Skip to content
Snippets Groups Projects
Commit 3ebc32fe authored by Evan Read's avatar Evan Read
Browse files

Change more references from Govern to Software Supply Chain Security

parent 825ecc50
No related branches found
No related tags found
1 merge request!10408Change more references from Govern to Software Supply Chain Security
Showing
with 24 additions and 24 deletions
......@@ -156,8 +156,8 @@ In order to make the most of the internship, it's expected for the intern to do
#### Week 8
1. Shadow other CSMs on customer calls, team calls, & account team calls, helping with follow ups and questions as needed
1. Review one stage of the DevSecOps lifecycle in depth every week: Secure & Govern
1. Read through the [Govern Product Categories](https://about.gitlab.com/stages-devops-lifecycle/govern/)
1. Review one stage of the DevSecOps lifecycle in depth every week: Secure & Software Supply Chain Security
1. Read through the [Software Supply Chain Security Product Categories](https://about.gitlab.com/stages-devops-lifecycle/govern/)
1. Continue working on the [GitLab Certified Security Specialist Learning Path](https://levelup.gitlab.com/learning-paths/certified-security-specialist-learning-path) (lessons 6-10 in GitLab Security Essentials)
1. Be prepared to discuss with your mentor:
1. Any modules/topics you struggled with understanding in the learning path
......
......@@ -142,8 +142,8 @@ The following sections provide an overview of all content assets, and links to f
| [Jira to GitLab](https://drive.google.com/file/d/1ME_oU5zGtySPoAf8_I-3u5jJZW-kBMSo/view?usp=drive_link) | Verify | 2023-12-18 | https://youtu.be/wGnl2fs75Pg |
| [GitLab Administration (SaaS)](https://drive.google.com/file/d/1JQYVed7StwOBGEnzmsT7yiDmDfNSkx_a/view?usp=drive_link) | Core Platform | 2023-10-23 | https://youtu.be/lXtBV9o7q68 |
| [GitLab Runners](https://drive.google.com/file/d/1nxglK5j8D5XsbZTaylN-HbbVJ0gKojJd/view?usp=drive_link) | Verify | 2024-01-17 | https://youtu.be/Xq0kNaGxcaM |
| [Vulnerability Management Strategies](https://drive.google.com/file/d/1DRhHsgeqRPGpu2NR5726QSGqg6bh7aJS/view?usp=drive_link) | Govern | 2024-05-07 | https://youtu.be/CS_GlJGtnpM |
| [Separation of Duties](https://drive.google.com/file/d/16YcUdYDNPP0x0vXzG01OsCODVnYhYe4O/view?usp=drive_link) | Govern | 2024-06-18 | https://youtu.be/vFbgzta5cyA |
| [Vulnerability Management Strategies](https://drive.google.com/file/d/1DRhHsgeqRPGpu2NR5726QSGqg6bh7aJS/view?usp=drive_link) | Software Supply Chain Security | 2024-05-07 | https://youtu.be/CS_GlJGtnpM |
| [Separation of Duties](https://drive.google.com/file/d/16YcUdYDNPP0x0vXzG01OsCODVnYhYe4O/view?usp=drive_link) | Software Supply Chain Security | 2024-06-18 | https://youtu.be/vFbgzta5cyA |
| [What's New! GitLab 17.0](https://drive.google.com/file/d/11EhjSsgMepd9iZYY9vNz8LFoQPLGVNuS/view?usp=drive_link) | All | 2024-06-04 | https://youtu.be/3gROieX0-9Q |
| [CI/CD Components](https://drive.google.com/file/d/1mSj3YhvTu5llgRzqRMZ0Lk08KlFLlhp4/view?usp=drive_link) | Create | 2024-07-11 | https://youtu.be/2MosExpnxsw |
| [DAST API and Security Testing](https://drive.google.com/file/d/1G8XeiaQDpGQAyd1gwLsYmaf-tp3N4p91/view?usp=drive_link) | Secure | 2024-07-12 | https://youtu.be/R6nO_0u2UqA |
......@@ -159,7 +159,7 @@ The following sections provide an overview of all content assets, and links to f
| [GitLab CI](https://docs.google.com/presentation/d/1IiRo4KHAgYqmzNiLkNYEatzHo75ax1BNKy-HsHoZW3k/edit?usp=drive_link) | [CICD Adoption Workshop](https://gitlab.com/gitlab-learn-labs/sample-projects/cicd-adoption-workshop) | Verify | 2023-10-23 |
| [GitLab Advanced CI](https://docs.google.com/presentation/d/1g36th6wlPUj9YMHooAr7M0koscEdDAnxJULTu3F93Fg/edit?usp=drive_link) | [Advanced CI Lab](https://gitlab.com/gitlab-learn-labs/onboarding-cohort-projects/advanced-ci-lab/-/tree/main?ref_type=heads) | Package/Verify | 2024-05-10 |
