Labels

Issues about the Integration of Security Reports in GitLab. This covers both internal and 3rd party scanners

Indicates the issue is a request from the Security Department

Applied to tools and capabilities needed for secure management of GitLab platform.

Area of interest for Security Architecture

Issue or Merge Request awarded! See https://about.gitlab.com/handbook/engineering/security/security-awards-program.html

Issue or Merge Request nominated for a security award. See https://about.gitlab.com/handbook/engineering/security/security-awards-program.html

Appsec team - Issue closed as determined by backlog review

Appsec team - Issue needs additional input to complete backlog review

Appsec team - Security issue that needs review as part of backlog review

Appsec team - Issue reclassified as no longer a vulnerability as determined by backlog review

Signifies that this security-backlog issue has been reviewed by an Appsec team member

Appsec team - a team member is reviewing this issue

Appsec team - Issue determined eligible for risk acceptance as determined by backlog review

Appsec team - Valid security issue as determined during backlog review

In relation with the Security Champions Program - https://about.gitlab.com/handbook/engineering/security/security-champions-program.html

When applied to Confidential ~security issues indicates that public/canonical Merge Requests can be opened against it.

Security issue is missing a group:: label (automated label)

Security issue has been escalated (automated label)

Subscribes the issue for automatic notifications related to security releases. This label is meant for use on Security Implementation Issues on the security mirror projects.

Issues for improving security release workflow