At GitLab, we are public by default, but some information is classified as internal or limited access. This page provides details on confidentiality levels.
We make things public by default because transparency is one of our values. Some things can't be made public and are either internal to the company or have limited access even within the company. If something isn't listed in the sections below we should make it available externally.
Some things are internal, available internally but not externally. In instances where a topic should only be accessible to team members, but we would otherwise have a page in the public handbook, it can be added to GitLab's internal handbook. Background on the internal handbook can be found in the public handbook. It is okay to refer to the public handbook or the internal and public handbooks in agregate as "the handbook." The internal handbook should always be referred to as the "internal handbook."
The following items are internal:
The items below are not shared with all team members. Limited access is a more severe restriction than internal.
Some projects require limited access internally due to the confidential or sensitive nature of the project, including but not limited to projects related to the items listed above. Often, in order to maintain the necessary confidentiality of these types of initiatives, we assign a code name for the project. For consistency and to make it easier to identify the genesis of these projects and their organizational affiliations, we've established the following naming conventions.
Project code names can be overused. Code names should only be used for projects in which the leaking of a descriptive name (even without access to any related content) would be a problem. There are two cases where the project name should be used instead of a name that clearly describes the project.
In many cases, key project or initiative content will be MNPI or limited access, but we do not use a code name. In these cases, it is okay for folks to have a sense of what is being worked on, but the exact details are sensitive. For example:
Once there is no longer a need to limit access of the project's existence for limited access or MNPI reasons, the code name for the project should be retired. Please note that a project does not need to be promoted (e.g., publishing a blog post) in order to be deemed publicly disclosed (i.e., not confidential); publishing the information in GitLab’s external Handbook will suffice. If there are any questions about whether a project still requires the use of the code name, please contact the DRI for such project or contact the Legal Team via the #safe Slack channel.
|CEO||Pets / Animals|
|Corporate Development||Movie / TV Show characters|
|Engineering||Hex color names|
|Finance||Sports team names|
|Legal||TV Shows / Movies|
|Marketing||One name famous people|
|Product||Famous Mountain Peaks|
|Sales||Car model names|