Issue or Merge Request awarded! See https://about.gitlab.com/handbook/engineering/security/security-awards-program.html

Issue or Merge Request nominated for a security award. See https://about.gitlab.com/handbook/engineering/security/security-awards-program.html

Appsec team - Issue closed as determined by backlog review

Appsec team - Issue needs additional input to complete backlog review

Appsec team - Security issue that needs review as part of backlog review

Appsec team - Issue reclassified as no longer a vulnerability as determined by backlog review

Signifies that this security-backlog issue has been reviewed by an Appsec team member

Appsec team - a team member is reviewing this issue

Appsec team - Issue determined eligible for risk acceptance as determined by backlog review

Appsec team - Valid security issue as determined during backlog review

In relation with the Security Champions Program - https://about.gitlab.com/handbook/engineering/security/security-champions-program.html

When applied to Confidential ~security issues indicates that public/canonical Merge Requests can be opened against it.

Security issue is missing a group:: label (automated label)

Security issue has been escalated (automated label)

Subscribes the issue for automatic notifications related to security releases. This label is meant for use on Security Implementation Issues on the security mirror projects.

Issues for improving security release workflow

Security issue needs a milestone with (future) dates (automated label)

Security issues is missing severity or priority label (automated label)

Security implementation issues with this label will be automatically considered for the next scheduled security release. The evaluation runs around the top of each hour.

Security issue to be triaged by the AppSec team (automated label)