Calendar Year 2018 Q1 OKRs

Objective 1: Grow Incremental ACV according to plan

• CEO: IACV doubles year over year
  • VP Product:
  • CRO
    • Customer Success: Identify success factors
    • Customer Success: Do quarterly business reviews for all eligible customers
    • Sales: Add growth pipeline of 1.5x annual growth plan
    • Sales: Add 30 Fortune 500 companies
• CEO: Be at a sales efficiency of 1.0 or higher
  • CMO
    • Marketing: know cost per SQO and customer for each of our campaigns
• CEO: Make sure that 70% of salespeople are at 70% of quota
  • CMO
    • Marketing: Make sure each SAE has 10 SAO’s per month
  • CRO
    • Sales: Increase IACV by 15% for Strategic / Large / Mid Market
    • Sales: 1 month boot-camp for sales people with rigorous testing
    • Sales: Professional Services in 50% of Strategic / Large deals
  • VPE
    • Support: 100% Premium and Ultimate SLA achievement => Was in the 80’s as a percentile
  • CFO
    • Legal: Implement improved contract flow process for sales assisted opportunities
    • Controller: Billing support added for EMEA region.
    • Legal: GDPR policy fully implemented.
  • CMO: Establish credibility and thought leadership with Enterprise Buyers delivering on pipeline generation plan through the development and activation of integrated marketing and sales development campaigns:
    • MSD: Scale sales development organization hiring to plan, accelerating onboarding and getting reps productive to deliver on SCLAU growth plans.
    • MSD: achieve volume target in inbound SCLAU generation.
    • MSD: achieve volume target in outbound SCLAU generation.
    • MSD: develop and execute Automate to accelerate CI; Kubernetes and Concurrent DevOps campaigns.
    • PMM: Activate category strategy, positioning and messaging with sales enablement and certification program and website content.
    • PMM: Develop and roll out updated pitch and analyst decks
    • PMM: CE to EE Pitch Deck and SVN to EE pitch Deck
  • CMO: Website redesign iteration, including information architecture update, to support our awareness and lead generation objectives, accounting for distinct audiences.
  • CMO: Further develop thought leadership platforms for GitLab around topics including forecasting the future of development, redefining cultural excellence, and helping to make security an actionable priority for developers.

Objective 2: Popular next generation product

• CEO: GitLab.com ready for mission critical workloads
  • VPE: Move GitLab.com to GKE => Did not happen
    • Geo: Make Geo performant to work at GitLab.com scale
    • Distribution: TBD?
    • Gitaly: TBD?
    • CI/CD: TBD?
  • VPE: GitLab.com available 99.95% and monthly disaster recovery exercises => Hit 99.5% according to inferior monitoring on Pingdom, did not conduct monthly DR (but did do plenty of geo testing)
  • VPE: GitLab.com speed index < 1.5s for all tested pages => Did not focus on this
  • VP Product
    • Product: Ship group-level authentication
• CEO: On track to deliver all features of complete DevOps
  • VPE: Ship faster than before => We’re shipping about the same speed as before
  • VP Product
    • Product: Plan all features to be done by August 22
  • VPE: One codebase with /ee subdirectory => 40% done
• CEO: Make it popular

  • CMO

    • Marketing: Get unique contributors per release to 100
    • Marketing: Increase total users by 5% per month
    • Marketing: Facilitate 100 ambassador events (meetups, presentations)
    • Marketing: Be a leader in all relevant analyst reports

  • VP Product

    • Product: Grow usage of security features to over 1000 projects
    • Product: Grow usage of portfolio management features to over 1000 projects

  • VPE: Use all of GitLab ourselves (monitoring, release management) => Did not make progress here due to focus on GCP migration

