backlog
Add to Pipeline Security Tab and Security Dashboard Backlog
Commit and run CI from last stop Backlog
Options to handle many parameters (+300) in a single request Backlog
Add .editorconfig to share code-style settings among IDEs Backlog
Missing ability to pre-query branches deleted by "delete merged branches" API endpoint Backlog
Respect CI timeout value by all the expensive operations in SAST analyzers. Backlog
Findings should be created for Navigations that have no HTTP message Backlog
Support variable expansion in environment.on_stop Backlog
Configure CI/CD Limits by project under groups Backlog
Add CI_REGISTRY_VISIBILITY variable for Auto DevOps Backlog
Enable MR auto-creation for DAST CI/CD configuration process Backlog
Add entire groups to Security Center Backlog
Design: Improve the user experience for adding passwords so they're evaluated as raw and are masked by default Backlog
Design: Make it easier to create the necessary variable configuration based on predefined variable types Backlog
Design: Improve the experience for troubleshooting pipeline config errors in the pipeline editor Backlog
Group level Kubernetes page should explain agent CI/CD workflow for groups Backlog
ID feature request, webhook trigger Backlog
Enable downstream retry from mini-graph Backlog
Create untarred backups in named directories Backlog
Design: Explore more prominent ways to signify trigger jobs in the mini pipeline graph Backlog
Design: Update the "Run pipeline" form value dropdown to a combobox to accept new values Backlog
Frontend: Trigger job pending status is unclear Backlog
Customers can view a crawl report from a particular URL Backlog
Security Dashboard - View Results by Quarter / Year Backlog
Updating references to Jira issues on GitLab should update the previously created backlink Backlog
Add vulnerabilities counter to left menu Backlog
Allow child pipelines to inherit global default parameters Backlog
Make use of classification and approval_status consistent between licenses endpoint and license_reports Backlog
Support keyless commit signing with GitSign Backlog
Normalize dependency scanning CI/CD variable naming Backlog
Add ability to optionally ignore dev dependencies in Setuptools projects Backlog
Add ability to optionally ignore dev dependencies in NuGet projects Backlog
Add ability to optionally ignore dev dependencies in Conan projects Backlog
Add ability to optionally ignore dev dependencies in Bundler projects Backlog
Update accessibility MR widget expand/collapse tooltip Backlog
API that returns transfer data of streaming audit events Backlog
New scanning tool: Binary analysis and scanning Backlog
Group-Level Merge & Squash Commit Templates Backlog
Missing test coverage: Exclusion counts Backlog
Missing test coverage: worker-entry output Backlog
Sub-group-level enforcement for merge request approval SETTINGS Backlog
Enable stale runner cleanup Admin Area > Runners Backlog
API endpoint for Repository Analytics Backlog
Eco-Design Third Party Integration Backlog
Link issues created from findings back to source pipeline Backlog
Clarify the differences in code coverage calculations features Backlog
Reference requirement files while building dependency graph Backlog
Add SEVERITY_THRESHOLD variable to dependency scanning Backlog
API Support for user management - Remove from project/group Backlog
API Support for user management - block / unblock user (only provisioned users) Backlog
API Support for user management - delete users (only provisioned users) Backlog
Allow an arbitrary number of jobs from a list of jobs to be required when using the needs: keyword Backlog
Backend: Additional inputs for job:when: to allow for more flexible pipeline execution Backlog
Geo: Accelerate container images by serving read request from secondary site Backlog
Geo: Accelerate web UI and API read requests for LFS objects at secondary sites Backlog
Geo: Accelerate CI pipeline artifacts Backlog
Geo:Accelerate CI job artifacts Backlog
🎨 Improve hierarchy of information for security approvals Backlog
Include support for projects with Windows-based dependencies Backlog
Feature Request - Expand Dynamic Pipeline .gitlab-ci.yml Backlog
DAST Pre-scan verification implementation Backlog
Document test suites and our expectations around them Backlog
Document API Security scanner concepts Backlog
Make User Cap available via application settings API Backlog
Generate DAST HTML report outside of the DAST analyzer Backlog
Mike's CLI Tools - Part 2 Backlog
Geo: Read-only Geo secondary sites Backlog
Improve validation for minutes overflow while setting project CI/CD minutes limit Backlog
🎨 Design: Create SAST Scan Profiles Backlog
Enhance search in the audit event screen Backlog
Allow audit event screen to show more than 30 days of history Backlog
Track Dependency Types in CycloneDX SBOMs Backlog
Make the recommended version a runner can upgrade to visible Backlog
Enhance ping usage information on Geo UI actions Backlog
Refresh site health status Backlog
Stats for data type status counts persistent on UI Backlog
Usage stats on Geo API Backlog
Status widget frontend support for Work Items Backlog
Create/Edit Requirement page using Work Item widgets Backlog
Regulated e-signature approvals for Merge Requests (CFR part 11) Backlog
Integration with Azure Boards Backlog
ArgoCD agent Importer Backlog
Update GitLab Postman Collection / OpenAPI Spec & publish to Postman API Network Backlog
Speed: Allow user to provide technology hints Backlog
Improve and expand existing OpenAPI 2 / Swagger Documentation for REST API v4 Backlog
Add Ability To Force Delete Projects That Failed To Delete Backlog
Speed: Automatically detect technology in use and trim testing Backlog
Introduce a hidden job and anchors into the CI templates Backlog
Automate child work items setting to Confidential Backlog
Promote Subgroup labels to Parent Group from UI Backlog
Generate parameter dependencies by calling other operations to create them Backlog
Decouple the variables available to the upstream job from the ones being passed to downstream pipeline Backlog
Show before_script and after_script inheritance in "View merged YAML" view Backlog
Add support for injecting the host IP address into k8s pods as an environment variable Backlog
Add another layer of reviews for SAST scan reports Backlog
Add "shortest path" information when creating vulnerability from CVS Backlog
Housekeeping of container images based on "last pulled" timestamp Backlog
Labels for items in the Vulnerability Report Backlog
Geo: New API endpoint for geo_sites to supersede geo_nodes Backlog
Feature Request - BroadCast Message: Restore Ability to customize Font color and Background color using Hex Color Codes Backlog
Fix before_script of Secure test projects: fail when any command fails Backlog
Ensure consistency b/w semver_dialects and vrange when adding advisories Backlog
DAST UI config additional header redesign implementation Backlog
When syntax errors are present, pipeline simulation doesn't show logical errors Backlog
Handling of per-route external proxy setting broken Backlog
Cache compressed /opt/asdf directory when building gemnasium-maven image Backlog
Add graph data to sbom components Backlog
Assess whether semver_dialects can be used to match SBOM components generated by container scanning Backlog
Notification emails for newly added vulnerabilities Backlog
🎨 Design: Clarify the state of security approvals while the pipeline is still running Backlog
Allow passing artifacts for multi-project merged results pipelines Backlog
Monitor projects activity Backlog
Allow editing of group description from the group overview page Backlog
Add a group description during group creation Backlog
Add a project description during blank project creation Backlog
Allow editing of project description from the project overview page Backlog
Add Image filter to the group/security center Operational vulnerabilities vulnerability report Backlog
Add Cluster filter to the group/security center Operational vulnerabilities vulnerability report Backlog
Update integration test for JSONSelect case in gemnasium Backlog
GitLab Policies does not alert admin on failed/invalid policies Backlog
Merge Request API endpoint should allow filtering by merge user ID Backlog
API should support looking up all deployments by user Backlog
Add release process and documentation to semver package Backlog
Continuously mirror the DSP status to the trigger job status with strategy: depend Backlog
API Security: Redesign our main test target Backlog
Permit multiple email addresses during user provisioning via SCIM Backlog
Support keyset pagination for the Container Registry API Backlog
Filter issues list by an epic in a subgroup Backlog
Design: "Security report is out of date" can be more prominent in the widget Backlog
Add troubleshooting entry on private container registries Backlog
Group Test Webhook - Determine Project based on hook type's requirement Backlog
Run entrypoint tests during test stage Backlog
Add Users API endpoint to require a password reset Backlog
Response body size in the operation summary output is incorrect Backlog
Support getting started with the agent configuration Backlog
Request for Instrumentation of new Secure Metrics Backlog
Add time zone to user administration pages Backlog
Try a different runner from the pipeline editor Backlog
Refactor the stat anchor list on the project home page Backlog
Improve the interaction for selecting a profile in DAST Backlog
Follow-up: Restrict license removal for GitLab.com (SaaS) Backlog
Provide deployment approver/executor information in pipelines Backlog
Filter deployments by date on the Environment detail page Backlog
Let subgroups override "Prevent project forking outside current group" setting of top-level namespace Backlog
See trend of artifact sizes overtime Backlog
Enforce delayed deletion of user contributions upon user deletion Backlog
Allow creation/management of Resource Groups Outside of Pipeline Backlog
Keep going when a connection issue occurs on a mutation Backlog
Allow global dismissal of subscription expiry by an instance admin or group owner Backlog
Enable notification about deployments in Google Chat and other services. Backlog
pdm.lock support for Dependency Scanning Backlog
Reduce the size of the Go toolchain Backlog
Support Cyberark as SCIM identity provider - add the /schema SCIM Endpoint Backlog
Perform nightly backups of our git repository Backlog
Configurable maximum number of pipelines in a merge train Backlog
Provide task to check integrity of backup file and display backup metadata Backlog
VSA - Expose timestamp in VSA created_after and created_before dates Backlog
VSA - Support full UTC timestamp for date range filters Backlog
Make the workflow for Secret Detection findings clear and adapted to their nature Backlog
Support testing GraphQL Subscriptions Backlog
Verify receiving server with certificate pinning Backlog
Reflect most recent hook event's status code on /hooks page Backlog
Generate short lived access token Backlog
Investigation - allow user to re-import failed relations and relations created after previous import Backlog
Accelerate most GET requests which don't depend on Geo-replicated data Backlog
Implement Additional Metrics for Security Policies Group Backlog
Audit Events - Log initial trigger of project and group deletions, and/or make it clear why deletions are taking place Backlog
Support coordinating values for variables / secrets across environment Backlog
Bump Gemnasium image dependencies when they're updated by scheduled updates Backlog
Show canonical component names in Dependency List Backlog
Complete setup of slack notifications for build failures Backlog
Record when a group's Max Role is changed under membership in a group or project to the audit_json.log file Backlog
Use lefthook git hook to run linters and guards Backlog
Move majority of e2e tests from API Fuzzing to DAST API Backlog
Adds configuration to admin dashboard to restrict only push mirroring to a project Backlog
Investigate using ML to generate data for API inputs Backlog
Make it easier to revert changes Backlog
Allow read-only access to group settings and project settings to non-owners Backlog
Assign a user a maximum role that cannot be elevated without Admin approval Backlog
Support specifying path/group searches in navbar search field Backlog
Cache dependency scanning job results Backlog
Add SAML tag to SAML users in Admin Area page for self-managed instance Backlog
Add user state to member list of projects or groups Backlog
Add Ability To Share Iteration Report Filtered By Label Backlog
Pre scan verification mode for API Security Backlog
Support hash-checking and version specification in requirements.txt for License Compliance Backlog
Include a customizable fiscal view for epic roadmaps Backlog
Treat MR integration sources as unified Observability data (test, security, metrics, etc.) and provide correlation & focused views Backlog
Allow Users to Link Requirements to a Specific Line of Code Backlog
Document how dependency categories map to each package manager definitions Backlog
Implement pre scan verification mode for DAST Analyzer Backlog
Backend: Pre scan verification Backlog
Rate limits consumtion summary Backlog
