Centralized Security Alert Management for customers
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
During the recent security incident, notifications were sent only to potentially affected individual users and paid group owners. For enterprise organizations, this creates a critical visibility gap—security teams lack awareness of these alerts unless they happen to be group owners or affected users themselves.
This siloed notification approach can result in missed security incidents, delayed response times, and increased organizational risk, as centralized security teams remain unaware of threats affecting their GitLab environment.
Requested by customer in #614724
Proposal
Enable enterprise organizations to designate centralized security email addresses that automatically be notified of all security notifications distributed to any user or group within their GitLab environment, ensuring comprehensive security visibility and governance across the organization.
Desired User experience:
- Enterprise group owners to configure security notification email settings in the top-level group settings, OR
- Security email configured at the billing account level.
- Security teams to receive consolidated notifications with clear indication of which groups/users were affected