Inconsistencies between Security Developer Workflow and Security MR template
In general/security/developer.md we only say "ping the appsec group gitlab-com/gl-security/appsec
" whereas the security MR template says to assign to a reviewer who is NOT a maintainer, and then asks that reviewer to directly assign to the security release bot.
There is no mention of assigning to a maintainer for final review before the bot, and also no mention of pinging appsec in dev (in dev, the appsec team group does not exist).
We should consider making sure that the review pipeline is clear in both places.