Developerʼs Journey

an Introduction to GitLab
 2

Business Developers Security Operations

The One
DevOps Platform
One user interface

for software innovation

○ Project planning Plan Create Package Release Monitor

○ Source code management

○ Continuous integration
○ Infrastructure configuration Manage Verify Secure Configure Protect
○ Incident monitoring
○ Application security
○ And so much more...
Unified data model

Contact GitLab
Organizing the work

GitLab Groups provide capabilities for assembling

Group
related projects together and grant members
access to several projects at once.

The Group provides a layer for strategic planning,

governance, and management.

Sub Groups are nested, child Groups for additional

Sub Group
levels of organization.

Projects are where teams collaborate, plan work,

Project
write code, and deliver applications.
Defining the work

Epics provide grouping of Epics and Epic (Capability)

Issues.

Issue (Non-Functional)

Issue (Acceptance)

Sub Epics represent smaller pieces

Sub Epic (Feature)
of a larger Epic, larger than an Issue.

Issues describe small, discrete Issue (User Story)

pieces of work.
Issue (User Story)

Issue (User Story)

Doing the work

The Git Repository is the foundation of a GitLab

Project.

Merge Requests are project assets to visualize and

collaborate on proposed changes to source code
on a Git branch.

CI/CD Pipelines describe code build and test jobs

and stages for a Merge Request.

Code Reviews are discussion threads on Merge

Requests where developer peers review and
comment on changes to the code.
Project
Approvals are explicit acceptance events,
recorded in the Merge Request, signaling sign-off
on associated code changes.
GitLab Recommended Process

Manage Plan Create Verify Package Secure Release Configure Monitor Protect

Epics

Review App
Milestones
Push Fixes

Issues Push Code Approval

Automated Collaboration
Create Merge Scan
Build / Test & Review
Request

Assign Issue Merge Release Deploy

Accepted
GitLab Workflow Components

GitLab Function Also known

Component as...

Project The core building block where work is organized, managed, tracked and delivered to help the team to Repository
collaborate and plan work in the form of issues.

Group A collection of projects and subgroups. They are like folders. Project

Issue An issue is part of a project. It is the fundamental planning object where the team documents the use Story,
case in the description, discusses the approach, estimates the size/effort (issue weight), tracks actual Narrative
time/effort, assigns work, and tracks progress.

Epic A collection of related issues across different groups and projects to help organize by theme

Merge The linkage between the issue and the actual code changes. Captures the design, implementation Pull Request
Request details (code changes), discussions (code reviews), approvals, testing (CI Pipeline), and security scans.

Label Used to tag and track work for a project or group and associate issues with different initiatives

Board A visual listing of projects and issues useful for teams to manage their backlog of work, prioritize items,
and move issues to the team or specific stage in the project.

Milestone / A sprint or deliverable(s), helping you organize code, issues, and merge requests into a cohesive group Release /
Iteration Sprint

Roadmap A visual representation of the various epics for the group

Developer’s Process
Where do I start? - Issue Board
Review Issue
See Progress using Merge Requests

● Merge Request to Issue Traceability

● Web IDE or Check Out locally

● Branch Creation

● Record of changes and their impact

to the branch
Built-in IDE - Code Changes
Traceability

● CI/CD Pipeline Activity

● Approval Processes

● Scan Results
○ Code Quality
○ Security Scanning
○ Compliance

● Code Reviews

● And more!
○ Commit History
○ Comments
○ Reactions
Code Review
Code Review
Easy Merging
CI/CD Pipelines
CI/CD Pipeline
Resolved MR, Closed Issue
Approvals
Approvals Process
Merge Request - Approval by Specific Users/Groups
 Approval Configuration

Project ->
Settings ->
General ->
Merge Request Approvals
Protected Branches

● Limit creation of files to Maintainers / Owners

● Restricts pushes to users with Allowed
permission.
● Prevents
○ force pushing to the branch.
○ deleting the branch.
CODEOWNERS

● Define ownership of specific files or paths in a

repository

● Enforce CODEOWNER approval as part of

Merge Approvals

● Configure in CODEOWNERS file in repository

13.2 Enhancement - Multiple Sections in CODEOWNERS ( epic )

Security Approval Rules
Security vulnerabilities are reported in the MR pipeline report...
..in a developer-friendly way...with drill-down capabilities
Developers can drill down and can take action
Providing visibility into security risk via Security Dashboard

Quickly understand your at risk projects with Project Security Grades

Manage Security Risk Globally

Deployment Environments are First-Class Citizens
Operations Dashboard

More (top) → Operations

Note: Configured by each User

Q&A