-
Add some high level import security guidance 0 of 1 checklist item completed
- Merged
- 7
- 1
- Approved
updated -
Reintroduce custom AppSec scanning 1 of 1 checklist item completed
- Merged
- 21
- Approved
updated -
Implement path dependent feed_token 1 of 1 checklist item completed
- Merged
- 56
- 1
- Approved
updated -
Add prefix to feed and incoming mail tokens 1 of 1 checklist item completed
- Merged
- 28
- Approved
updated -
Trigger depSASTer downstream when Gemfile.checksum changes 0 of 1 checklist item completed
- Merged
- 28
- Approved
updated -
Add warning about fully protected after push 0 of 1 checklist item completed
- Merged
- 7
- Approved
updated -
Prefixes OAuth Application Secrets with gloas 2 of 2 checklist items completed
- Merged
- 32
- 1
- Approved
updated -
Add dependency review automation 1 of 1 checklist item completed
- Merged
- 27
- 1
- Approved
updated -
Add scenario where codeowners approval becomes optional 0 of 1 checklist item completed
- Merged
- 4
- Approved
updated -
Clarify how deploy keys and user accounts interact 0 of 1 checklist item completed
- Merged
- 11
- Approved
updated -
Allow administrators to provide public security contact information 12 of 12 checklist items completed!138259 16.7Category:Compliance Management GitLab Free GitLab Premium GitLab Ultimate ProdSecEngMetricPending Technical Writing backend database database-testing-automation databasereviewed devopsgovern direction documentation frontend groupcompliance pipeline:mr-approved releasedcandidate sectionsec security teamProduct Security Engineering typefeature workflowpost-deploy-db-production
- Merged
- 70
- Approved
updated -
Add a prefix to deploy tokens 5 of 5 checklist items completed!138438 16.7Category:Continuous Delivery ProdSecEngMetricDefense in Depth Technical Writing backend devopsdeploy documentation featureenhancement frontend groupenvironments pipeline:mr-approved releasedcandidate sectioncd security security-backlogneeds-input teamProduct Security Engineering twfinished typefeature workflowpost-deploy-db-production
- Merged
- 36
- Approved
updated -
Update security contact and vulnerability disclosure info 1 of 1 checklist item completed
- Merged
- 5
- Approved
updated -
Add a prefix to SCIM tokens behind a feature flag 3 of 4 checklist items completed!139737 16.8GitLab Premium GitLab Ultimate ProdSecEngMetricDefense in Depth Technical Writing backend devopsgovern direction documentation feature flag frontend groupauthentication pipeline:mr-approved releasedcandidate sectionsec security teamProduct Security Engineering typefeature workflowpost-deploy-db-production
- Merged
- 33
- Approved
updated -
!140159 16.8CI job token Category:Secrets Management ProdSecEngMetricDefense in Depth backend devopsverify documentation feature flag feature flagexists featureaddition frontend grouppipeline security pipeline:mr-approved releasedcandidate sectionci security teamProduct Security Engineering typefeature workflowpost-deploy-db-production
- Merged
- 25
- Approved
updated -
Basic logic for tracking projects/groups visits in the backend 1 of 1 checklist item completed!123554 16.4Data WarehouseNot Impacted Technical Writing backend database database-testing-automation databaseapproved devopsmanage documentation feature flag featureenhancement frontend grouppersonal productivity pipeline:mr-approved releasedpublished sectiondev security typefeature workflowpost-deploy-db-production
- Merged
- 217
- Approved
updated -
Prevent deploy token bypass for external authentication 0 of 1 checklist item completed
- Merged
- 47
- Approved
updated -
!142037 16.9Category:Continuous Integration Data WarehouseNot Impacted Deliverable HackerOne VerifyP1 WeaknessCWE-284 backend bugvulnerability cicdactive databasereview pending devopsverify grouppipeline execution pipeline:mr-approved priority3 releasedcandidate sectionci security security-fix-in-public severity3 typebug workflowproduction
- Merged
- 80
- Approved
updated -
Consider packages_enabled when return packages visible to user 1 of 1 checklist item completed!132391 16.5
- Merged
- 47
- Approved
updated -
Exclude global search path from the path traversal check middleware 1 of 1 checklist item completed
- Merged
- 25
- Approved
updated