Automatic sidebar creation for wiki Backlog
Add support for Security Report Schema v15 to report library Backlog
SBoM component PURL fields do not contain the repository_url field Backlog
Geo: More detailed site status Backlog
Geo: 10 min old status is not a critical failure Backlog
Ability to restrict Access tokens to Specific IP Addresses Backlog
Introduce a project's settings to reset integrations and webhooks Backlog
delete environments using CI Backlog
Backend: Agent activity event for configuration changes Backlog
Support Paket lock files in Dependency Scanning Backlog
Restrict access to subgroup by IP address Backlog
Backend: Add support to rules:exists keyword to match multiple files (AND operation) Backlog
.gitlab-ci.yml's Parsed YAML Size Limit - surface information to user so they can manage this Backlog
Windows SaaS Runner enable core.longpaths true Backlog
Partition package metadata tables Backlog
Implement dropdown for primary email change Backlog
Ability to set 'gitlab_username_changing_enabled' via Application Settings API Backlog
Create GitLab releases on public project Backlog
Bulk moving of closed issues errors out after ~10 issues Backlog
External API for Security Policy Validation Backlog
Create Advanced Search Information API endpoint for UI parity Backlog
Restrict access to subgroup by IP address Backlog
Introduce explicit permission read_project_runners instead of using admin_project Backlog
Add Support for Stackrox CI Integration Backlog
Improve process for adding a project template Backlog
Add support to OpenAPI 3.1 to use non-string params in multipart/form-data operations Backlog
Convert/promote Jira issue to GitLab issue Backlog
Add Export functionality to DevOps Adoption Report Backlog
GraphQL: Support membership params for project filter in RunnersFinder Backlog
Detect and report pre-installed versions of package managers in gemnasium Backlog
Add Storage Limit Option for Cached Files Backlog
Optionally disable inheritance Backlog
Have security findings/vulnerabilities created as a result of operational container scanning created in originating projects Backlog
Advanced Search only within my namespace Backlog
Make scanner component and worker-entry component to use the same current working directory Backlog
Define the rules around READMEs for Project Templates Backlog
Add community members as reviewers of Project Templates Backlog
Ensure Project Template MRs are counted in throughput stats Backlog
Add ability to optionally ignore dev dependencies in Paket projects Backlog
Cube Query Rendering Visualization - Heatmap Backlog
Cube Query Rendering Visualization - Histogram Backlog
Cube Query Rendering Visualization - Gauge Backlog
Cube Query Rendering Visualization - Scatter Chart Backlog
Cube Query Rendering Visualization - Bubble Chart Backlog
Cube Query Rendering Visualization - Sankey Diagram Backlog
Add an airgapped? configuration state Backlog
There should be a way to surface "status updates" to a parent sub-epic/epic Backlog
User Should Be Able to Self Approve Deployment after Manual Job is Played Backlog
Create to-dos when someone replies to a thread Backlog
API endpoint for last successful security pipeline ID Backlog
GitLab-native code annotations to exclude findings from the results Backlog
Provide a way to compare tags more easily Backlog
Pipeline triggerer is shown as the user who created the mirror, instead of user who started the mirror process Backlog
Add password requirements in a tooltip Backlog
Docs: Document how to add a new purl_type to package metadata Backlog
Enable two_factor_enabled API field for group owners Backlog
Allow users to disable Product Analytics features in their projects Backlog
Customizable Permissions: Prevent users from applying Default GitLab Roles Backlog
Customizable Roles: Bulk migrate users from default roles to custom roles Backlog
Extend API to return group and user-level apps. Backlog
Support FQDN in exists/changes Backlog
Improve error message when target url is not provided Backlog
Draft: Milestone Planning Process Backlog
Refactor vrange/python resolver to use cli.Register Backlog
Measure Events Drilldown Backlog
Add pending deployment approvals to custom notification events Backlog
Improve formatting of troubleshooting sections in API Security docs Backlog
System header and footer cutting off text when printing Backlog
DS_JAVA_VERSION should be populated from build.gradle.kts files Backlog
Make Subscription Details visible in when printed Backlog
Improve Bulk Edit Issues error reporting Backlog
Add owner / creator field to deploy key API endpoints Backlog
Make Markdown preview more obvious/enabled by default in the new Web IDE Backlog
Add Git decorators in file explorer and Gutter indicators for changed files in new Web IDE Backlog
Ability to increase active session limit Backlog
Allow parameters to be marked as secret Backlog
[Update Request and Response to use SecretValue](https://gitlab.com/gitlab-org/gitlab/-/issues/387266) Backlog
Mark all values from overrides as IsSecret = true Backlog
Allow users ability to specify which fields should be masked (_MASKED_FIELDS) Backlog
Draft: Use secrets detection db to identify secrets Backlog
[DEBATED] License Scanning using SBOM components stored in DB for default branch Backlog
Draft: Serialize Operation and Parameter to/from json Backlog
Draft: Update FaultData to include Operations/Parameter instances Backlog
Draft: Update reporting code to use Operation/Parameter instances Backlog
Draft: Update ReportController to use serialized Operation Backlog
Send alert notifications to specific email addresses Backlog
Refactor GenerateOperationAndRequest to clone Operation Backlog
Disable all existing project wikis functionality at once Backlog
Allow computed values to be used in visualization YML definitions Backlog
Calculate estimated wait times for group runners Backlog
Remove runnerPlatforms and runnerSetup GraphQL queries Backlog
GitLab for Slack app Token rotation Backlog
Make expired users easier to re-add Backlog
Extend group activity to go further back in history Backlog
Require Pipelines To Be Based on Syntactically Valid YAML Backlog
Make Groups the default value for group_attribute in SAML configuration Backlog
Restrict access to a tunnel to specific branches Backlog
KAS restricted access Backlog
Consider implementing SAML authentication request signing on GitLab.com Backlog
GitLab LDAP Group Sync "Dry Run" functionality Backlog
Add absolute date to Instance setting Backlog
Parse CODEOWNERS into DB tables Backlog
Dismiss a vulnerability with a comment from vulnerability page Backlog
Expose CODEOWNERS rules via API Backlog
Geo : Ping usage for accelerated runner jobs by secondary sites Backlog
Brainstorm: Deployment policies Backlog
Flux to GitLab access management Backlog
Alert Only groups enrolled in quarterly subscription reconciliation about True-Up Backlog
Investigate if latest_build_for_default_branch is causing extra queries Backlog
Allow Exposure of Vault Token Used by Gitlab Runner Pipeline via ENV VAR Backlog
Feature Request - personal timesheet Backlog
Dashboard for namespace / multi-project view Backlog
Refactor license scanning related specs Backlog
Decouple Classification Labels from External Authorization Backlog
[Update Overrides to use SecretValue](https://gitlab.com/gitlab-org/gitlab/-/issues/390124) Backlog
[Update HTTTP Basic Auth to use SecretValue](https://gitlab.com/gitlab-org/gitlab/-/issues/390126) Backlog
[Update Postman Variables to use SecretValue](https://gitlab.com/gitlab-org/gitlab/-/issues/390128) Backlog
[Update request header list to use SecretValue](https://gitlab.com/gitlab-org/gitlab/-/issues/390130) Backlog
Deprecate Legacy Requirements IID for Work Item IID Backlog
Remove cluster_image_scanning APIs Backlog
Deprecate cluster_image_scanning APIs Backlog
Allow disabling New Snippets for Enterprise users Backlog
Merge request drop down in the top bar and MR section of Your Work should also have an Authored option Backlog
Customize LDAP Error Message when Invalid Login Occurs Backlog
rake task for removing unreferenced LFS objects from S3 bucket Backlog
CWE-319: Cleartext transmission of sensitive information (cookie) Backlog
Improve Member Role API response when group is not root Backlog
Allow the Issuer claim to be customizable for our Cloud Service Provider OIDC JWT tokens Backlog
Find software license in repository when NPM returns an empty license Backlog
Make the .latest template the stable template Backlog
Request: See Issue due date in Milestone view Backlog
DRAFT: Allow the use of a Geo secondary site to do operations on its replicated container registry (push/clone) Backlog
Control IaC Scanning results separately from SAST in Scan Result Policies (SRPs) Backlog
Split jobs in a parallel matrix jobs Backlog
Deprecate DastPreScanVerificationStep name Backlog
DAST vuln - if no longer found - can we have them auto resolved? Currently they find themselves having to triage them even if the vuln is no longer found Backlog
Enable Bulk Issue Create from Vulnerability Report Backlog
Design: Visibility into where components are used Backlog
Add Default membership for members without SAML group link for Self-Managed Backlog
Report to see who is using Security Training for vulnerabilities Backlog
Docs: Improve content regarding solutions for vulnerabilities (auto remediation) Backlog
Control project visibility based on role Backlog
Docs: Document rules for generating a valid CycloneDX report Backlog
Remove pipeline id from dismissal event in pipeline modal Backlog
Silent mode - suppress outbound file hook traffic Backlog
Service Portal Backlog
Allow profiles to display or hide information Backlog
Clarify Scan Result Policies for SAST include SAST and IaC Backlog
Indicate on the Vulnerability page if a vulnerability has been disputed in NVD Backlog
Add support for workspaces in Yarn berry Dependency Scanning Backlog
Create forkSynced subscription Backlog
Activity page should list user invite and deletion events Backlog
Remove deprecated EE::Ci::Pipeline#with_legacy_security_reports method Backlog
Create API calls for repository check last_repository_check_failed Backlog
Detect secrets in API Security scans Backlog
Import GitHub repository Collaborators with custom role as GitLab project members Backlog
Geo: Silent mode - Suppress outbound Deprecated Kubernetes Connections Backlog
Alpine advisory ingestion Backlog
Scheduler Backlog
Worker Design & Scaling Backlog
Convert License DB export component to worker handler Backlog
Distro: AlmaLinux Backlog
Distro: Amazon Linux Backlog
Geo - New GraphQL endpoint geoSite to supersede geoNode Backlog
Geo - New geo/site_proxy endpoint to supersede geo/node_proxy Backlog
Geo - Static redirect_uri for OIDC SSO Backlog
Geo Settings - Update geo_node_allowed_ips to geo_site_allowed_ips in Application Settings Backlog
MR widget: License Compliance failed loading results (SBOM Scanner) Backlog
Connect feature flags with error reporting (sentry) and automatic switchback Backlog
Distro: Arch Linux Backlog
Distro: Debian Backlog
Draft: Distro: Ubuntu Backlog
Draft: Distro: Wolfi Backlog
Draft: Distro: Rocky Backlog
Draft: Distro: Redhat Backlog
Distro: Suse and OpenSuse Backlog
Convert vuln-list ingestion to worker handler Backlog
Create command line component for vuln-list ingestion Backlog
Convert Alpine ingestion to worker handler Backlog
Follow-up from "Check if git is available before performing remediation." Backlog
Decide what to do with Yarn berry patch packages Backlog
Labels created from the Admin Area are available to groups Backlog
Write a test for the null reference bug in HTML Injection check Backlog
Advisories: Ingest the NVD data source Backlog
Disable topic creation for non-admin users Backlog
Disable external license DB sync in QA environements Backlog
Standalone Dependency Page Backlog
Backend: Investigate adding dependencies to rules on jobs (in needs) Backlog
Automatically disable user SSH or GPG keys discovered by Secret Detection Backlog
Customize OIDC Error Message Backlog
Allow new Administrators to create groups by default Backlog
Add end of life information to dependency view Backlog
Support $search for the agentConfigurations query Backlog
Azure AD Authentication for Azure Flex Postgres Service Backlog
Container Scanning - CS_IMAGE doesn't support group variables Backlog
Add ability to skip tar creation to backup-utility Backlog
SAST Custom Rulesets should use case-insensitive identifiers Backlog
Allow ability to enable scan execution policies for all agents in policy yaml file Backlog
Provide a new area for actions in blob view to minimize gutter Backlog
Service Desk Email Issue Debugging Backlog
All images in the issue description should be part of Design management so that they can be commented on Backlog
Add CWE classifier to Kics scan result Backlog
Add CWE classifier to Trivy scan result Backlog
Create a "Label Management" permission Backlog
CI support for triggering a Flux sync Backlog
Rotate the CHANGELOG through the API Backlog
Allow SaaS Customers to Increase Gitlab Pages Size Limits for a Specific Project Backlog
Capture Number of Developer-Resolved Vulnerabilities via MR to highlight Shift Left Security Backlog
