Incorporate ML model for CI abuse

Problem to solve

There is no machine learning capability in GitLab's Pipeline Validation Service which uses the External Pipeline Validation capabilities of Gitlab CI to prevent CI Abuse.

Intended users

Sidney (Systems Administrator)
Sam (Security Analyst)

Further details

We are planning as a first step to leverage an existing machine learning (ML) model created by the GitLab security team. By baking it into the product, we will:

productize an in house tool so we can both dogfood and release this functionality to self-managed users
prove the deployment model for packaging and shipping ML models, including hardening/obfuscating the model to minimize reversing techniques
have a first feature for our broader UEBA vision, will drive infrastructure as well as UX foundations for configuration and monitoring

Proposal

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references

Edited Jun 07, 2021 by Kenny Johnston