    • Director of Backend
      • Ensure SP1/SP2 issues for top tier customer get fixed
    • UX
      • UX: Reduce the installation time of DevOps for Kubernetes by 50% => 33%
      • UX: Establish Operation Engineers as a first class citizen. Create a roadmap for Operations to use gitlab as part of their core stack on a day to day basis. => 100%
      • UX: Complete design pattern library, setting usability standards and solutions for design, development, and product management to implement and follow. => 64%
    • Geo
      • Geo: Make Geo Disaster Recovery Generally Available
        • 100% (Done in 10.5)
      • Geo: Squash 15+ bugs/month
        • 27 open bugs
        • 10.4: 7 closed bugs
        • 10.5: 14 closed bugs
        • 10.6: 16 closed bugs
        • 10.7: 8 closed bugs
      • Geo: Bring ee/app/workers and ee/db/migrate directories up to 95% coverage
        • Geo-related files show 95% coverage
      • Geo: Deliver 100% of feature commits in 10.5, 10.6, 10.7
        • 10.5: 100% (delivered DR for 1-primary 1-secondary configuration, demoed 1-primary N-secondary work)
        • 10.6: 75% (first iteration of repo verification, planned failover documentation, missed cleanup for files moved to object storage)
        • 10.7: 75% (next iteration of repo verification, improved planned failover documentation, object storage cleanup, missed hashed storage migration)
    • Distribution
      • Distribution: Upgrade omnibus and internal omnibus-gitlab Chef => 100% (Epic)
      • Distribution: Measure upgrade/installation time between two GitLab versions => 100% (Epic)
      • Distribution: Establish a roadmap for automated vulnerability reporting of shipped libraries => 100% (Epic)
      • Distribution: Cloud Native Helm charts in Alpha => 100% (Issue)
      • Distribution: Support for generating LE certificates from the omnibus-gitlab package => 100% (Issue)
      • Distribution: Ship 100% of committed deliverables issues each release
        • 10.5: 87.5% (One undelivered issue was caused by the change in direction)
        • 10.6: 70% (Did not ship LE on by default, did not make significant progress on the backup/restore task fix)
        • 10.7: 87.5% (Did not make a significant progress on password/configuration separation) - NOTE: This can go down to 75% if we do not ship LE autorenew.
    • Platform
      • Platform: Ship 100% of committed deliverable issues each release
        • 10.5: 75% (24/32)
        • 10.6 68% (21/31
        • 10.7 69% (25/36
        • Overall: 71% (70/99)
      • Platform: Resolve all Security SL1, Support SP1, and Availability AP1 issues
        • SL1: 100% (3/3)
        • SP1: 71% (5/7)
        • AP1: 75% (3/4)
        • Overall: 79% (11/14)
      • Platform: Close 45 Platform backend bug issues. Afterwards, we should verify that the backlog went down from the 400 we started with, because otherwise bugs are getting reported faster than we can fix them, and we are not making a dent.
        • 10.5: 14 bugs closed
        • 10.6: 11 bugs closed
        • 10.7: 5 bugs closed
        • Overall: 67% (30/45)
        • Ending backlog: 417
      • Platform: Add backup/restore integration tests to GitLab QA
        • 10% (a start was made, but no significant progress)
      • Platform: Make sure all Platform backend community contributions created before January 1st, 2018 are merged, closed, labeled “awaiting feedback”, or taken over by us and in active development
        • 77% (36/47)
    • Discussion
      • Discussion: Ship 100% of committed deliverable issues each release.
        • 81%.
        • 10.5: 70% (7/10).