For SQL Injection vulnerabilities display injection type and technology Backlog
Support for OCSF (Open Cyber Security Format) for GitLab AUDIT EVENT Streaming Backlog
Add blocked status to pipeline email notifications Backlog
Increase Service Desk incoming mail attachments to 25MB Backlog
Add 'Explain this code' assistant into the merge requests changes Backlog
Allow role override for SAML group-synced inherited members Backlog
Docs feedback - feature proposal: custom GitLab quick actions for premium tier Backlog
Add Product Analytics to Pages sites faster Backlog
Detect AI generated code in Merge Requests Backlog
What does this Product Analytics chart mean assist Backlog
Add support for non npm packages in Yarn berry Dependency Scanning Backlog
Setting custom additional text in deactivation emails via the API Backlog
The default role of Guest for Project/Group access tokens can cause confusion about token permissions Backlog
Add support for scanning images hosted on remote registries when FIPS mode is enabled Backlog
Include user-managed libraries in the Cyclone DX SBOM output file Backlog
Export PM Data from GitLab to Microsoft Project Backlog
Ability to view stats/assignees/weight of a task without having to click into the task from the issue board. Backlog
Ability to set capacity for each iteration for the team Backlog
Update opt-in namespace stale runner cleanup to delete after 48 hours of no contact Backlog
Sync Jira Issue and Vulnerability Object Backlog
Add business metadata to security reporting for granular reporting Backlog
Kubernetes service maps auto-discovery using eBPF with the agent for Kubernetes Backlog
Backend: Allow Docker Layer Caching for Merged Results Pipelines Backlog
Create the ability to share dashboard files (import/export full dashboards) Backlog
Ability to attach artifacts to a Jira issue Backlog
Terraform state cleanup policy Backlog
Feature Proposal: Character Count in UI for Time Tracking Summary Backlog
Integrate product analytics and feature flags Backlog
Container Scanning automatic authentication for GitLab Dependency Proxy Backlog
Display version of the advisory DB used to generate findings Backlog
Add a hosted/managed Unleash proxy service for GitLab SaaS Customers to use Feature Flags at Scale Backlog
Geo: Add object storage replication and verification settings to service ping Backlog
Geo: Add UI checkbox to enable object storage verification Backlog
VS code Plugin for product analytics Backlog
Allow variable expansion for image:entrypoint Backlog
consider removing code quality diff from "before the rebase" and "after the rebase" Backlog
Geo: Silent mode - Suppress Snowplow traffic Backlog
Merge Trains without Merged Results Pipelines Backlog
Geo: Silent mode - Suppress outgoing external traffic from container registry webhooks Backlog
Add read_package_registry and write_package_registry access scopes to Personal and Group/Project Access Tokens Backlog
Support Gradle in Coverage-guided fuzz testing Backlog
Gitlab api - List project jobs - allow to filter by ref name Backlog
allow needs:project to be conditional Backlog
Add Rails/Sidekiq version consistency check as part of post-deployment validation for multi-node environments Backlog
Instrument Reference Architecture alignment via Product Usage Data Backlog
Embed other Gitlab data into product analytics dashboards Backlog
Embed other external data into product analytics dashboards Backlog
Add support via group SSO identities only to JWTs used by CI/CD jobs Backlog
Feature Request: support pre-commit hooks to validate Jira Issue IDs included in commit messages Backlog
Determine Java version when DS_JAVA_VERSION is not set Backlog
GitLab Runners should report all IP addresses in X-Forwarded-For header Backlog
Revisit how we execute container scanning on Composition Analysis analyzers Backlog
Geo: Show count of items in replicables list view Backlog
Deprecate running a single database and require main and ci database instead Backlog
Not require pipelines to complete as part of the scan result policy Backlog
Support arithmetic in Insights for groups Backlog
Allow configurable markdown rendering limits Backlog
Consider bringing internal vulnerability management tools to the Container Scanning feature Backlog
Calculate estimated wait time for all project runners Backlog
Allow job wait time to be configurable by a specific time and date Backlog
Allow job wait time to be filtered by a group Backlog
Allow estimated wait time to be filtered by a specific runner by description or ID Backlog
Container Scanning does not ingest dotenv Backlog
Customizable security training providers Backlog
Support replaced Go modules in Gemnasium Backlog
Possibility of adding a comment in Jira while the build completes Backlog
Turn geo:status output into a table Backlog
Allow users to configure third party storage Backlog
Vulnerability Explanation: Add Create Issue button Backlog
Enable SaaS users to keep user profiles up to date using SAML Backlog
Create a database used for the license-exporter unit tests using the schema project Backlog
[Non MVC dashboard] Indicate if a runner can or cannot take on more jobs at the moment Backlog
Make notifications more discoverable Backlog
Give project/group notification grouping options Backlog
Host files in login page for alternative sign up Backlog
Expose reason for not creating the on_stop job on stopping the environment Backlog
Add API endpoint to download release evidence Backlog
Ability to override runner tags via a new global keyword Backlog
Increase Gitaly timeouts Backlog
Improve the layout of jobs tab in pipeline details page Backlog
Add ability to provide feedback on vulnerabilities Backlog
Geo: Add check for sidekiq jobs to gitlab:geo:check rake task Backlog
Support Vulnerability Exploitability eXchange (VEX) in SBOM reports Backlog
Service Desk Automation Backlog
Allow configuration of project cloning approach Backlog
Add ability to optionally ignore dev dependencies in Gradle projects Backlog
Markdown pre-set image sizes Backlog
Notification emails for newly authorized OAuth applications Backlog
Multiple SyncWorker instances running at same time Backlog
Dependency scanner image exit 1 - without further indication about root cause Backlog
Housekeeping of redundant Sidekiq queues when moving to routing rules Backlog
Recurring broadcast messages Backlog
Bring parity to CSV Export and API for Transitive Dependencies Backlog
Add shortest_path and introduced_by fields when creating report with Gitlab::VulnerabilityScanning::SbomScanner Backlog
Enforce variables on child level to avoid overriding Backlog
Advanced Search: Code search doesn't mention which branch the search was done when no search results are returned Backlog
Investigate how we could create metrics from k8s log messages Backlog
Define license approval policies based on license categories Backlog
Proposal: Vulnerabilities are the primary vulnerability management lifecycle record Backlog
License DB exports duplicate packages (Python) Backlog
Progress bar is not the most helpful representation for replication slots on Geo dashboard Backlog
agentk should notify Flux about new OCI artifacts when they are available Backlog
Improve file verification status presentation in replication summary table Backlog
Geo Admin Dashboard: Explain replication slots and replication slot WAL and link to help pages from UI Backlog
Compact Geo dashboard layout Backlog
Improve logging and troubleshooting when Dependency Scanning job runs but there is no matching dependency file found Backlog
Add optimized query to PackageAdvisories class for default branch Backlog
Domain verification certificate failure notifications should not be sent to entire group Backlog
Deprecate remediation of Dependency Scanning vulnerabilities Backlog
Support scanning for dependencies "locked" in a different Operating System other than Linux Backlog
Spike: SCA without CI (pipelineless scans) Backlog
AI experiments: Fix Snowplow getting blocked by ad blocker Backlog
Support for OCSF (Open Cyber Security Format) for GitLab SECURITY FINDINGS Streaming Backlog
Proposal: Add remediation priority to vulnerabilities Backlog
Custom Iteration Cadence Start/End Date Backlog
Design the external job visuals Backlog
Add support for gradle 8 in Dependency Scanning Backlog
Auto Enforcement of Security Policy Configuration Files in Project Templates Backlog
Scan unmanaged dependencies for C/C++ applications Backlog
Manage libraries missing from containers Backlog
Feature request: SCIM with OpenID Connect OmniAuth Backlog
Follow-up from "Provide UI hint when there are 25 new potential findings" Backlog
Make it easier to change your GitHub access token on the import page Backlog
Create SAML Group Lock for SaaS Backlog
[MR Widget] Increase hardcoded limit and provide hint on more findings Backlog
[MR Widget] Use the flag returned by the backend to determine if there are more findings Backlog
Allow disable 2FA enforcement for admin users Backlog
Spike: Investigate refactoring package metadata sync throttling mechanism Backlog
Exempt git fetch operations from Git abuse rate limit Backlog
Show instance level default branch name value in group settings Backlog
Update Geo docs: Git pull/push over SSH against a secondary site Backlog
DAST Vulnerability Management Backlog
Make service desk emails immutable for gitlab.com Backlog
Can we integrate kics scanning of a terraform plan Backlog
Allow clients to verify authenticity and integrity of package metadata database exports Backlog
Removing email addresses in replies should remove external participants Backlog
Service configuration through the UI and in code Backlog
Revisit display of site profiles Backlog
Custom Dashboards with data from multiple projects Backlog
Exempt Slack integration operations from Group IP restriction Backlog
New projects with external CI/CD configuration should not show "Getting started with CI/CD" Backlog
Allow a grace period when repositories exceed the storage limit Backlog
Enable training providers by converting brakeman vulnerability warnings to CWEs Backlog
License scanning support beyond the SPDX list Backlog
Simplify and document process for determining whether a particular CVE is in trivy-db-glad Backlog
Handle short-lived (refresh) tokens for Browser-based DAST scans Backlog
Switch to different JDK build in gemnasium-maven Backlog
Include the project name or the project url of the repository with the vulnerability while creating Jira issue Backlog
Improve analytics dashboard popovers Backlog
Capstone issue: Show runner failure rates in Fleet Dashboard - Admin View Backlog
Add filter by failure reason to admin jobs page Backlog
Runner cost vision Backlog
Integrate Harbor as a proxy cache for GitLab Container Registry Backlog
Allow Jenkins to publish build status to merge request pipelines Backlog
Increase max sources limit for Cobertura files for test coverage visualization Backlog
Runner Fleet Dashboard - AI recommendations: recommend the optimal runner for job execution Backlog
Spike: Continuous Vulnerability Scans should not require a pipeline with a user ID Backlog
Remove limit to project search on group dependencies Backlog
Consider extending the lifetime limit of access tokens from just the ultimate tier to also premium Backlog
Show Minimal Access groups in admin/users/USERNAME/projects Backlog
Make Pipeline editor responsive, to fill the available window height Backlog
Add Tokenized filters to Dashboard View for easier data exploration Backlog
Navigation to Kubernetes Dashboard with Agent Connection Issues Backlog
Semgrep - ignore files or folders for a particular rule Backlog
Custom fields for GitLab Releases Backlog
Spike: Investigate how AI could improve the usability of bot comment with policy violation Backlog
Add maintenance note field when editing projects and group runners Backlog
Migrate to only using HEAD to determine default branch Backlog
Checksum GitLab managed object storage replication Backlog
Highlight jobs coming via Execution Policies or Compliance Pipelines in the Job log Backlog
Allow users to find branches with recent pipelines faster Backlog
AI/ML Based Feature for Managing Grouping Users and Managing an Organization's Access Backlog
DAST scan the application that does not set authentication token Backlog
Be Able to Disable "Setup Personal Access Token Banner" Backlog
Integrity check rake task for package registry Backlog
Runner Fleet Dashboard - AI enabled CI builds & Runner Fleet chat enabled data explorer Backlog
CSP check should also check meta tag Backlog
Allow enable/disable of automatic account creation at sign-in Backlog
Add support for rules:needs:pipeline in the existing rules:needs feature Backlog
Sort Admin Group list by member count Backlog
License Compliance setting available through REST API Backlog
Programmatically derive license aliases in SBOM license scanning Backlog
Import project by URL where source repository maximum repository limit using LFS files should fail Backlog
Allow to turn off Service Desk thank_you email per project Backlog
Gemnasium: Specify line number in "invalid spec" error Backlog
Show runner failure rates in Fleet Dashboard - Groups Backlog
Generate SBOM in SPDX format Backlog
