### Release notes Filter your assets by their business impact, application, BU, internet exposure, and more to efficiently gain insight into the security risks that are most impactful to your business. ### Problem to solve Security teams need to be able to quickly identify the greatest risks to their business. Attributes that relate to projects and scan results help highlight risk, but they do not necessarily help customers hone in on the greatest risks to their business. Being able to rank projects by their business impact and sort by application or BU allows security teams to focus their efforts on mitigating the most important risks. ### Proposal Add an attribute (potentially a label, which would mirror the workflow for adding compliance frameworks?) customers can manually apply to their groups and/or projects. This attribute should include multiple tiers/classes that customers can assign and then filter on. The filter will likely be consumed by these pages: * Security Inventory * Security Dashboard * Vulnerability Report * Security Policies ### Feature Naming The name of this feature and the associated levels/tiers/classes that can be applied should be thought through more thoroughly. Words like "criticality" or "risk" should be avoided as these will lead to confusion with vulnerabilities and risk scores. See https://gitlab.com/gitlab-org/gitlab/-/issues/498615 for a few possibilities. ### Requirements * Feature is available in the Ultimate tier * Chosen classification/filtering system for projects must allow for: * Static tags that can be applied but not edited (Ex. 5 business risk categories) * Flexible tags that can be edited by customers (Ex. application: X, BU: x to tie multiple projects together without relying on GitLab's hierarchy since these projects may span different groups) * Pre-defined label categories and label names that can't be deleted include: * Business impact * Mission Critical * Business Critical * Business Operational * Business Administrative * Non-essential * Application (all filter names can be customized) * Business Unit (all filter names can be customized) * Internet exposure (could be named something else) * True * False * Lifecycle stage (could be named something else) * Production * Development <!--triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION--> > [!important] > > This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc. <!--triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION-->