Allow for redaction of code in email notifications

Proposal

Customers in highly regulated industries often have requirements for keeping code within the bounds of accredited systems. Customers should have the ability to redact code snippets from transactional emails sent by GitLab.

In the case of our Department of Defense (DoD) customers, some of them my have the Authority to Operate (ATO) Internet-connected instances of GitLab accredited for "For Official Use Only" (FOUO) code. A subset of these instances have contractors, employed by federal systems integrators (FSI), registered with their company email addresses. Email notifications sent to these users may contain snippets of classified code that should not be exposed to unsanctioned systems, such as the mail servers of FSIs. This would result in a data spill, which could be in violation of the organization's ATO as well as federal law.

This risk is documented in our DoD Runbook as part of our public sector handbook (internal only).

Interim solution

As an interim solution for minimizing the risk of data spillage, concerned customers should disable email notifications and instead rely on the To-Do List from within the GitLab UI.