Support Custom CA Certs with DAST Analyzer Backlog
Help text changes for New API token or Password when setting up Jira integration is confusing Backlog
Investigate minimal rbac needed for Operational Container Scanning to scan workloads in a k8s cluster Backlog
Consistently alert anyone pushing to a protected branch in the Web IDE Backlog
Make user profile visibility restriction available on SaaS Backlog
Map BitBicket Issue status to GitLab labels Backlog
Removes pm_package_versions and pm_package_version_licenses Backlog
AI-assisted help for product owners to verify requirement lists before shipping releases Backlog
Deprecate the operations dashboard Backlog
Auto-generate observability traces from deployed applications (eBPF, OpenTelemetry) Backlog
Update container scanning to emit a report with CVSS vector(s) Backlog
Embedded User Access Reviews in GitLab Backlog
Streamline Export SBOM feature Backlog
Provide a mechanism to reliably freeze application state to create backups with data integrity Backlog
Allow Group Owners to change primary emails for Enterprise Users Backlog
Git Client Policy Based Configuration Via GitLab Policy Git Hook Backlog
Inform external participants that ticket has been closed Backlog
Feature: WebIDE Support for Push Options Backlog
CVS adds links to GLAD advisories Backlog
Spike: Measure impact of ignoring highest version when querying compressed package metadata Backlog
Allow option to globally disable public pipelines Backlog
Version comparison in License Scanning not consistent w/ licenses export v2 Backlog
Detect Malicious Packages Backlog
SSH Lifetime Limit: reference original SSH key and prevent addition of key previously used Backlog
Feature Request : Misleading Checkbox on Vulnerability Issue Creation Backlog
Docs feedback: Document the sources providing license data for the license scanning feature Backlog
Proposal: Financial administrator role that does not consume a seat in a GitLab group Backlog
Grace period for SSH key restrictions Backlog
Enabling All users in this group must set up two-factor authentication on a subgroup should only apply to direct members in that subgroup Backlog
Store time-until timestamp within the $CI_DEPLOY_FREEZE variable Backlog
Drill down into code coverage from the overall solution to individual lines of code Backlog
DAST API should recognize security attribute of the OpenAPI schema and do not check authentication on such endpoints Backlog
Embedded User Access Reviews in GitLab Backlog
Return an error when using the /projects/:id/jobs/:job_id/play endpoint to a job that already ran. Backlog
Auditing and Notification of Automatic response to leaked secrets for Group and Project Tokens Backlog
Allow simulating security policy changes Backlog
Efficient AI DevSecOps for Ops/Sec: CI/CD, GitOps, Kubernetes, Observability: AI-assisted Auto DevOps (Auto DevOps++) Backlog
AI-assisted CI/CD pipeline editing experience (efficiency, best practices) Backlog
Reassess a dismissed vulnerability when its severity level is changed Backlog
Show number of running jobs in top-level group Backlog
Create Policy Admin Permission/Role Backlog
Feature: Copy milestone and associated issues between projects Backlog
Consider exempting group/project and service account access tokens from IP restrictions Backlog
Add option to include or exclude dormant bot accounts from being automatically deactivated Backlog
Environment Approval Workflow Unusable Backlog
Aggregate by packager Backlog
SPIKE: Investigate logging yaml parsing errors Backlog
DORA performers - Longer date ranges Backlog
Permit customers to pass a file containing hostnames to be excluded or ignored from DAST Backlog
If DS_PIP_VERSION is set gemnasium-python silently fails to install the selected version Backlog
Add option to prevent transfer of projects and subgroups outside of top level group Backlog
Rebase merge train refs in fast-forward or semi-linear train after a skip-merge Backlog
Only run scheduled scan execution policies when changes have occurred Backlog
DORA metrics are not recalculated when the issue is deleted Backlog
Ability to save/export expanded gitlab-ci.yml with dynamic/child pipelines Backlog
FE: Update failed validation error messages to be more specific Backlog
Add ability to search pipelines and jobs using raw text Backlog
Improve user search in admin area Backlog
Address analysers generating inconsistent vulnerability identifiers Backlog
Allow configuring Advanced Search outside UI/Rails Console Backlog
Option to keep Job logs after the project is deleted Backlog
Route sub-pages of /pipelines/latest to the actual latest sub-page, instead of yielding 404 Backlog
Add project event tracking for Dashboard Designer Backlog
Display Issue label in the MR widget if a Vulnerability has had an issue created from it Backlog
Enforce README creation at project level Backlog
Ability to create template for readme Backlog
Add a Start and End dates to the Objective Records Backlog
Scan Execution Policy container scanning jobs fails on projects with no registry Backlog
Stagger advisory scanning over time Backlog
Suggested visualizations within Visualization Designer Backlog
Actionable Insights: Approval jobs as part of the pipeline Backlog
Extend DORA metrics to calculate environment and deployment_tier beyond 'Production' or 'Prod' labels Backlog
Prevent bot accounts elevation to Administrator accounts Backlog
Expiry criteria for access tokens, rather than only date Backlog
Save a filtered view in visualizations Backlog
Save a filtered view in a custom dashboard Backlog
Service description field Backlog
Add project tracking for visualization designer Backlog
Improve informativeness of the @ mention of a group Backlog
Improve "Wait time to pick a job" graph in Runner Fleet dashboard Backlog
Follow-up from "Prevent update of default branch if block_unprotecting_branches is set" Backlog
Alert when Personal Access Token (PAT) is used from a new location Backlog
Map Jira status to a scoped label Backlog
Jira importer - MR links Backlog
Add merge train health statistics Backlog
Display of languages in repository analytics should not be bar chart Backlog
Ensure OIDC token mapping can be policy enforced and not be manipulated by project settings or CI. Backlog
Increase discoverability of the GitLab Advisory database, allow customer to self-serve and check CVE presence Backlog
Make AdvisoryScanner upsert vulnerability scanners in batches Backlog
Improve logging and suggest solutions for known errors in Composition Analysis analyzers Backlog
Enrich license data reported in the dependency list Backlog
Improve Dependency Scanning support with non-root containers Backlog
Product Analytics: line charts group by Backlog
Implement API/GraphQL endpoint for "Require an associated issue from Jira" Backlog
Make GitLab Backups more robust Backlog
Feature Flag approval_group_rules Backlog
Revoke all active sessions for a user Backlog
Add 302 error handling to group imports Backlog
Add created at time for running pipelines on pipeline list view page Backlog
Hide delete branch button for branches protected by a security policy Backlog
Add ability to set and enforce SSH key expiration dates at the group level Backlog
Allow searching an environment to apply from the middle of the environment name Backlog
Show the release process related to environments Backlog
Keep last run Test Results on merge requests Backlog
Add templates for security policies Backlog
Unify the way that project/group access tokens are referred to Backlog
Ability to be able to disable Oauth applications at the Group level Backlog
Add a "quality report" generated by AI Backlog
GlobalAdvisoryScanWorker: ArgumentError: Pipeline must have a corresponding user to use as vulnerability author Backlog
Feature Request: Vulnerability Resolution Verification in Merge Requests Backlog
Implement a UI option to force stop an environment. Backlog
CVS updates vulnerabilities when affected range is unchanged (no upsert) Backlog
Trigger alert if no new objects from Package Metadata DB sync for some time Backlog
Prioritize Organisation Users in invitation modals Backlog
Feature request: Allow self-managed service accounts to be locked to a specific group or project Backlog
View list of existing visualizations Backlog
Delete an existing Product Analytics visualization Backlog
Edit an existing product analytics visualization Backlog
Move the creation of the parent policy list url to the backend Backlog
Align semantics of published_date of advisories b/w Trivy and GLAD Backlog
Add CUI Marking To Vulnerability Report JSON Exports Backlog
Log scanners causing scan_finding rule violation for MR approval rule Backlog
Document how approver permissions change when the list of approvers changes on an existing deployment Backlog
Get times labels were applied to and removed from issues Backlog
Add suggestion to install clickhouse to see full wait time graph Backlog
Measure duration of time a label has been applied across an instance Backlog
Limit viewable users when inviting members to a project Backlog
The vulnerability scanning create vulnerability service reports successful project ids on unrecoverable error Backlog
Allow Dynamic pipelines to use project and includes keyword together Backlog
Add timeframe to visualization designer Backlog
Add a trend indicator to single stats Backlog
Propagate no longer supported OS warning to frontend for Container Scanning Continuous Vulnerability Scans Backlog
Implement unsubscribing from the stream Backlog
Flexible analytics segmentation Backlog
Option to auto-add SCIM identity when an account is provisioned by SAML sign in Backlog
Support multiple Slack integration for the same repository Backlog
Detect and report crypto modules Backlog
Multipart implementation uses the wrong disposition-type for files Backlog
Improve latency of initial Package Metadata sync for self-managed and dedicated environments Backlog
Support for partial Codeclimate analysis Backlog
Code Suggestions: Enable more context (open files, all repo files) as opt-in request Backlog
Self-Managed Container Registry Feature Request: Add a way to generate a report that shows reported registry usage for all projects at once and takes blob storage deduplication into account Backlog
GitLab Duo: Generate Mermaid charts in the Rich Text editor (using the GitLab Duo Chat framework) Backlog
Container Registry Feature Request: Add at least one field per-image for custom/user-defined use (e.g. an "in-use" field) Backlog
Assign custom role and fine-grained permissions to tokens Backlog
CVS on GLAD changes for language packages detected by Container Scanning Backlog
No cleanup policy for different version of assets in same maven snapshot version Backlog
Make improvements to the ability to traverse error in logs Backlog
Make evidence field a first class database field Backlog
Project Setting: Run Destroy Job Before Branch Delete Backlog
Scan for vulnerabilities in Go binaries caused by vulnerable versions of the std library Backlog
Add configurable option to restrict what non-member users show in auto-complete fields Backlog
New API endpoint: GET a list of registry tags in a group Backlog
Deprecate Dependency Scanning reports Backlog
Implement a toggle which allows enable/disable of security scanners on a repo Backlog
Auditor users unable to view blocked users via the list users API endpoint Backlog
Fine tune logic for sorting by severity Backlog
Feature Request: Viewing failed pipelines Backlog
Ingest vulnerabilities from CycloneDX SBOM report Backlog
Add AppJsonLogger warning message when Ubuntu version is not found for CVS for Container Scanning Backlog
Show a read-only version of the related protected environment settings under the environment settings Backlog
Add authentication management method to replace PATs with configuration file Backlog
Add support for needs:parallel:matrix between parallel matrix jobs Backlog
R Projects support for Dependency Scanning Backlog
Allow users to choose a branch pipeline merge strategy Backlog
Provide a way to collect license compliance artifact with dependency scanning Backlog
Add missing tooltips on pipeline and job list view Backlog
Code scanning feature to highlight potential security issues in source code Backlog
Move GitLab data integrity checks into default installation Backlog
Geo: Separate proxy controls for UI and the rest Backlog
Export dependency list in SPDX format Backlog
Support authentication in semgrep.passthrough when type is git Backlog
Allow the use of service accounts when PATs are disabled by API Backlog
Improve process to add new purl_type to package metadata sync Backlog
Add Approvals to MR Widget Backlog
Spike: Update vendored spdx index or fetch it regularly from remote source Backlog
Original discussion/planning issue: Ability to disable project integrations for high compliance requirement customers Backlog
Extend GET to create and manage backup infrastructure Backlog
Secret Detection - Add flag to scan all commits in MR source branch Backlog
Help users select the correct project type during project creation Backlog
Add description to input fields missing them during project creation Backlog
Create audit events for the enabling or disabling of AutoDevOps Backlog
