Detect risks and suggest improvements

Description

What happens when one or more projects depend on only one single user? What happens if no CI is setup? What happens if all the administrators of an instance are hit by a bus?

GitLab should be able to detect practices that put projects at risks and proactively reach out to stakeholders to reduce those risks.

Proposal

Let's brainstorm on what we should detect, and we'll then decide how we will implement them.

• (high risk) Detect if projects only have one contributor
• (medium risk) Detect if projects have only one active contributor in the last 60 days
• (high risk) Detect if MRs do not make use of approvals generally in the project
• (high risk) Detect if no CI is setup in a project
• (low risk) Detect if bugs take more than 30 days to get fixed
• (high risk) Detect if user passwords haven't been changed for a while
• (high risk) Detect if no license is defined