Labels

Add this label when AppSec's SAST rules were helpful, informative, and/or not unhelpful. See https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules

Apply this label if AppSec's SAST rules were unhelpful and/or incorrect. See https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules

Denotes issues used for the security release process retrospective in the Application Security team

Label to organize all issues related to Atlassian Integration

Actions which can permanently affect the state of an instance, group, project or data are key events that we want to maintain a log of, since they generally cannot be undone.

Because the data in an instance is very sensitive, we will record logs of actions that are used to copy, mirror, or export that data.

Events likely to generate a high volume of data that could affect performance. This type of event could be served in Webhook-based audit events.

Tokens such as Personal Access Tokens can give anyone who holds them the permissions the token has. Steps done with these tokens will be logged in case a token falls into inappropriate hands and the changes made with it need to be undone.

Users may try to temporarily subvert restrictive settings to avoid a compliance control or policy, which may could pose a problem in an audit.

Anything related to escalating roles, for example users may inappropriately elevate their permissions to access other parts of the product

If a change is made to something like a template or project label, it could potentially be disruptive to the workflow of the teams using it, so we will log those actions.

Used for helping organize new audit event issues. Please tag Category::Audit Events and group::compliance as well when using this label.

Issues related to authentication, including OAuth, LDAP, and SAML: http://doc.gitlab.com/ce/integration/README.html

Indicate that this should be auto closed. Remove it if undesired. Check https://gitlab.com/gitlab-org/quality/triage-ops