Custom permission to manage roles Backlog
Prompt engineering for GitLab Kubernetes UI Backlog
POC: Capture and store runner worker VM hostname in GitLab for fleeting+taskscaler autoscaling Backlog
Review all checks to make sure they work with multi-part bodies Backlog
Adding Drill-Down Links from "Security Dashboard" to "Value Streams Dashboard" Vulnerabilities Metrics Backlog
Improve Kubernetes resource annotations UI Backlog
Point-In-Time-Recovery Backlog
Visualize debug log for pipeline creation Backlog
Improve DB schema to better support CVS and the Dependency List Backlog
Filter Fleet dashboard metrics by runner tags - Admin View Backlog
Improve test summary information on job logs page Backlog
Backups : Create a standardized communication interface between Gitaly backup and Unified backup Backlog
Investigate if har files with multipart/form-data content-types are correctly supported Backlog
Run pipeline when a tag is deleted Backlog
Dynamic Dependency Scanning jobs Backlog
Make CVS pass affected SBOM occurrences to security ingestion Backlog
Integration and e2e tests needed for multipart/form-data Backlog
Pass Trivy's SBOM's filepath field into Container Scanning report for pipeline security tab Backlog
Add Annotation Option for Ingested License Data in GitLab License Compliance Backlog
Expose a gitlab object to components, as a safer alternative to predefined CI variables Backlog
BBD: Quick Scan mode Backlog
CI variables to specify files scanned by Dependency Scanning Backlog
Cells/Regions: Select low-CO2 regions/zones Backlog
Downstream pipeline permission should mention affected user Backlog
Add date filter or slider to /usage_quotas Backlog
Feature proposal: Show the percentage of confirmed vulnerabilities and of false positives + evolution over time in dashboards Backlog
Vulnerability Report (excel) doesn't have a link back to the issue within the UI Backlog
Support a central Flux installation with application status information from the leaf clusters Backlog
Improve Merge Train messaging for when a Merge Request fails push rules. Backlog
Evaluate workflow to remove a child item in work items child items widget Backlog
Build a cloud configuration backend for Opentofu Backlog
Use Project Environments as DAST Site Targets Backlog
Admin Usage Trends should show monthly usage and average usage per month Backlog
Spike: Investigate License DB being unable to detect licenses for a set of Maven Packages Backlog
Gather unique monthly secondary site users for git operations when using unique secondary URLs Backlog
Regular DevSecOps sanity check and reporting Backlog
Add option to export/import CI job output logs Backlog
rye support for Dependency Scanning Backlog
Use pip installation report in Dependency Scanning Backlog
Display file path within container image of SBOM components found by container scanning Backlog
Add view all links to online/offline panels Backlog
Merge requests - assurance that code changes are reviewed by second authorized individual [group and project access token] Backlog
Update semver_dialects gem to support wildcard range Backlog
System hook should fire project_update event when push access levels changed Backlog
Add audit event for for Iterations Backlog
Empty state for the dashboard when there are no runners assigned to the group Backlog
Scheduled daily builds to update OS dependencies Backlog
Enable PUT to projects API for moved projects Backlog
Disable Password Authentication from gitlab.rb in addition to Admin Area Backlog
[Technical Breakdown] - Severity Filter Backlog
Backend: Allow administrator to restrict usage of 3rd party components Backlog
Remove numbers from active runners panel and rename title (admin and group views) Backlog
UX / Frontend: Link back to MR from Pipeline, Job, and Artifact pages in the same place Backlog
Support approving a scheduled pipeline with deployment jobs before the scheduled pipeline start Backlog
Feature: Create pipeline_api token scope Backlog
API to query the License DB Backlog
Design investigation: Batched merge trains Backlog
Add Package Metadata Compaction During Ingestion in GitLab Rails Backlog
Allow users to start and retry pipelines for protected tags they don't have access to Backlog
Group Membership Visual Indicator in nav_user_menu Backlog
Support SSH Git protocol for Security Secret Detection Scan Remote Rulesets Backlog
Add an end-to-end test that verified FIPS cryptographic settings Backlog
Follow-up: Move Security Report ingestion worker logic out of state machine transitions Backlog
Remove certifi dependency that violates GitLab license policy Backlog
Secrets Management in CI/CD Components Backlog
Group Access Token availability on GitLab.com SaaS is unclear (docs, settings) Backlog
Define and correct behavior for webhook pipeline events and manual jobs Backlog
New "targeted vulnerabilities" workflow Backlog
api call to update issues health_status Backlog
Move subgroups and projects pending deletion from 'Subgroups and projects' to 'Inactive' in group overview Backlog
Allow deletion of projects from group overview Backlog
Request: Ability to supply generic external secrets provider Backlog
Support unit testing for pipeline development Backlog
Expand User details included in Export as CSV Backlog
SPIKE: Scan all ingested advisories regardless of age Backlog
Prioritize advisory ingestion by severity Backlog
Expose Vulnerability Report last updated timestamp in the API Backlog
Provide a way to show projects where a group has "inherited" permissions to projects from being invited to another group, in the Groups API Backlog
Feature Request: Support dynamic variables/inputs for nested components within a component Backlog
Allow for vulnerability related Jira issues to be created in a different Jira project Backlog
Add comment to the Jira issue for a Vulnerability Dismissal Backlog
Add support for Red Hat advisory scans Backlog
Request direct access button for projects. Backlog
Allow adding actions for specific SAST scanner type in scan execution policy Backlog
Dynamically Managing Runner Resources at Scale Backlog
Allow the installation of the Slack APP in projects via the API Backlog
Allow filtering scan execution policies based on pipeline source type Backlog
Add project avatar during blank project creation Backlog
Add group avatar during group creation Backlog
Statement timeouts when updating vulnerability statistics during continuous vulnerability scans Backlog
WORM storage compatibility Backlog
Allow the configuration of Slack slash commands for the GitLab for Slack integration on GitLab SaaS Backlog
Provide AWS CodeDeploy with the package version number in deploy_to_ec2 Backlog
Suppress or Customize Vulnerability Identifiers at the group/subgroup level Backlog
Feature Request: Add notification for own merge Backlog
Geo: Improve chances of the first stage of the pipeline being accelerated by Geo secondary Backlog
Increase Rate Limit on User API Threshold to 1000 for SaaS customers Backlog
Dependencies list grouping: Add group-by dropdown to group-level dependencies app Backlog
Dependencies list grouping: Change from gitlab-ui table to list of expandable items Backlog
Dependencies list grouping: Change initial data fetch from current endpoint to new, group-by endpoint Backlog
Dependencies list grouping: Change UI to render top-level items Backlog
Dependencies list grouping: Add paginated table-view to render grouped items Backlog
Dependencies list grouping: Change sorting behaviour so it defaults to the selected group-by option Backlog
Dependencies list grouping: Sync query string for selected options and pages Backlog
Align container user's home directory value in /etc/passwd and HOME env variable Backlog
Support custom roles on protected branches Backlog
Include full Gitaly error message in the UI when repository import fails Backlog
Feature: permit administrators to revoke active user sessions directly and in bulk/en masse (UI and API) Backlog
Allow grouping deployment environments at the project level for monorepo Backlog
Restrict instance runner access enablement to top-level group owner only Backlog
Dependencies grouping - License: Sync query string for selected options and pages Backlog
Dependencies grouping - License: Change sorting behaviour so it defaults to "license" when grouped by license Backlog
Dependencies grouping - License: Add "license" option to group-by dropdown Backlog
Dependencies grouping - License: Add fetching logic Backlog
Dependencies grouping - Project: Add fetching logic Backlog
Dependencies grouping - Project: Add "project" option to group-by dropdown Backlog
Dependencies grouping - Project: Change sorting behaviour so it defaults to "project" when grouped by project Backlog
Dependencies grouping - Project: Sync query string for selected options and pages Backlog
gitlab:db:decomposition:connection_status Rake task doesn't include connection info after ci: database has been created Backlog
Allowlist for Use by Project Access Tokens Defined at the Organization Level Backlog
Selected policy dropdown does not populate without an id Backlog
Compare test coverage for a merge request by job names Backlog
Investigate requiring specific fixes to integrate with vulnerable code sample Backlog
Record Milestone author Backlog
Add customisable SAML failure messages when authentication fails Backlog
🤖 [Experiment] GitLab Duo Vulnerability Triage Backlog
PCI adherence checks Backlog
Reorganize social contacts in the user profile settings Backlog
Feedback from Operational container Scanning in the UI Backlog
Google chat integration: Thread Support for comments in Issues and Merge Requests Backlog
Add example AWS keys to allowlist for Secret Detection Backlog
Complete implementation of SCIM 2.0 per RFC7644 - ServiceProviderConfigs Backlog
GitLab unexpectedly reports pending obsolete elastic migrations Backlog
Move gemnasium-maven thunderbird integration test into a separate job Backlog
Allow Feed token to be empty (and default to empty) Backlog
Check CI log checksum before displaying in the UI Backlog
Expand support for AI-assisted Vulnerability Explain/Resolve to DAST & API Security weaknesses Backlog
Add filter for vulnerabilities with a fix available and the fixable since date in the Vulnerability Report Backlog
Geo: Skipping sudo -i when starting replication results in postgresql data directory to inherit the root owner instead gitlab-psql Backlog
Restrict container images used in pipelines to images on the specific registries Backlog
Deprecation: GITLAB_SHARED_RUNNERS_REGISTRATION_TOKEN Backlog
[Custom roles] Permission to add labels to MR Backlog
Merge train visualization: Add estimated time to merge Backlog
Enhancement - deployment approvals from Environments dashboard Backlog
Merge train visualization: Show removed MRs from the queue Backlog
Merge train visualization: Improve the warning for merge request removal to communicate impact Backlog
Distinguish between devDependencies and Dependencies in Vulnerability report Backlog
Allow using IAM roles to setup log streaming to s3 Backlog
Make Merge Train commit message customizable via API Backlog
Report asdf dependencies Backlog
Trend chart that displays the count of CI/CD jobs run in a GitLab instance over time Backlog
Generate SBOMs with framework type components Backlog
Add logic to account for vulnerabilities that don't have a fix Backlog
Allow service accounts to sign commits Backlog
Security Policies exclude or wildcards Backlog
Better error information for failed reports when processing coverage reports Backlog
Improve Protected Tag deletion error message Backlog
Geo: Improve repository acceleration performance for monorepos with high activity Backlog
Audit Events Streaming to GCS and AWS should be included in Outbound Request filtering Backlog
Feature Request: Provide a way for GitLab administrators to easily track feature flag changes across GitLab versions Backlog
Incorporate Application Context when running SAST scans Backlog
Globally change the default of unique pages domain feature and add a per-project API to toggle it Backlog
Report terraform modules in Dependency Scanning Backlog
Report base docker images in Dependency Scanning Backlog
Reword "Delete" to "Delete immediately" in groups/projects list contextual action Backlog
Introduce more ANSI formatting to CI job log parser Backlog
Restore a secret Backlog
Fleet Dashboard: Help widget Backlog
Feature Request: Support for SMTP Relay Without Authentication for Service Desk Backlog
Feature Request: Instance Level Configuration for SMTP Server in Service Desk Backlog
Abort pipeline when the security scan jobs find new vulnerabilities Backlog
Setting to completely disallow 2FA enrollment Backlog
Add 'Resolution' field in Vulnerability Report Export Details Backlog
Display velocity and volatility in the iteration cadence list Backlog
Migrate disabled proxy unit tests to runner tests Backlog
Add option to remove metrics in logs Backlog
Marking a group as 'pending deletion' should put all subgroups and projects into a read only state Backlog
Maximum allowable lifetime for access token - alternatives to revoking out-of-compliance tokens Backlog
Rename scan_result to approval policy in the FE Backlog