        • 10.6: 77% (7/9).
        • 10.7: 100% (8/8).
        • Try: break large performance Deliverables into smaller issues.
      • Discussion: Make it possible to run GitLab as a Rails 5 app from the master branch.
        • 10% (from community contributions).
      • Discussion: Resolve all Security SL1, Support SP1, and Availability AP1 issues.
        • 100%.
      • Discussion: Close 36 Discussion backend bug issues. Afterwards, we should verify that the backlog went down from the 280 we started with (and compare to the total of 385), because otherwise bugs are getting reported faster than we can fix them, and we are not making a dent.
        • 100%.
        • 10.5: 18 bugs closed.
        • 10.6: 15 bugs closed.
        • 10.7: 8 bugs closed.
        • Ending backlog: 269.
      • Discussion: Make sure all of the 17 Discussion backend community contributions that were created before 1 April 2017 are merged, closed, labeled “awaiting feedback”, or taken over by us and in active development.
        • 59% (10/17).
    • CI/CD
      • CI/CD: Ship 100% of committed deliverables issues each release:
        • 10.5: (25 / 40): 63%
        • 10.6: (21 / 33): 63%
        • 10.7: (29 / 38): 76%
      • CI/CD: Scalability: Make all CI/CD related data to be stored on Object Storage
        • 10.5: Traces on Object Storage
        • 10.6: Rake task for migrating traces
        • 10.6: Workhorse direct uploader for artifacts
        • 10.6: LFS direct upload
        • 10.7: Archive traces on Object Storage by default
        • 10.7: Workhorse direct upload to Object Storage (GKE-only)
      • CI/CD: Resolve or schedule all AP1, SL1, SL2, bugs marked SP1 or SP2:
        • 10.5: (0 / 1) AP2, (1 / 3) SP1, (0 / 1) SP2, (1 / 2) SL2
        • 10.6: (0 / 1) AP1, (0 / 2) AP2, (1 / 1) SP1, (3 / 3) SP2, (0 / 2) SL2
        • 10.7: (0 / 1) AP1, (0 / 1) AP2, (0 / 1) SP1, (1 / 1) SP2, (0 / 2) SL2 => AP1 got included in 10.8,
      • CI/CD: Cost: Move all CI infrastructure to GCP
      • CI/CD: Quality: Test CI workflow with Runner by GitLab QA
        • 10.5: End-to-end testing with GitLab QA
    • Monitoring
      • Monitoring: Bundle Alertmanager for proactive customer alerting notifications => 75%
        • 10.6 In Review
        • 10.7 TODO
      • Monitoring: Prometheus deploy for customer apps feature => 100%
        • 10.5 Done
      • Monitoring: Ship 10 new alerts for monitoring GitLab => 0%, dropped due to scheduling of GCP required features.
      • Monitoring: Instrument gitlab-shell => 50%, Instrumentation in production complete, but not packaged with Omnibus yet.
        • OmniBus: TODO
      • Monitoring: Ship 100% of committed deliverables issues each release => 54%
        • 10.4: (Bugs: 3/6, Features: 5/11) 53%
        • 10.5: (Bugs: 1/2, Features: 7/18) 40%
        • 10.6: (Bugs: 3/3, Features: 8/13) 69%
    • Security
      • Security: GDPR: Complete data breach notification policy and data mapping requirements (Compliance-KW) => 100%
      • Security: FIPS 140-2: Research requirements and provide guidance to development team to implement (Compliance-KW) => 60%
      • Security: Complete Remainder of 10 Risk Assessment Actions (Abuse-KW/JT/JR) => 100%
      • Security: Automate metrics for vulnerability initiatives: HackerOne, external & internal assessments (Automation-JT) => 90%
      • Security: Conduct 2 product application security reviews (AppSec-JR) => 100%
      • Security: Manage Advance Notification Program for security releases (SecOps-KW/JT/JR) => 100%
      • Security: All parts of security active (AppSec-JR, Automation-JT, SecOps-KW/JT/JR, Abuse-KW/JT/JR, Compliance-KW) => 100%