| [CI/CD Adoption for Jenkins Users](https://docs.google.com/presentation/d/1d2u6Ls_ELgEAv8VXMatljVkPydOelUQ3_hsOvUe2k28/edit?usp=drive_link) | [CICD Adoption Workshop](https://gitlab.com/gitlab-learn-labs/sample-projects/cicd-adoption-workshop) | Verify | 2024-01-10 |
| [Security and Compliance](https://docs.google.com/presentation/d/1_o1UbmM0u96f9XTpjYBLG3jnHeJuwJAVOrCg7Ri4ti4/edit#slide=id.g2e71b1d1f20_1_598) | [Tanuki Racing Security and Compliance](https://gitlab.com/gitlab-learn-labs/onboarding-cohort-projects/tanuki-racing-security-and-compliance) | Govern/Secure | 2024-06-26 |
| [Security and Compliance](https://docs.google.com/presentation/d/1_o1UbmM0u96f9XTpjYBLG3jnHeJuwJAVOrCg7Ri4ti4/edit#slide=id.g2e71b1d1f20_1_598) | [Tanuki Racing Security and Compliance](https://gitlab.com/gitlab-learn-labs/onboarding-cohort-projects/tanuki-racing-security-and-compliance) | Software Supply Chain Security/Secure | 2024-06-26 |
## <i class="fa-solid fa-folder-plus" style="color: #B197FC;"></i> Content Creation Process
......
......@@ -143,13 +143,13 @@ Usage Discovery Questions:
1. How are you monitoring the stability and performance of your GitLab instance?
1. What do you use to monitor your deployed applications?
## Govern
## Software Supply Chain Security
- [Vulnerability List](https://docs.gitlab.com/ee/user/application_security/vulnerability_report/)
- [Dependency List](https://docs.gitlab.com/ee/user/application_security/dependency_list/)
- [Security Policies](https://docs.gitlab.com/ee/user/application_security/policies/)
- Making use of [Audit Events](https://docs.gitlab.com/ee/administration/audit_events.html) at the instance level as part of managing GitLab.
- Using [Compliance Management](https://about.gitlab.com/direction/govern/compliance/compliance-management/) within GitLab.
- Using [Compliance Management](https://about.gitlab.com/direction/software_supply_chain_security/compliance/compliance-management/) within GitLab.
Usage Discovery Questions:
......
......@@ -132,7 +132,7 @@ We also want to ask about Stage Adoption metrics so that we can tie their GitLab
- **Monitor**
- How are you monitoring the stability and performance of your GitLab instance?
- What do you use to monitor your deployed applications?
- **Govern**
- **Software Supply Chain Security**
- How do you manage your organizational security policies?
- How do you manage your dependencies?
- How do you manage your vulnerabilities?
......
......@@ -239,8 +239,8 @@ To align our education and enablement with our product, each of the topics below
#### Foundations Level
- [Govern Stage Overview](https://about.gitlab.com/stages-devops-lifecycle/govern/)
- [Govern Stage Direction and Roadmap](https://about.gitlab.com/direction/govern/)
- [Software Supply Chain Security Stage Overview](https://about.gitlab.com/stages-devops-lifecycle/govern/)
- [Software Supply Chain Security Stage Direction and Roadmap](https://about.gitlab.com/direction/software_supply_chain_security/)
#### Intermediate Level
......
......@@ -161,7 +161,7 @@ TODO: Define performance requirements and check with different steak holders. Di
#### Decomposition
The application data for [GitLab.com](https://gitlab.com/) is currently decomposed into two separate database clusters, `Main` and `CI`.
We are evaluating if we can further decompose the `Main` database with [decomposing `Secure and Govern` related tables to a separate Postgres DB](https://gitlab.com/gitlab-org/gitlab/-/issues/427973) to gain more headroom and scalability for the current platform.
We are evaluating if we can further decompose the `Main` database with [decomposing `Secure- and Software Supply Chain Security-related tables to a separate Postgres DB](https://gitlab.com/gitlab-org/gitlab/-/issues/427973) to gain more headroom and scalability for the current platform.
For Cells it is a design choice to scale horizontally by adding more Cells and to rebalance by moving organizations to less saturated cells.
Cells should not be scaled vertically to a point where decomposition is reasonable.
......
......@@ -247,7 +247,7 @@ offering flexibility while maintaining security.