Add option to increase rules:exists file limit Backlog
Disable cloning of source code, file download or SSH/SCP with remote workspace Backlog
Abstract out save policy logic/flags Backlog
Scalable configuration for on-demand DAST scans Backlog
Add editable sign-in 'order' Backlog
Add fallback for to_yaml method Backlog
Feature Request: Enhance GitLab Service Desk with Direct Integration of Custom Email Addresses via Azure Graph Backlog
Include details about resolved MRs in bot comment resolutions Backlog
Allow Dependency Scanner to scan for and report vulnerabilities in CGO sources Backlog
Present job failure error on pipeline list view Backlog
SBOM Enhancements: Addressing Dismissed and Resolved Vulnerabilities Backlog
Provide ability to filter on Active vs Archived projects in the Group-level Vulnerability Report Backlog
Feature Request: Enhanced Project Deletion API with Cascading Image Repository Removal Backlog
Feature Request: Enhanced Filtering Capabilities for IaC Scan Results in the Security Dashboard and CI/CD Security Tab Backlog
CI/CD Component Badges for SM customers Backlog
Add configurable character limit for Service Desk subaddressing Backlog
Feature Request: Enhance Container Registry Cleanup with "In-Use" Image Detection Backlog
MVC: Use Stars on Source Repository as Component "Stars" Backlog
Roll out analytics_share_as_image feature flag Backlog
Add download image action to dashboard panels Backlog
Add "Share image with URL" action to dashboard panels Backlog
Add the ability to mark a visualization as confidential to disable sharing Backlog
Create audit event when a visualisation is shared Backlog
Add analytics_share_as_image feature flag Backlog
POC - GitHub integration with GitLab CI without mirroring Backlog
Provide API endpoint for Pages with Access Control enabled Backlog
Provide example projects for supported Dependency Scanning targets Backlog
Show a deployment's merge requests in the Deployments page Backlog
Separate deployment comments from approval/rejection actions Backlog
Import Vulnerability Disclosure Reports from other platforms Backlog
Improve experience when MR is pending pipeline status Backlog
Inventory of container images used in CI/CD pipelines and components, incl security scan and compliance reports Backlog
Display success message if secret push protection found no secrets Backlog
Expose SAML session expiry time in the GUI Backlog
Create to-dos when someone comments on an issue you watch Backlog
Support wiki_access_level filter in Projects API Backlog
Support additional action type for Merge request approval policies Backlog
Add instrumentation for resource group usage Backlog
Indicate group transfer is still running Backlog
Test potential latency gains from distributing KAS across multiple regions Backlog
Root Cause Analysis: Provide .gitlab.ci.yaml as additional context Backlog
Allow users to provide feedback on the response generated from the RCA feature Backlog
Support YAML anchors/aliases when configuring security via MR Backlog
Resolve Merge Request Approval Policy violation comment when approved Backlog
Implement Audit Mechanism and Distributed Tracing for Message Flow in Package Metadata DM Backlog
Gitlab Advanced SAST | Implement guidelines for Sec projects Backlog
Allow users to customize the prompt sent for root cause analysis Backlog
Ability to create pipeline when pipeline configuration is external and user who created the pipeline doesn't have access to the external project Backlog
Increase CI/CD YAML Global 'Retry' Keyword Default Options from (0,1,2) to (0,1,2,3,4,5) Backlog
FIPS build broken on RHEL9 host platforms Backlog
Define a resource group for a pipeline Backlog
External CI Jobs - POC Backlog
Filter schedule rule type Scan Execution Policies Backlog
Users API doesn't support inherited or shared memberships Backlog
Ability to disable GraphQL Explorer endpoint Backlog
Ability to disable GraphQL introspection Backlog
Feature Proposal: Expose package metadata to Dependency and Container Scanning users Backlog
Feature Proposal: Contextual Patching for Dependency Scanning Backlog
UX Design - API Inventory Backlog
Allow gemnasium-python to report setuptools and pip direct dependencies Backlog
Provide an option when to notify the CI components version update Backlog
Re-evaluate reachability of vulnerabilities after they have been dismissed Backlog
Track the number of deployments rendered for the Tree view Backlog
Render a branch with replicaSets and pods for each deployment Backlog
Track user click on a deployment to view the branch Backlog
Implement reconnect to stream for the tree view Backlog
Document Kubernetes tree view Backlog
JIRA integration API improvements Backlog
Create to-dos for newly-mentioned users in edited notes Backlog
Add Test Coverage Visualization validation Backlog
Improve definition of unknown licenses Backlog
Provide settings enforcement (via default compliance frameworks + linked policies) as part of project templates Backlog
Dynamically set parallelization values in Gemnasium pipelines Backlog
Add support for members API to be fetched by created_at Backlog
Vulnerability Explanation - Product data usage Backlog
Vulnerability Management Integration with Jira - Allow Population of Custom Fields Backlog
Implement compiler with passive check support Backlog
Implement MatchResponseAssertion Backlog
Add match_response_attack support to compiler Backlog
Add timing_attack support to compiler Backlog
Support Direct membership for Group Sync with same role Backlog
Set "gradlew –debug" when SECURE_LOG_LEVEL is set Backlog
Present an option to retry jobs in a merge train pipeline while its still running Backlog
Enhance API Consistency and Flexibility Backlog
Create Dynamic Jobs Using Different Secrets Where You Can Refer To Specific Vault-Paths. Backlog
Feature Proposal: Composition Analysis composite health score for dependencies Backlog
Support input scenario for Pipeline Editor validation Backlog
Advertisement for "Security Training" shown although third-party offers are disabled Backlog
Lightz | Bug in resolving .get() - Python Django View Backlog
Provide an "out of the box" "Security Auditor" or "App Sec Admin Role" Backlog
Full-text search for notifications Backlog
Provide a "pipeline performance profiler" or "heat map" to show where jobs are consuming the most CI minutes Backlog
Feature proposal: Container Scanning support for Kaniko tar files Backlog
feature proposal: Jira issues visible from the group level Backlog
Group Sync: Provide alert when last group link is removed from subgroup Backlog
Add ability to disable code completion and just have code suggestions Backlog
Access Control to Models without relying on GitLab Hierarchy Backlog
Support exit codes in Security Policies Backlog
Discussion on use of Release posts for bug notification Backlog
Allow Jira issue integration to customize required fields. Backlog
Add export mechanism for Gitlab data for use in external systems (like SIEMs) Backlog
Provide a time-limited waiver for defect findings in the Merge Request for which an exception is provided Backlog
Scan DAST's Public Release Container Images Backlog
Geo: Re-introduce the Redownload behaviour as a fallback to recover from repeated failed clone/fetch sync requests Backlog
Create security policy linting in the Web/Extension IDE Backlog
Filter out invalid components early in SBOM ingestion Backlog
Allow group owners to modify names and usernames of Enterprise Users Backlog
Update sort function in report package to also sort by name field Backlog
Correctly compare wildcard segments before end of version string Backlog
Provide ability to use the UI-based Scan Execution Policy builder to create a Container Scanning policy that only applies to Projects containing a Dockerfile Backlog
Capability to set a maximum limit of the combined artifacts size of projects in a group Backlog
Support historical value of schedule pipeline variables Backlog
Enable delay before modifying protected env, approvers, owners or deployers Backlog
Filter Fleet dashboard metrics by runner tags for Groups [capstone issue] Backlog
Enhance Vulnerability Report for archived projects Backlog
CI/CD component to update a git repository Backlog
Configure Profile Visibility to Require Authentication on Self-Hosted GitLab Instances Backlog
Allow administrators to monitor the status of the Continuous Vulnerability Scanning feature Backlog
Add git operations Audit event to saved to database Backlog
Return Pipeline ID where Vulnerability was detected in GraphQL API Response Backlog
Supports closed set of extensions in the WebIDE Backlog
Establish and Implement Versioning Strategy for PM (License DB) Projects Backlog
Filter vulnerabilities by group Backlog
Clarify when kics scanner cannot scan Helm chart templates Backlog
Add vulnerabilities to CDX SBOM export Backlog
Provide Code Quality reports at the group level Backlog
Report parsing security reports failures Backlog
Monitoring for Security Scan Jobs and Results. Backlog
Create a dedicated GitLab service account for every agent Backlog
Address technical debt around build scripts Backlog
Configure license approval rules with regex or wildcard pattern Backlog
LDAP group sync does not throw error for users with no LDAP identities Backlog
Feature Request - static URLs for assets Backlog
Syntax highlighting theme that follows system preference for dark mode Backlog
Prefill variables based on conditions Backlog
Feature Request: Support for Scanning Windows Containers with GitLab Container Scanning Backlog
Add "read" state for notifications Backlog
Add "Ability to change MR Template" as a customizable permission Backlog
Proposed changes to the definition format Backlog
Feature Request: Integration of Virtual Machine Scanning in GitLab Backlog
Show the timestamp when a vulnerability became no longer detected Backlog
Vulnerability Explanation: Add Create MR button Backlog
Add "Ability to remove a fork relationship on a project" as a customizable permission Backlog
Unable to filter group level vulnerability report by specific dismissal reasons Backlog
Create follow-up task from notification Backlog
Allow non-member groups to be configured in deployment approvals Backlog
Jira Issue Integration - Create Jira Issue and Add Values to Custom Jira Fields from Vulnerability Backlog
Workhorse returns 200 when Get file archive api call fails Backlog
Make Automated Token Reuse detection optional Backlog
[Post-GA] Display count of SPP blocked secrets in UI Backlog
Add SPP to security upgrade banner Backlog
Consolidate methods and constants from policy drawer and policy editor Backlog
Standardized format for expires_at field between deploy tokens and access tokens Backlog
Implement a SAST_INCLUDED_PATH variable Backlog
Upon deactivation of current token, activate a new token after the first usage Backlog
Visualization designer - Move create with GitLab Duo to the filtered search input Backlog
Visualization designer - Ask for filename when saving Backlog
Audit event when accessing Terraform states Backlog
API Security: Add metrics to security report Backlog
[Geo] Track the repository sync delay Backlog
Allow customizable expiration interval for tokens, greater than 365 days Backlog
Dependency path support for language dependency vulnerabilities found by container-scanning Backlog
Enable 'Report Abuse' button on Snippets Backlog
Remove graphql fields merge_trains_index and count from merge requests Backlog
Add "Ability to Reclaim Scheduled Pipeline" as a customizable permission Backlog
Show "first seen, last seen, and resolved" Dates in the Vulnerability Report Backlog
"No Longer Detected" Field Available Through Jira API Backlog
Deprecate 'Mutation.ciJobTokenScopeAddProject' API Backlog
Allow Pipeline Notification emails to be sent to custom email Backlog
Notify the agent owners that their agent is outdated Backlog
Top-level view of agents Backlog
New audit event on the first connection of an agent with a new version - backend work Backlog
Allow setting an owner for the agents Backlog
Skip false positive dependency scanning advisories Backlog
Secondary email confirmation sent when skip_confirmation is false Backlog
Allow more granularity for the "Keep artifacts from most recent successful jobs" setting Backlog
Filter deployment jobs for jobs waiting for approval Backlog
Invoke previous prompts in Duo Chat Backlog
Remove the requirement for SBOM report to comply with the GitLab CycloneDX taxonomy Backlog
Auto-resolve vulnerabilities with source advisories marked as false positives Backlog
Expose the Helm managed resource list for the frontend without giving access to the underlying secret Backlog
Support CycloneDX spec version 1.5 and 1.6 when exporting SBOM Backlog
DAST/Browserker: Improve logging statistics Backlog
Merge request variables Backlog
Discussion: Elimination of custom-rulesets Backlog
Create an .duoignore file to ignore some files when sending context to AI LLM Backlog
Capability of setting 'Pipeline must succeed' to specific branches only Backlog
Proposal to Customize DAST with Interactive Pre-Scan Workflows Backlog
API to allow anyone to pull from package registry Backlog
Add support for approving the remaining pipeline, not just a single job Backlog