    • Database
      • Database: Make it more difficult for database performance issues to occur => Done
      • Database: Improve workflow / structure of the database team => 60%
      • Database: Improve database performance => 65%
    • Gitaly
      • Gitaly: Deliver 100% of committed scope for GCP migration milestone #2 by Jan 15 => Done
      • Gitaly: Deliver 100% of committed scope for GCP migration milestone #3 by Feb 15 => Fell behind
      • Gitaly: Deliver 100% of committed scope for GCP migration milestone #4 by Mar 15 => Fell behind
      • Gitaly: All migration points complete to Ready-for-Testing state by 7 February => 70%
      • Gitaly: Release Gitaly v1.0 (all endpoints complete to Opt-Out state) => 60%
      • Gitaly: Defined roadmap for Gitaly v1.1, focused on Optimization and Performance => 0%
    • Quality
      • Quality: Complete the work to make GitLab QA production-ready => 100%
      • Quality: Define the architecture of and produce an end-to-end prototype for a self-service metrics generator => 5%, discussion is just starting off with a prototype still in the works.
      • Quality: Define and schedule high-value issues for improving the staging test environment => 10%, meaningful discussions => closer to defining then schedule will follow suit.
      • Quality: Write 2 GitLab QA tests related to creating and managing Issues => 50%, creation scenario done still needs edit.
      • Quality: Write 2 GitLab QA tests related to CI/CD => 100%
    • Edge
      • Edge: Work with backend teams to move 100% of EE-specific files and 50% of EE-specific lines of code to the top-level /ee directory => 70%, For EE files, we started at 1085 files to move, we still have 132 files to move (excluding doc and qa), or 476 (only excluding qa) LoCs has proven to be more challenging than files.
      • Edge: Investigate how to extract EE-specific files/lines of code for JavaScript, CSS, and Grape API => 33%, made progress on JS, CSS and Grape API, no updates on routes and initializers.
      • Edge: Reduce average CE pipeline duration to 30 minutes => 70%, We made great progress at the beginning of the year, pipelines were running at or below 30 minutes but then it started rising up again. It’s now around 40 minutes, we suspect auto-retry of failed job could be a plausible cause. Rake task cleanup and rubocop cache done.
      • Edge: Solve at least 1 outstanding performance issues => 100%
    • Frontend
      • Frontend: Write 200 unit tests to resolve test debt - 3361 to 3917 Karma tests
      • Frontend: Crush 300 backlogged bugs - 320 closed
      • Frontend: Ship 100% of committed deliverables issues each release
        • 10.5: 81% shipped (30/37)
        • 10.6: 61% shipped (22/36)
        • 10.7: 76% shipped (34/45)
        • Overall: 73% shipped (86/118)
      • Frontend: Make sure all Frontend community contributions are merged, closed, labeled “awaiting feedback”, or taken over by us an in active development - Not complete
      • Frontend: Close our main JS technical debt topics: Library updates, Global Code splitting and reduce our bundle size significantly per page - Splitting done, active configuration will be in 10.8
      • Frontend: Set up site speed docker container in our CI, running automated daily, and pushing stats to existing Grafana instance - Done
    • Security Products
      • Security Products: Handover Security Products => 100%
      • Security Products: Gemnasium integration in SAST => 100%
      • Security Products: Gemnasium infrastructure migration to GCP (staging) => 100%

