The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
Stage | Secure |
Content Last Reviewed | 2024-04-19 |
Content Last Updated | 2024-04-19 |
Secret Detection is a group in the Secure stage. There are two categories in the group and details on the direction can be viewed on the following individual category pages:
We believe that the world is safer when everyone can contribute to software security. Our customers, and those they serve, are better protected when developers and security professionals can fix potential security risks earlier.
The earliest possible time to catch a security issue is when the code is first written. GitLab sees code very early in the software development lifecycle, since we store production code and also support customer workflows (like merge requests) for pre-production development. So, our group is uniquely positioned to integrate static analysis everywhere as part of a comprehensive DevSecOps platform. We can do what others can't by making security omnipresent, and by supporting collaboration right in the tools that development teams are already using to do their jobs.
Building on those fundamental beliefs, the Secret Detection group's business purpose is to build value for GitLab and our customers…
We are responsible for ensuring that customers can use GitLab Ultimate to:
Our responsibility is for the full customer experience—not just security analyzers or specific software systems we maintain. At times this may mean:
We will do what it takes to deliver these customer results—our customers use the entire product to do their jobs, so it's important that we collaborate effectively with other groups to deliver end-to-end results.
Name | Rationale | Needs | Status/progress |
---|---|---|---|
Create assumptive Jobs To Be Done for Secret Detection remediation workflow | Existing JTBDs focus more on AppSec vulnerabilities that can be remediated with a new code change; secret leaks can't be fixed that way. New JTBD canvas should explore the security incident response job performer in greater detail to prepare for larger changes to Secret Detection. | Collaborate with UX Research | UXR starting soon |
Big-picture design for revamped Secret Detection | We're getting ready to implement new architectural patterns for Secret Detection based on recent technical research. As we plan new flows and system components, we should take the opportunity to make sure we are meeting our job performers' needs well. | Collaborate with UX Research on JTBDs; create low-fidelity designs or other artifacts to show users will complete their jobs | Not yet started |
*This page may contain information related to upcoming products, features and functionality.
It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes.
Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.*