Labels

Direct product contributions from the Security Division's Security Platforms and Architecture Team

Candidate issues for the Product Security Engineering team https://handbook.gitlab.com/handbook/security/security-engineering/product-security-engineering/

Work performed to build, maintain, or augment outside-of-the-product custom tooling needed to satisfy Product Security requirements.

An MR that modifies existing non-vulnerable functionality to be more robust if an “earlier” security control fails.

A new tool, method, class, check that, gives GitLab’s contributors an easier way to perform an activity securely.

The work type isn’t entirely clear yet, but we don’t want to block progress for now.

Functionality required by GitLab Product Security teams.

Work done as part of the effort to integrate functionality from custom in-house tooling into a GitLab product.

Product Security Engineering Priority Level 1. This issue requires immediate attention and should be worked on as soon as possible. Typically, it is added to the next milestone or addressed during the current one if a team member has extra capacity

Product Security Engineering Priority Level 2. This issue is essential but can wait for a few milestones.

Product Security Engineering Priority Level 3. This issue is a nice-to-have, but we do not commit to a specific timeline.

Issues specifically used to solicit feedback about features

Applies to GitLab's product management frameworks, product development flow, product strategy and planning.

This label is for actions coming out of quarterly product team operations and process retrospectives.

For work being performed by the Product Security Engineering Team: https://handbook.gitlab.com/handbook/security/product-security/product-security-engineering/