  • CFO

    • Data and Analytics: Create the execution plan for the data enabled user journey.

  • CMO: Build trust of, and preference for GitLab among software developers.

  • CMO: Hire Director, DevRel.

    • MSD: Develop interactive content for Developer Survey results and promote results through digital/social channels.
    • MSD: Grow followers by 20% through proactive sharing of useful and interesting information across our social channels.
    • MSD: Grow number of opt-in subscribers to our newsletter by 20%.
    • PMM: Plan and execute IBM Think corporate event.
    • PMM: Plan and execute GTM for acquisitions and partner launches.
    • PMM: Generate a customer persona map and 3 customer persona profiles.

  • CMO: Generate more company and product awareness including increasing lead over Bitbucket in Google Trends.

    • MSD: Implement SEO/PPC program to drive increase in number of free trials by 20% compared to last quarter, increase number of contact sales requests by 22% compared to last quarter, increase amount of traffic to about.gitlab.com by 9% compared to last quarter.

  • CMO: PR - G1, G2, T1 announcements.

  • CMO: AR - conduct intro briefings with all key Gartner analysts to include reviewing new positioning.

Objective 3: Great team

• CEO: Hire according to plan
• CEO: Great and diverse hires
  • CCO
    • Global hiring
    • Sourced recruiting 50% of candidates
    • Hired candidates, on average, from areas with a Rent Index of less than 0.7
• CEO: Keep the handbook up-to-date so we can scale further
• Handbook first (no presentations about evergreen content)
  • CCO
    • Consolidate and standardize role descriptions
  • VPE: Consolidate and standardize job descriptions => 100%, done in partnership with PeopleOps
  • VPE: Launch 2018 Q2 department OKRs before EOQ1 2018 => 100%
  • VPE: Set 2018 Q2 hiring plan before EOQ1 2018 => 100%
  • VPE: Implement issue taxonomy changes to improve prioritization => 100% changed security and priority labels
  • VPE: Record an on-boarding video of how to do a local build and contribute to the GitLab handbook => 0%, didn’t get to it
    • Backend: Deliver two iterations toward aligning backend teams with the DevOps lifecycle
    • Support
      • Support: Define HA Expertise with 7 support engineers updating HA documentation as defined by Product. => 100%
      • Support: Define Kubernetes Expertise with 7 support engineers updating Kubernetes documentation as defined by Product. => 100%
    • UX
      • UX: Deprecate outdated UX Guide and replace with design.gitlab.com to communicate current UX standards and solutions across teams. => 63%
      • UX: Write 3 public blog posts about GitLab UX and visual design case studies, best practices, anecdotes, or events => 100%
    • Quality: Document the context and background of release process improvements in the Handbook / Quality page
    • Frontend: Establish and shape our Frontend specific on-boarding - Done with 4 new hires
  • CFO
    • Data and Analytics: Corporate dashboard in place for 100% of company metrics.
    • Data and Analytics: Capability to analyze cost per lead/SAO/SQO and marketing campaign effectiveness.
    • Controller: ASC 606 implemented for 2017 revenue recognition
    • Billing Specialist: Add cash collection, application and compensation to job responsibilities.
    • Controller: Close cycle reduced to 9 days.
    • Accounting Manager: All accounting policies needed to be in place for audit are documented in the handbook.
    • Legal: Add at least one country in which headcount can be grown at scale.
  • VPE: Hire a Director of Engineering => 100% hired Tommy
  • VPE: Hire a Director of Infrastructure => 0%
  • VPE: Hire a Database Manager => 0%
  • VPE: Hire a Production Engineer => 0%
    • Distribution: Hire a Distribution Engineer
    • Discussion: Hire two developers
    • Quality: Hire an Engineering Manager
    • Security: Hire 2 Security Engineer, SecOps
    • Platform: Hire 2 developers
    • CI/CD: Hire 2 developers
  • CMO: Hire Director, Product Marketing
    • PMM: Hire to Product Marketing team plan
  • CMO: Hire Director, Corporate Marketing
  • CMO: Hire to Corporate Marketing team plan
  • CMO: Hire Director, DevRel
  • CMO: Hire to DevRel team plan
    • MSD: Hire to SDR team plan
    • MSD: Hire SMB Customer Advocates
    • MSD: Hire Manager, Online Growth
    • MSD: Hire to Online Growth team plan
    • MSD: Hire to Field Marketing team plan
  • CCO: Launch training for making employment decisions based on the GitLab Values.
  • CCO: Ensure candidates are being interviewed for a fit to our Values as well as ability to do the job, through Manager Training and Follow-up by People Ops.
  • CCO: Analyze and make recommendations based off of New Hire Survey and Pulse surveys which will drive future KRs. Have at least 3 areas to improve each quarter. Ideally, we will also have 3 areas to celebrate.
    • Issue
    • Issue
  • CCO: Iterate on the Performance Review process with at least two changes initiated by March.
  • CCO-TA: Iterate the hiring process to decrease process cycle-times, increase efficiency on screening candidates and provide a better candidate experience.
  • CCO-TA: Re-vamp and enhance our jobs page to help attract diverse quality talent enhance our employment brand and position ourselves as hi-tech company.
  • CCO-TA: Establish level of effort metrics to ensure process efficiencies to include: recruiter screened/hiring manager review ratio, Interview/Offer ratio, and Offer Accept ratio.
  • CCO: Provide consistent training to managers on how to manage effectively. Success will mean that there are at least 15 live trainings a year in addition to curated online trainings.
  • CCO: Align recruiting to Functional Groups with Focus on Low Rent Regions. At least 50% of GitLab team-members should be hired from a Rent Index location that less than 0.7.
  • CCO: Implement actionable recruiting Metrics, including the ability to track an accurate source of hire for the majority of all hires.
  • CCO: Target 2 Diversity recruiting Events/sources to attend and recruit from. Measure success to determine future plan.
  • CCO: Increase Employee Referrals by 5%.
  • CCO: Launch Harassment Prevention Training to all managers.
  • CCO: Identify the right LMS for GitLab.
  • CCO: Now that hiring managers have been trained on Reference Checking, beginning ensuring that Hiring Managers are verifying at least one reference per hire personally.
  • CCO: Hiring at least one sourcer and one recruiter for EMEA/Central Asia.
  • CCO: Prioritize the future countries for increased hiring based on pipeline, regulations, future sales, rent index. Begin steps to enable increased hiring outside the U.S.

