Commit f635df8e authored by Lee Matos's avatar Lee Matos 🗽

Merge branch 'docs-self-managed-support-security-workflow' into 'master'

Add security workflow to self-managed handbook

See merge request !17618
parents 2d76315e a971b9e1
Pipeline #45502211 passed with stages
in 12 minutes and 55 seconds
......@@ -68,7 +68,7 @@ Below these references, you'll find detailed workflows for specific scenarios yo
* **Reference Material**
* [Reinstating blocked accounts](services/gitlab_com/reinstating-blocked-accounts.html)
* [Managing Spam](services/gitlab_com/managing_spam.html)
* [Working with Security](services/support_workflows/working_with_security.html)
* [Working with Security](shared/support_workflows/working_with_security.html)
## Tools Used by Request Type
......
......@@ -14,7 +14,7 @@ category: Support Workflows
## Overview
Occasionally, users will reach out to security [at] gitlab [dot] com with questions that may be better addressed by Support (e.g., help resizing a repository in response to a mass notification).
Occasionally, users will reach out to security [at] gitlab [dot] com, following the [Responsible Disclosure Policy](/security/disclosure/), with questions that may be better addressed by Support (e.g., help resizing a repository in response to a mass notification).
Other times, users will reach out to Support to report a security issue.
......@@ -44,9 +44,7 @@ same caution as any other suspicious email:
* User is having problems with 2-factor or other authentication on their account.
* A vulnerability report that has been triaged by the security team as `working as intended`,
* Requires actions taken by Support to resolve.
______________
## Workflows
### Transfer from Security to Support
......@@ -63,4 +61,24 @@ In the case that a security issue was reported through a support ticket:
1. Update the assignee in ZenDesk to Security
### Escalate ZenDesk ticket to Security
In the case that a security issue was reported through a support ticket:
1. Update the assignee in ZenDesk to Security
1. Link to the issue reporting the vulnerability
### If the customer has already created an issue
In the case that the customer has already filed an issue for the vulnerability:
1. Mark the issue is `confidential`
1. Add `security`, `customer`, and `bug` or `feature proposal` labels
1. Assign [Severity and Priority Labels](/handbook/engineering/security/#severity-and-priority-labels-on-security-issues)
### If the customer has not yet created an issue
See [Creating New Security Issues](/handbook/engineering/security/#creating-new-security-issues)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment