GitLab has chosen to restrict the ability to install apps, and we have a process to approve or restrict certain apps for our workspace. In order to integrate a new app with existing applications in our tech stack such as Slack, you need to create a vendor approval issue.
The process to determine if a review is needed is based on the vendor's inherent risk rating, which is determined by risk factors that we identified subject to GitLab. The steps included in the vendor approval issue are meant to gather the information so that the Risk and Field Security team can complete the scoring.
||101 - 999 ==
||1 - 100 ==
|Volume||Over 20,000 records
or volume of data ==
|5,001 - 19,999 ==
||Less than 5,000 ==
|Contractor Access / Integration||Corporate user account
(GitLab.com, GCP, etc.)
/ 10+ systems integrated ==
|Read/write access to
specific data sets (limited push/pull)
/ 4-9 integrated systems ==
|Receives a file of
(no access to GitLab systems)
/ 1-3 systems ==
|Compliance Frameworks in-scope||Two or more ==
|Data Classification||Red ==
Risk Score High : 36 + Moderate : 9 - 35 Low : less than 8
Once the vendor approval issue has been approved by all parties, please request approval to add the app to Slack following the steps below:
Please note that this is only required for new apps that have not been reviewed or approved. If your request is to add a new process or update an existing process for how an application works in slack, please refer to our Business Technology Change Management process.
If you need to add an app/plugin that connects with other systems owned by IT (not Slack), please create an issue in the Team Member Enablement Issue tracker and follow the steps outlined there.