Incorporate ML model for CI abuse
Problem to solve
There is no machine learning capability in GitLab's Pipeline Validation Service which uses the External Pipeline Validation capabilities of Gitlab CI to prevent CI Abuse.
Intended users
Further details
We are planning as a first step to leverage an existing machine learning (ML) model created by the GitLab security team. By baking it into the product, we will:
- productize an in house tool so we can both dogfood and release this functionality to self-managed users
- prove the deployment model for packaging and shipping ML models, including hardening/obfuscating the model to minimize reversing techniques
- have a first feature for our broader UEBA vision, will drive infrastructure as well as UX foundations for configuration and monitoring
Proposal
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
Edited by Kenny Johnston