Provide a way to identify Continues scanning was executed on a project. Backlog
Allow A Component To Be Configured With "Minimum Licensed Tier" Backlog
Allow shortening of GitLab generated service desk email address Backlog
Update parser functions to directly return a dependency graph Backlog
Evaluate fallback plan for Vulnerability Explanation Backlog
Evaluate fallback plan for Vulnerability Resolution Backlog
Reduce permissions required to export an SBOM Backlog
Add the ability in the UI to export a list of all projects in a group and its subgroups to a csv Backlog
Native OSCAL support Backlog
deduplication of vulnerabilities if multiple scanners (of the same type) are in use Backlog
Improve container scanning to include other potential vulnerabilities Backlog
Support GitLab <> GCP Workload Identity Federation Integration on Self Managed Backlog
Support different SBOMs types Backlog
In Scan Execution Policies, Semgrep also scans languages covered by Advanced SAST Backlog
Gitlab Email Notifications When Storage Size Exceeds a Threshold Backlog
Add email notification setting changes to audit events Backlog
Add pipeline status email changes to audit events Backlog
Apply better authentication mechanisms (OIDC) to audit streaming between cloud providers and GitLab Backlog
Add possibility to configure event_name in the System hook Backlog
Expose Dependency version age as package metadata Backlog
Feedback issue - Display of Vulnerability Counts in the Vulnerability Report Page for Large Datasets Backlog
Confusion around Cleanup policies for Container Registry Backlog
Add a Resource Group process_mode that functions similar to oldest_first but sorts by job_id instead of pipeline_id Backlog
Additional Field for Business criticality Backlog
Better handling of Rate Limited LDAP Servers Backlog
Support group archiving and unarchiving in settings Backlog
Add archived groups to 'Inactive' tab in Your Work Backlog
Alert for archived groups and their content Backlog
Add archived groups to 'Inactive' tab in group overview Backlog
Select Runner tags for DAST on demand site profile validation Backlog
Allow keeping empty commits when deleting blobs Backlog
Persistent volumes for workspaces Backlog
New audit event on the first connection of an agent with a new version Backlog
Security scan for post-build packages Backlog
Add A cancel button to stop execution of the policy jobs Backlog
Deep Link into Project and Group Settings Backlog
Increase sensitivity of container scanning results deduplication to capture the same vulnerability from multiple locations in the same container Backlog
LDAP connection should be renewed when an empty result is received Backlog
Expose the commit information (author, hash, etc) in the Vulnerabilities API/GraphQL Backlog
Deprecate non-nullable target field on Todo in favor of nullable target_entity Backlog
Human readable job console output Backlog
Handling of default enforced variables for pipeline execution policies Backlog
PHASE 2 - Update "To confirm the vulnerability is fixed" documentation to include VR in the MR Backlog
Make deployment approvals affect jobs in downstream pipeline when the deploy job triggers a downstream pipeline Backlog
Show projects in the Shared Project tab when a group has "inherited" permissions to projects from being invited to another group Backlog
DAST - CWE replacements Backlog
Refactor editor_layout's isRemoving/isEditinging/isUpdating flags Backlog
AI Support Tool Feedback Backlog
Bulk Vulnerability Resolution Backlog
Add the ability to set a project's external_webhook_token using the API Backlog
GraphQL access for badge retrieval Backlog
Support Using nodeSelector to Select Nodes for New Workspaces Backlog
Grant Developers (and GitLab Admins) The Ability to Trigger/Retry Pipelines on Protected Tags For Pipelines Triggered by Tag Creation Backlog
Provide Quick Navigation from Access Token to Bot User Backlog
Setting to allow sub-group owners to create Service Accounts on Self-Managed Backlog
Allow users to disable "Member added" notifications Backlog
Feature Request: Display Vulnerability Scan Results on Release Page Backlog
Prevent the changing of a group's/project's path from affecting pipeline execution policies with paths in them Backlog
Add markdown support to deployment approval comments Backlog
License compliance merge request widget incorrectly lists approved licenses as denied Backlog
Allow user to change Default Filters for Vulnerability Report Backlog
Allow disabling the local access when user_access is configured with the agent for Kubernetes Backlog
DAST/Browserker: User input values not being filled during authentication Backlog
Display runner created by and runner creation date within API Backlog
Identify the use of licensed JDK through GitLab's composition analysis Backlog
Inline $ref's prior to processing the OpenAPI documents Backlog
Security Bot Enhancement - Notify Severity Changes for Existing Vulnerabilities Backlog
Improving UX for group-level IP Filtering Backlog
[Spike] How to retrieve the CS_IGNORE_STATUSES env var value to the rails platform Backlog
Further customization of the "Keep latest artifacts" setting Backlog
Make allow_anonymous_searches feature flag available in Admin UI Backlog
Adjust CVS for CS logic to conform with the value of CS_IGNORE_STATUSES Backlog
Report FluxCD usage under agent management page and API Backlog
Add metrics-server data to Kubernetes resource details view Backlog
Support AKS Workload Identity with Azure Key Vault secrets in a CI/CD job Backlog
Enhance MR approval policy to look at if issues have been created Backlog
Adoption Metrics on the Security Dashboard Backlog
Capture advisory-processor errors using integrated error tracking Backlog
Capture license-feeder errors using integrated error tracking Backlog
Capture license-interfacer errors using integrated error tracking Backlog
Capture license-processor errors using integrated error tracking Backlog
Capture license-exporter errors using integrated error tracking Backlog
GitLab for Slack notification: Include pipeline creation failure Backlog
Vulnerability Report Results Grouping Backlog
Spike: Verify and implement enforcing policies despite disabled GitLab CI Backlog
Show the previous (successful) deployment job on the deployment details page Backlog
DRY-ing up the logic around ai_resolution_available? and ai_resolution_enabled? Backlog
Feature Request: Custom HTTP Response Codes for Token Access Permissions in Self-Managed GitLab Backlog
Improve performance of runner tag search query Backlog
Sync the advisory vendor status from Trivy-DB into PMDB Backlog
Export the advisory vendor status from PMDB Backlog
Store vendor status property in the rails PackageMedatata::* models when syncing with PMDB Backlog
Show sum of issue weights when group by epic in Issue Board Backlog
Fire an audit even when the agent configuration file changes Backlog
Add "token just expired" email notification for Group and Project tokens on expiration Day Backlog
Update or create graphs in Tableau to track CVS failures Backlog
Create top level view of shared groups. Backlog
Support automatic user deletion after removal from Identity Provider Backlog
GLAS cannot understand the taint flow propagating from sources to Go-lang functions which are called through an implicit receiver Backlog
DAST add dynamic secrets check Backlog
Tasks aren't automatically moved to the next iteration Backlog
Retrieve CI/CD component metadata from the pipeline Backlog
Disable Quick Actions via Email on SaaS Backlog
Add container scanning test to catch Trivy Java DB regressions Backlog
Option to Exempt Specified Repos from an Approval Policy Backlog
Add "reason" to self-revocation API Backlog
Checkmarx to GitLab Vulnerability Management Migration Tool Backlog
Green Checkmark functionality on DevOps Adoption Report Backlog
Hide Integrations from sidenav when no integrations have been allowed Backlog
Allow group owners to allow-list integrations Backlog
Add note to top of integrations settings pages if some integrations are not available Backlog
Modal warning when integrations of that type are active and are being disabled by admin Backlog
Add configuration options to disable SBOM based features (CVS) Backlog
Warn users in the UI about the deprecation of Dependency Scanning build support and Gemnasium analyzer Backlog
Update Dependency Scanning CI/CD templates (stable and latest) to stop uploading a DS report artifact Backlog
Improved support for GCP Secret Manager secrets in monorepos on GitLab for improved security and access control Backlog
Add support for git tags in Scan Execution Policies Backlog
GitLab Runner config.toml editor Backlog
Automatically remove users that are not part of the LDAP group on the subgroups when "Lock memberships to LDAP synchronization" is configured Backlog
Consolidate apollo requests Backlog
Move action logic from policy_editor/scan_result/editor_component.vue into policy_editor/scan_result/action/action_section.vue Backlog
GitLab CI Insights - Add Flaky Tests visualization to the CI Analytics view a the project level Backlog
Add "gitlab:packages:migrate_to_local" rake task Backlog
Create a GraphQL query for contributed groups Backlog
Browser-based DAST analyzer should dump its config to an artifact file Backlog
Replace instances of renderMultiSelectText with getSelectedOptionsText Backlog
Move alert locally for failed API request for groups Backlog
KAS Receptive agents internal endpoint queries add noise to logs Backlog
Skip unsupported purl type when doing License Scanning Backlog
Add variable to control delay for DAST_AUTH_SUCCESS_IF_ELEMENT_FOUND Backlog
Evaluate tag list as an OR instead of an AND Backlog
Add Detected At Date to Pipeline Security Listing Tab Backlog
Support finding breaking change usage of environment.action prepare and verify Backlog
Safe, dependency aware merge train car re-ordering Backlog
Reorganize policy limit constants Backlog
Ask approval for MR that fix issues with specific labels Backlog
Enforce policy limits when policies are created in yaml mode Backlog
GitLab Model Registry GA Feedback Issue Backlog
Improving the Geo UI when object storage is configured with 3rd party replication or with the same buckets on primary and secondary Backlog
Credentials Inventory Should Indicate Group Membership Status for Listed Users Backlog
Create new Kubernetes resource through UI form based on the OpenAPI spec of the resource kind Backlog
Clean up the Infrastructure as Code documentation to user Opentofu instead of Terraform Backlog
Add a runner_chargeback_rate field to the runners data model Backlog
Enhance License Compliance: Highlight and Resolve Conflicting Licenses in Transitive Dependencies Backlog
Re-structure and accordingly extend the Kubernetes integration documentation Backlog
Restrict Role access in Forked Projects to Prevent License Exhaustion Backlog
Removal of gl-dependency-scanning-report.json as an artifact in the Jobs/Container-Scanning.gitlab-ci.yml template Backlog
Select the agent context given in environment.kubernetes.agent in CI Backlog
Helper text for pipeline execution policy configuration Backlog
Display link to Jira from vulnerability Dashboard Backlog
Add support for defining an expiration to license approval policy exceptions Backlog
Block creation of groups whose paths have recently been changed Backlog
SAST Semgrep support for Typescript 4.9 "Satisfies" operator Backlog
Instrument agent for Kubernetes ci_access impersonation Backlog
Support multiple namespaces on a single dashboard Backlog
Add components with empty list of dependencies to analyzer sbom Backlog
Support Direct SAML attribute syncing on Dedicated Backlog
Allow CI/CD job token to access Jobs and Pipelines API Backlog
Retain approval history for successful deployments after rules have changed Backlog
DIsplay next schedule pipeline in the project for security policy Backlog
Add template support - Rails Backlog
Docs: Document migration from GitLab-managed cluster to GitLab-managed Kubernetes resources Backlog
Make enforced [approval_settings] in MR approval rule policies configurable so that specific users can bypass Backlog
Spike: Investigate how to add and iterate on the dependency firewall Backlog
Auto configure the K8s dashboard based on the stored, rendered template Backlog
Spike: verify that Container Scanning uses CVSS score from NVD Backlog
If an existing policy is invalid, the user is prevented from creating a new policy Backlog
Ability to configure the imagePullPolicy of the init container image (alpine/git) of the workspace pod Backlog
Add support for 100+ custom roles Backlog
Add support to remove resource on environment deletion, instead of stop Backlog
Add support to apply resources on environment creation, instead of (re)start Backlog
List the related deployments on the releases list page Backlog
Geo: Replication slots to turn red when it's less than 100% Backlog
Add option to create a template in the create wiki flow Backlog
Semgrep (Kotlin) Detect SharedPreferences declaration with world-readable flag Backlog
Record a video of the migration of a project to the new SBOM based DS Backlog
Cache a Chromium version every month Backlog
Add since and before/until to GET /users/:user_id/contributed_projects Backlog