### Permissions
The following permissions were compiled based on the findings from [this investigation](https://gitlab.com/gitlab-org/govern/authorization/team-tasks/-/issues/55).
The following permissions were compiled based on the findings from [this investigation](https://gitlab.com/gitlab-org/software-supply-chain-security/authorization/team-tasks/-/issues/55).
Further research is required to document the permissions needed to support the built-in [CI/CD components](https://gitlab.com/components).
The exact list of permissions and the keyword used to described them might
......
......@@ -275,7 +275,7 @@ flowchart TD
D -- insert --> security_policy_requirements@{ shape: cyl }
```
#### Recurring Configuration Status Checks execution flow
#### Recurring Configuration Status Checks execution flow
This workflow diagram shows the how Compliance Frameworks trigger a configuration status check against a Project.
......
......@@ -491,5 +491,5 @@ index 669565880e93..393563dead8a 100644
## References
- https://gitlab.com/gitlab-org/govern/compliance/general/-/issues/233+
- https://gitlab.com/gitlab-org/software-supply-chain-security/compliance/general/-/issues/233
- https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/compliance-adherence-reporting/
......@@ -21,5 +21,5 @@ These are the expected competencies of team members at GitLab by Job Title.
| **[Development](/handbook/engineering/careers/matrix/development/)** | [Dev](/handbook/engineering/careers/matrix/development/dev/), [Core Platform](/handbook/engineering/careers/matrix/infrastructure/core-platform/), Growth, Ops, Package & Release, Secure & Govern, Verify |
| **[Incubation Engineering](/handbook/engineering/careers/matrix/development/incubation/)** | Incubation Engineering |
| **[Infrastructure](/handbook/engineering/careers/matrix/infrastructure/)** | Infrastructure, Delivery & Scalability, Reliability |
| **[Quality](/handbook/engineering/careers/matrix/quality/)** | Dev, Ops, Secure, Core Platform, Engineering Productivity, Growth, Fulfillment, Govern |
| **[Quality](/handbook/engineering/careers/matrix/quality/)** | Dev, Ops, Secure, Core Platform, Engineering Productivity, Growth, Fulfillment, Software Supply Chain Security |
| **[Support](/handbook/engineering/careers/matrix/support/)** | [Support](/handbook/engineering/careers/matrix/support/) |
......@@ -27,5 +27,5 @@ These are the expected competencies of team members at GitLab by Job Title and j
- <span class="colour" style="color: rgb(51, 51, 51);">Fulfillment</span>
- Growth
- Ops
- Govern
- Software Supply Chain Security
- Secure
......@@ -307,7 +307,7 @@ The following is a non exhaustive list of daily duties for engineering directors
1. Growth
1. Ops
1. Secure
1. Govern
1. Software Supply Chain Security
1. Review hiring dashboards
1. Personal todo list
1. Personal GitLab board(s) if any
......
......@@ -93,7 +93,7 @@ Our current customers include GitLab [AI-powered Duo feature teams:](https://doc
1. [AI Powered: Duo-Chat team](https://about.gitlab.com/direction/ai-powered/duo_chat/)
2. [Create: Code Creation team](https://about.gitlab.com/direction/create/code_creation/)
3. [Govern: Threat Insights `AI Vulnerability Management` team](https://about.gitlab.com/direction/govern/threat_insights/vulnerability_management/)
3. [Security Risk Management: Threat Insights `AI Vulnerability Management` team](https://about.gitlab.com/direction/security_risk_management/threat_insights/vulnerability_management/)
4. [Root Cause Analysis](https://docs.gitlab.com/ee/user/gitlab_duo/index.html#root-cause-analysis)
5. [RAG Evaluation](/handbook/engineering/development/dev/foundations/search/)
6. [Issue Summarization](https://docs.gitlab.com/ee/user/gitlab_duo/index.html#issue-description-generation)
......
......@@ -17,10 +17,10 @@ Please refer to this list and keep it updated as Widgets evolve.
| [Code quality](https://gitlab.com/gitlab-org/gitlab/-/issues/338280) | [#336178](https://gitlab.com/gitlab-org/gitlab/-/issues/336178) | Secure:Static Analysis | [@mfangman](https://gitlab.com/mfangman) | [@jannik_lehmann](https://gitlab.com/jannik_lehmann) |
| [License compliance](https://gitlab.com/gitlab-org/gitlab/-/issues/338281) | [#336177](https://gitlab.com/gitlab-org/gitlab/-/issues/336177) | Secure:Composition Analysis | [@andyvolpe](https://gitlab.com/andyvolpe) | [@farias-gl](https://gitlab.com/farias-gl) |
| [Metrics](https://gitlab.com/gitlab-org/gitlab/-/issues/338282) | [#336176](https://gitlab.com/gitlab-org/gitlab/-/issues/336176) | Verify:Pipeline Security | [@gdoyle](https://gitlab.com/gdoyle) | [@mfluharty](https://gitlab.com/mfluharty) |
| [Security](https://gitlab.com/gitlab-org/gitlab/-/issues/338283) | [#336175](https://gitlab.com/gitlab-org/gitlab/-/issues/336175) | Govern:Threat Insights | [@beckalippert](https://gitlab.com/beckalippert) | [@svedova](https://gitlab.com/svedova) |
| [Security](https://gitlab.com/gitlab-org/gitlab/-/issues/338283) | [#336175](https://gitlab.com/gitlab-org/gitlab/-/issues/336175) | Security Risk Management:Threat Insights | [@beckalippert](https://gitlab.com/beckalippert) | [@svedova](https://gitlab.com/svedova) |
| [Terraform](https://gitlab.com/gitlab-org/gitlab/-/issues/338284) | [#336174](https://gitlab.com/gitlab-org/gitlab/-/issues/336174) | Configure | [@andlovu](https://gitlab.com/andlovu) | [@anna_vovchenko](https://gitlab.com/anna_vovchenko) |
| [Test summary](https://gitlab.com/gitlab-org/gitlab/-/issues/338285) | [#336173](https://gitlab.com/gitlab-org/gitlab/-/issues/336173) | Verify:Pipeline Security | [@gdoyle](https://gitlab.com/gdoyle) | [@mfluharty](https://gitlab.com/mfluharty) |
| [Status checks](https://gitlab.com/groups/gitlab-org/-/epics/7066) | [#336172](https://gitlab.com/gitlab-org/gitlab/-/issues/336172) | Govern:Compliance | [@cam.x](https://gitlab.com/cam.x) | [@xanf](https://gitlab.com/xanf) |
| [Status checks](https://gitlab.com/groups/gitlab-org/-/epics/7066) | [#336172](https://gitlab.com/gitlab-org/gitlab/-/issues/336172) | Software Supply Chain Security:Compliance | [@cam.x](https://gitlab.com/cam.x) | [@xanf](https://gitlab.com/xanf) |
| [Load performance](https://gitlab.com/gitlab-org/gitlab/-/issues/338287) | [#336448](https://gitlab.com/gitlab-org/gitlab/-/issues/336448) | Verify:Pipeline Security | [@gdoyle](https://gitlab.com/gdoyle) | [@mfluharty](https://gitlab.com/mfluharty) |
## Related links
......
......@@ -114,7 +114,7 @@ Not included in the Pipeline Execution group's domain:
- Secrets Management, see the [direction page](https://about.gitlab.com/direction/release/secrets_management/)
- Pipeline Authoring, see the [direction page](https://about.gitlab.com/direction/verify/pipeline_composition/)
- Compliance in Pipelines, see the [direction page](https://about.gitlab.com/direction/govern/compliance/compliance-management/)
- Compliance in Pipelines, see the [direction page](https://about.gitlab.com/direction/software_supply_chain_security/compliance/compliance-management/)
- [Job artifacts: storage and management of artifacts is the gateway for many CI/CD features](https://about.gitlab.com/direction/verify/build_artifacts/)
---
......
......@@ -2,7 +2,7 @@
title: Sec Section
description: >-
The Sec Section is composed of development teams working on Secure
and Govern features of the GitLab DevOps Platform.
and Software Supply Chain Security features of the GitLab DevOps Platform.
---
<div class="diagramwrapper">
......@@ -404,7 +404,7 @@ The members of each google group consists of stable counterparts and the correct
## Staying Informed and Informing Team Members
- [Sec Week In Review Google Document](https://drive.google.com/drive/search?q=%22Sec%20Section%20Week%20In%20Review%22) - is an asynchronous weekly document of notables things happening in Sec. The document is inspired by the [Engineering Week In Review](/handbook/engineering/#communication).
- Slack channels #s_secure and #s_govern are informative since they are all part of Sec Section.
- Slack channels #s_secure and #s_software-supply-chain-security are informative since they are all part of Sec Section.
## Planning in the Section
......
......@@ -187,7 +187,7 @@ The following is a non exhaustive list of daily duties for engineering directors
1. Growth
1. Ops
1. Secure
1. Govern
1. Software Supply Chain Security
1. Review hiring dashboards
1. Personal todo list
1. Personal GitLab board(s) if any
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment