Add the GL Continuous Security Framework page
Why is this change being made?
This MR is the first iteration of the GitLab Security Framework POC.
See https://gitlab.com/gitlab-com/gl-security/security-architecture/general/-/issues/12 for details.
Sub-tasks
-
Gather requirements and guidelines from Security teams
| Team | DRI | MR | Status |
|---|---|---|---|
| InfraSec | @mlancini | !107064 (closed) | Pending |
| AppSec | @nmalcolm | !106918 (closed) | Pending |
| SecResearch | @joernchen | !107356 (merged) |
|
| SecAssurance | @jburrows001 | !107367 (closed) | Pending |
-
Add Architecture activity: https://gl-csf.about.gitlab-review.app/handbook/security/gl-csf/architecture.html -
Add template for Architecture description -
Reference the gl-csf CI/CD template
Author Checklist
-
Provided a concise title for this Merge Request (MR) -
Added a description to this MR explaining the reasons for the proposed change, per say why, not just what - Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added.
-
Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI) - If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
Maintained bysection on the page being edited - If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
- If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
-
If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR - If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.
Edited by Philippe Lafoucrière