Retrospective

VPE

• GOOD
  • Q2 OKRS launched on time
  • Hiring plan and budget on-time and in-line
  • Hired and on boarded a director of eng (Tommy)
  • Q1 GitLab.com availability/stability was good (although not as good as monitoring indicates)
• BAD
  • OKRs we tweaked mid-quarter and Sid and I never syncd on the changes, so some things never got attention
  • GitLab.com did not move to GCP
  • Didn’t get to the local handbook set up video
  • Slow progress overall on hiring
• TRY
  • Double down on hiring Dir of Infra, treat as exec hired
  • Partner with people ops to increase hiring pace
  • Less KRs in Q2 to increase focus

Platform

• GOOD
  • Deliverable hit rate has been pretty consistent.
  • We resolved all Security SL1 issues.
  • We triaged all Platform Community Contribution MRs.
• BAD
  • We consistently overpromised what we could deliver in a release. This was done in accordance with earlier statements that OKRs should be ambitious and that if we hit more than 70% of our OKRs, we weren’t ambituous enough, though.
  • We did not resolve all Support SP1 and Availability AP1 issues.
  • We didn’t take over any of the popular “coach will finish” Community Contribution MRs.
  • We didn’t hit our bug target, and actually fixed fewer bugs with each release.
  • Bug target was too low. If we had hit our target, the total backlog size would have stayed approximately constant, but because we didn’t, it actually increased by 17.
  • Not much progress was made on backup/restore integration tests.
• TRY
  • Putting a limit on the total weight of Deliverable issues so that we can actually deliver all of them, and using the Stretch label for issues we’d like to start on this release, but are fine with letting them slip and get finished in the following release. (See gitlab-com/www-gitlab-com#2022)
  • Specifically allocating time to finish popular Community Contribution MRs, by making their issues Deliverable and not allowing them to slip.
  • Specifically allocating time for Engineering-driven efforts like improving integration tests, by making their issues Deliverable and not allowing them to slip.
  • Finding a better balance between adding new features and fixing bugs in existing features.
  • Adding people to the team to be able to do the 3 items above without significantly interfering with our Product feature output.

