Issues related to the Single Engineer Group section

Service Mangement Section

Items related to managing secure stage configuration, policy or rules to more than one project at a time

Engineering work that cuts across the entire secure stage and how we strategically think about the BE/FE experience in a holistic way.

Anything related to the vulnerability-check rule, aka security gates or security approvals, in the MR.

Issues related to enabling secure scans to run in offline self-managed instances also called air-gap or limited connectivity

Customer ability to edit Settings, Configuration, and Policy enforcement related to Secure stage categories and features.

Issues that could affect or benefit from the Generic Report Schema detailed at &4466

Issues that need engineering refinement from a given Secure backend team (please use in conjunction with group label).

Issues that need engineering refinement from the Secure Frontend team.

Issues related to the security of GitLab or its dependencies. Please report vulnerabilities responsibly per https://about.gitlab.com/security/disclosure/

Issues related to the Security Dashboard

Issues about Security Reports in Merge Request or Pipeline

Issues about the Integration of Security Reports in GitLab. This covers both internal and 3rd party scanners

Indicates the issue is a request from the Security Department

Area of interest for Security Architecture

Issue or Merge Request awarded! See https://about.gitlab.com/handbook/engineering/security/security-awards-program.html

Issue or Merge Request nominated for a security award. See https://about.gitlab.com/handbook/engineering/security/security-awards-program.html

Appsec team - Issue closed as determined by backlog review

Appsec team - Issue needs additional input to complete backlog review