The Security Risk Team has performed a StORM Risk Assessment and needs to add this risk to ZenGRC.

Architecture blueprints described at https://about.gitlab.com/handbook/engineering/architecture

Secure: Issues being worked on by the Secure Analyzer Frontend Team

SaaS services for the US Public Sector

Issue has gone through Quad Planning process (PM,Dev,UX,QE) and does not require any additional action

SaaS services for the US Public Sector

Label to communicate potential security operational risks to the Security Risk Team

Issues or MRs that introduce user-facing changes or impact the user experience. Applying this label to issues will signal a need for a designer.

Issues related to Pipeline Directed Acyclic Graphs https://docs.gitlab.com/ee/ci/directed_acyclic_graph/

Additional information is required to support the Security Risk Team's StORM Risk Assessment

Issues related to authoring the .gitlab-ci.yml file and CI YAML configuration (https://docs.gitlab.com/ee/ci/yaml/) but excludes issues handled by another label such as "CI rules"

Issues related to Persistence (workspaces, caching). Does not include artifacts, which is its own label

The Security Risk Team performed a StORM Risk Assessment and determined that the potential risk identified is out of scope for the StORM program because it is not considered an operational security risk.

Label used to note the Security Risk Team is currently assessing a potential risk

Priority 1 for the assigned milestone.

This label is for things related to the Risk and Field Security team

Priority 2 for the assigned milestone.

Priority 3 for the assigned milestone.

Priority 4 for the assigned milestone.

Issues related to CI rules or linting

We will address this as soon as possible regardless of limit on our team capacity. See https://about.gitlab.com/handbook/engineering/quality/issue-triage/#priority

We will address this soon and will provide capacity from our team for it in the next few releases. See https://about.gitlab.com/handbook/engineering/quality/issue-triage/#priority

We want to address this but may have other higher priority items. See https://about.gitlab.com/handbook/engineering/quality/issue-triage/#priority

We don't have visibility when this will be addressed. See https://about.gitlab.com/handbook/engineering/quality/issue-triage/#priority

Issues related to current milestone's top product priorities for the Pipeline Execution group in the Verify stage

Issues related to next milestone's top product priorities for the Pipeline Execution group in the Verify stage

Issues related to future milestone's top product priorities for the Pipeline Execution group in the Verify stage