Discussion

• GOOD
  • All top-priority security, support, and availability issues were addressed.
  • Deliverable hit percentage increased to 100% over the quarter.
  • Hit bugs target early.
• BAD
  • Missed a big issue (Rails 5), due to staff changes.
  • Bug target was too low (backlog only reduced by 11 issues).
  • Didn’t address all of the oldest community contributions we have.
  • Deliverables target ignores an issue, batch commenting, that has been blocked on frontend since January.
• TRY
  • Not having OKRs for specific priorities, if we also have OKRs for solving issues of a particular type.
  • Better tracking of issues that made it / missed per release:
    • All backend issues.
    • Deliverables.
    • Bugs
    • Performance issues.

Distribution

• GOOD
  • Delivered all scheduled OKRs, and added one more during the quarter
  • Recognized challenging parts of the tasks and reduced scope in time, which allowed us to move quicker towards the goals
  • Managed to tackle some Technical Debt as part of the OKR tasks
• BAD
  • Everything that was not an OKR was secondary
  • The scope of the OKR’s might have been too ambitious
  • Basic integration coverage meant that we had two serious regressions
  • Cloud Native charts taking most of the teams bandwidth
  • Less amount of time spent on hiring than what was expected
• TRY
  • Establish a better ratio of technical debt vs. features shipped in one release
  • Focus on sourcing more candidates
  • Establish a better way of assigning engineers to their tasks instead of encouraging them to choose from milestone

Monitoring

• GOOD
  • Shipped all GCP required features.
• BAD
  • Dropped/didn’t update alerting KR to refelect feature scheduling changes.
• TRY
  • Work on hiring to improve team throughput.

UX Design

• GOOD
  • Major challenges/opportunities for Auto DevOps installation flow identified.
  • Roadmap for Auto DevOps installation immprovements established.
  • All design pattern issues completed or in final review.
  • Understand who operations/DevOps engineers are, most common tasks/duties, the metrics they’re tracking.
  • Identified DevOps biggest challenges: lack of automation, culture, resource, and tools.
  • Updated and recorded all UX standards covered by the current UX guide.
  • Added many UX standards not documented in the current UX guide.
• BAD
  • OKRs for Q1 not finalized in December and re-tuned at the end of January, delaying progress.
  • Hiring took up much of the UX team’s time early in Q1.
  • Poor priority management, put design library issues off as the deadline was further out and other OKRs were more pressing for the company.
  • Dependence on other departments for scheduling and review of some issues. Unable to influence progress once they were out of our hands.
• TRY
  • Finalize OKRs earlier on so we can plan better.
  • Assign UX designer to issues rather than encouraging them to pick them up.
  • Schedule UX OKR issues into milestones to make sure we stay on track.
  • Continue to use epics to drive goals and initiatives.
  • Streamline the hiring process for UX to make it more efficient.

Support Engineering

• GOOD
  • New hires on boarded quickly and successfully
  • Services is gelling
  • HA & Kubernetes expertises went well
  • No attrition
• BAD
  • We did not hire to 100% of plan
  • SLAs for premium and ultimate fell short of our standard
• TRY
  • Hire a director of support
  • Pick up pace of engineer and agent hiring

Security

• GOOD
  • Resolved all SL1/SL open issues in CE tracker.
  • Conducted successful security assessment on Gitaly.
  • Mean Time To Remediation for new open security vulnerabilities is now below industry standard of 30 days.
  • Started conducting internal security briefings on a biweekly basis to drive company-wide accountability and sense of urgency on all security issues.
  • Successfully drove GitLab’s new pages domain verification mechanism.
  • From a technical security standpoint, completed all requirements for GDPR compliance.
  • There is now a formal data classification policy.
• BAD
  • Although we are doing well with new open security vulnerability issues, there remains a security debt of old security issues to resolve.
  • FIPS 140-2 effort needs more work, and we did not get as far along in that process as we wanted to, due to reliance on 3rd party partner.
  • We were not able to get as far along in application security reviews, due to other efforts taking higher priority (e.g., remediating new open issues, security release process efforts).
• TRY
  • Revisit FIPS 140-2 effort to see how we can take on more of the burden internally.
  • We will work to reduce security debt in the old open security issues.
  • Conduct more outreach to Engineering departments in order to get more application security reviews conducted.

Frontend

• GOOD
  • New team members were overall onboarded well
  • Reduced Technical Debt a lot through different topics
  • Constant improvements on our workflows and tools
  • Delivered a lot of big features
• BAD
  • Missed the deliverable percentage goals
  • Vue-based MR’s not live yet. This turned out to be far larger than anticipated and had to be re-planned.
  • Too long and too much discussions for specific topics
  • CSS Refactoring underestimated, had to re-plan
  • Hard to estimate velocity, lead to slipped deliverables
  • Hard to schedule with an unclear task at the beginning
  • Didn’t invest enough time on Community Contributions
• TRY
  • Drive longer planning with Epics + bigger scheduling gates for issues
  • Optimize planning pipeline together with PM’s
  • Domain experts to take over domain expertise in the FE team
  • Frontend Sub teams
  • Skipping CSS Refactor and go straight for reusable Vue Components
  • Extend tooling and improve Workflows
  • Set up a workflow to check community contributions as an actual task by someone every release cycle

Infrastructure

• GOOD
  • We simplified the GCP project by moving to a life-and-shift strategy
• BAD
  • Hiring did not keep pace
  • We do not have a project management framework that has taken
• TRY
  • Pick up hiring
  • Experiment with project management frameworks
  • Better monitoring of GitLab.com for SLA

Database

• GOOD
  • We managed to achieve more compared to our previous OKR, both by having more manpower and by planning work more carefully.
• BAD
  • We didn’t get as much workflow related work (e.g. Apdex scores) done as we’d like.
• TRY
  • For the next quarter we will be hiring a database manager and hopefully also a database engineer. This should further reduce load on the existing team members.

Production

• GOOD
  • GitLab.com availability in Q1 was better than 2017 average
• BAD
  • Team attrition
  • Did not move to GCP
  • Did not hire a production engineer
• TRY
  • Better GitLab.com monitoring for uptime

Gitaly

• GOOD
  • Hit early milestones
• BAD
  • We did not stay on pace with our backlog for Gitaly v1.0
  • OKRs were messy and possibly redundant
• TRY
  • More project mgmt
  • Clearer KR, less for more focus?

Geo

• GOOD
  • We migrated most projects, attachments, LFS objects, etc. from GitLab.com to Google using Geo.
  • We found and fixed a significant amount of issues in this process.
  • We reduced the number of out of sync/failed repository syncs from over a million to less than a few hundred.
  • Geo appears to be keeping up with the new data pushed to GitLab.com.
  • Customers appear to be using Geo more, helping us find additional issues.
• BAD
  • We have yet to do a thorough project-by-project verification of data mirrored from GitLab.com.
  • Our verification implementation only covers basic references, but does not check the integrity of the files themselves.
  • We still have a lot of obscenely slow database queries causing high load on the database.
  • We have not made much progress in putting hashed storage into production.
• TRY
  • Start using our repository checksum feature when 10.7 is deployed.
  • Improve verification to include object integrity.
  • Spending Q2 optimizing these database queries.
  • Assign someone to own the rollout of hashed storage.

Security Products

• GOOD

  • Whole (new) Team onboarded with success
  • Ability to release since the first milestone
  • Openshift to GCP migration is going well
  • Lot of expectations for security features

• BAD

  • Each change in the jobs definition means updating docs everywhere, our .gitlab-ci.yml, and possibly introducing break changes. This process is long and error prone.
  • Dependence on other departments, especially Frontend, for implementation on some issues.
  • Lack of automated E2E tests/QA so long and painful testing for now
  • We hit the limitations of our own features (using subgroups, .gitlab-ci.yml include, unprotected container registry, etc.).
  • Lot of processes to assimilate, as the whole team is new
  • Small usage of Security Products so few feedback

• TRY

  • Improve our tools for security advisories triage.
  • Improve usage of our tools internaly
  • Improve accessibility to our tools (includes in gitlab-ci.yml)