Run SAST on Spring properties and yaml files Backlog
Replace example questions in Duo Chat with something like "What questions can I ask?" to improve discovery of relevant capabilities Backlog
Add more options for customizing JWT sub claim Backlog
Merge request approval policies can be merged without rules Backlog
Require associated Jira issue for merge requests to be merged at group level or using policies Backlog
Add more intuitive message for disabled password authentication Backlog
Runner Usage Query Enhancement: Query by Runner ID Backlog
Improve runtime of ee/spec/frontend/security_orchestration/components/policy_editor/branch_selector_spec.js, BranchSelector initial state for regular branches selects branches Backlog
Improve runtime of ee/spec/frontend/security_orchestration/utils_spec.js, decomposeApprovers with mixed approvers returns a copy of the input values with their proper type attribute Backlog
Improve runtime of ee/spec/frontend/security_orchestration/components/policies/app_spec.js, App loading renders the policies list correctly when vulnerabilityManagementPolicyType is true Backlog
Improve runtime of ee/spec/frontend/security_orchestration/components/policy_editor/scan_result/action/group_select_spec.js, GroupSelect component default filters groups when search is performed in listbox Backlog
Improve runtime of ee/spec/frontend/security_orchestration/components/policies/list_component_spec.js, List component initial state with data policy in row #1 renders Scheduled Dast/SAST scan-project in the name cell Backlog
Improve runtime of ee/spec/frontend/security_orchestration/components/policy_editor/scan_result/settings/setting_popover_spec.js, ` SettingPopover default does not display by default` Backlog
Improve runtime of ee/spec/frontend/security_orchestration/components/policy_editor/scan_execution/lib/from_yaml_spec.js, fromYaml returns the policy object for a valid template value Backlog
when SQL is provided for customers to run, provide it as a file Backlog
Nginx-ingress will be superseded by InGate Backlog
Filter out a group and its subgroups/projects in advanced search Backlog
Display an error message if the rollback of an environment fails Backlog
Provide pipeline status and context in security bot comment Backlog
Security policy enforcement across multiple top-level groups Backlog
Project webhook for expiring deploy token notifications Backlog
Group webhook for expiring deploy token notifications Backlog
Send an e-mail notification to group owners for expiring deploy tokens Backlog
Send an e-mail notification to project owners for expiring deploy tokens Backlog
Allowlist for service accounts Backlog
c-conan Backlog
Support token search by creating user Backlog
Replace cron job CreateOrchestrationPolicyWorker with a PostReceive hook to catch direct updates to policy.yml Backlog
IDE Security Scanning Plugin Backlog
Update policies table header styling Backlog
Prevent linking policy projects that are already marked for deletion Backlog
[backend] Support more branch_types Backlog
Get "group memberships" info with the enterprise users API Backlog
Allow multiple configuration for omniauth providers Backlog
When a job with environment.action: validate fails, mark the related environment as failed Backlog
Update the SQL Injection check tests using the DAST CWE specifications Backlog
Add ability to add secondary email address to Service Account on GitLab.com Backlog
Docs: update the Dependency Scanning tutorial to favor the new SBOM based approach Backlog
Show latest pipeline on Compliance Adherence checks for SAST and DAST Backlog
[Feature flag] Cleanup of group_vulnerability_scanners_using_statistics Backlog
Add link to policy in security policy bot message Backlog
Create a unified tool to generate GitLab secrets Backlog
OpenID Connect: Add support for signed JWT responses from the UserInfo endpoint Backlog
PEP reserved stage validation Backlog
Support setting unsafe Chromium headers via DAST_REQUEST_HEADERS Backlog
Filter vulnerabilities by default branch in GraphQL Backlog
Geo Replicables List: Add ability to sort replicables in UI Backlog
Geo Replicables List: Expose Verification states in UI Backlog
Geo Replicables List: Add ability to filter by verification state in UI Backlog
Geo Replicables List: Add ability to find a record by ID in UI Backlog
Show source in the 'Pending invitations' tab in the project Backlog
Add –gitleaks-ignore-path so that it will use the same path as source Backlog
Allow ignoring of fixed vulnerabilities in Merge Requests Backlog
Fix remove icon not appearing next to the approver dropdown on smaller screens Backlog
Consider scoping vulnerabilities by report type in MarkAsResolvedService for all usages Backlog
Update warn mode to also include Project Settings Override in policies Backlog
Expand capabilities of Accessibility testing CI/CD feature Backlog
Create a Burndown/Burnup Dashboard View Backlog
Docs: Refactor Dependency Scanning documentation to support multiple workflows Backlog
Remove delegations from ExecutionPolicies::PipelineContext Backlog
Add error message for cyclic dependencies in pipeline execution policies Backlog
Feature Request: Native Git Client Version Control for GitLab Admins Backlog
Simplify alert validation logic and use it with other validation logic Backlog
Add integration test for all supported file extensions to GitLab Advanced SAST Backlog
geo:check should verify that the node has Unique Internal URL when unified URL feature is enabled Backlog
Dependency and vulnerability lists should link to file evidence in the repo Backlog
Aggregate project CI/CD analytics panel for groups Backlog
Add Ultimate Tier DPoP Enforcement Policy Feature Backlog
Prevent Service Account from Locking Backlog
Add "Read Security Policies" as a permission for custom roles Backlog
Telemetry - track validity checks usage Backlog
Allow filtering resource access tokens by resource type and ID in credentials API Backlog
Allow GitLab administrators to view all details of a specific scheduled pipeline without taking ownership Backlog
Geo Replicables: Improve Bulk Actions Experience in UI Backlog
Geo Replicables: Explain technical details of bulk actions in docs Backlog
Parse native Gradle dependencies.lock files generated by gradle dependencies --write-locks Backlog
Allow any project in a user's namespace to be a user profile readme project Backlog
Org Mover: Double check for dropped create or delete events prior to cutover Backlog
Add admin controls to restrict public SSH key visibility for enhanced security Backlog
Geo: Add relevant links to the Single Replicable view Backlog
Allow merge request policies to have a block merge action Backlog
Add ability to change commit and public email address via API for service accounts Backlog
Add ability to set private_profile for Service Accounts via the API Backlog
Display code quality widget in project quality dashboard when no valid pipeline is detected Backlog
Filter vulnerabilities by validity status Backlog
Update CycloneDX report ingestion to track feature usage Backlog
Improve policy violation description on merge request overview Backlog
Add support for .gitignore style files as a source of excluded paths Backlog
Ability to not create a pipeline by scan execution policies if project doesn't have CI/CD configured Backlog
Make it easier to understand how to write SAST/secrets override rules Backlog
Geo: Unblock the updating of site status even if some metrics are slow to collect Backlog
Deprecation of registry.database.{enabled, name, user, host, port, password} configuration in GitLab Chart Backlog
Add runtime and infrastructure level metrics to Security report Backlog
Add auth steps configuration variables Backlog
Create minimal auth steps engine module Backlog
Integrate auth steps engine with auth flow Backlog
Add navigateUrl to auth steps engine Backlog
Add auth steps actions to engine Backlog
Enable external users to access internal-visibility GitLab Pages deployments without direct invitations Backlog
Update authentication report to support auth steps Backlog
Create example projects for SSO provides Backlog
Add end-to-end tests for SSO providers Backlog
Vulnerability Explanation in the Security finding widget in the MR workflow Backlog
Group Level Repository Analytics of Programming Languages Usage Backlog
Show "New policy" button with explanatory tooltip when user lacks permissions Backlog
Add Possibility to Restrict allowed SSH key technologies for GitLab.com Backlog
Show list of selectors in auth report Backlog
Ability to show unique dependencies on the Dependency list page Backlog
Add active parameter in Group::ChildrenController Backlog
Add EPSS Percentile information Backlog
Add aimed_for_deletion parameter to GroupsFinder Backlog
Refactoring of tests for UpdateApprovalsService and rename it to SyncScanFindingRulesService Backlog
Allow users to delete title history on Issues Backlog
Generated report asserts have incorrect URI scheme when HTTPS is used Backlog
Provide REST API endpoint to list pipeline schedule variables Backlog
Allow Download of Release Evidence Files using Personal Access Tokens Backlog
Centralized Security Alert Management for customers Backlog
AI Power Web Development Platform for GitLab Pages Backlog
Improve review workflow: Enable Policy Editor for in-progress MRs Backlog
Allow customization of scan execution policy stage insertion Backlog
Allow admin to revoke User Support Pin Backlog
Create loading bar on policy list for Security Policy enforcement Backlog
Spike: Improve security policy pages accessibility Backlog
Follow-up from "Draft: Limit scan execution policy rule schedules per policy" Backlog
Current issue / work item context unavailable to Duo Chat in the GitLab UI Backlog
clangsa-sast: implement build logic Backlog
clangsa-sast: update user facing documentation Backlog
clangsa-sast: add metrics to estimate analysis complexity Backlog
Allow Pipeline Usage Quota page to filter on a weekly basis Backlog
Investigate unexpected overhead when scanning HTML files with GitLab Advanced SAST Backlog
Display all image tags in the available space in the package registry view Backlog
SAST - Add support for a base directory or include directory Backlog
Follow-up from "Geo Replication List: Shared Bulk Actions Component" Backlog
Add Button to Refresh Validity Token Status on Vulnerability Finding Page Backlog
Add Validity Check button to the vulnerability finding MR Security modal Backlog
Deprecate duo_pro:bulk_user_assignment Rake Task Backlog
Deduplication for leaked secrets in job artifacts Backlog
Vulnerability schema for leaked job artifacts Backlog
Retention policy for job artifacts Backlog
How to make API Security image upgrades non-breaking Backlog
Allow for json_schemas/security_orchestration_policy.json to reference other files Backlog
Send enterprise user welcome email to only active users in the group Backlog
Enhance Dependency Paths Retrieval in GraphQL API Backlog
External Status Checks: Include Custom Description for Context Backlog
Cascade Dependency Proxy Dockerhub Authentication Settings Backlog
Geo Replicables List: Add ability to store pagination in URL Backlog
Improve GitLab Pages Administration Experience Backlog
Read Pipeline execution policies from database instead of Gitaly Backlog
Feature Request: Direct Vulnerability Report Links in Security Bot Notifications Backlog
prevent_pushing_and_force_pushing should reflect in branch rule UI Backlog
Ability to display maximum value from multiple jobs with coverage reporting Backlog
Ability for coverage reporting to automatically parse coverage statistics from coverage artifact Backlog
Add immediate trigger of pipeline execution schedule policy Backlog
Expose refresh token API endpoint Backlog
Frontend - Refresh Token Status button Backlog
Admin Mode - Justification Field for Audit Compliance Backlog
Reflect filters of the Dependency list in the URL Backlog
Geo Primary Verification List: Init Vue App Backlog
Geo Shared UI: Migrate Replicables List view to geo_shared Backlog
Geo Primary Verification List: Hookup geo_shared list view components to UI Backlog
Geo Primary Verification List: Hookup filters to UI Backlog
Geo Primary Verification List: Hookup API to UI Backlog
Geo Primary Verification List: Hookup actions to UI Backlog
Allow Setting readme_url for Groups via API, Supporting External Git Repository References Backlog
Geo Primary Verification Details: Init Vue App Backlog
Geo Shared UI: Migrate Replicables Details view to geo_shared Backlog
Geo Primary Verification Details: Hookup geo_shared details view components to UI Backlog
Geo Primary Verification Details: Hookup API to UI Backlog
Geo Primary Verification Details: Hookup actions to UI Backlog
Add pgaudit extension to packaged database for omnibus installs Backlog
Add global tolerations in charts for all GitLab components Backlog
500s errors persist with LDAP removed but minimal configuration remains in chart values Backlog
Resource usage reports once jobs complete Backlog
Native GitLab Runner on IBM z/OS (Shell Executor only) Backlog
Detect build directory permissions before starting GitLab Runner Backlog
Add debug functionality to a runner worker pod on Kubernetes Backlog