Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Defend Section

Vision

Defend our customers' applications and infrastructure from the ever-evolving exploitation techniques employed by those who wish to harm our customers.

Mission

Launch GitLab developed security technologies and integrate open-source projects to provide security controls for customers.

Employ security controls for our customers at the container, network, host, and application layers.

Provide features to allow customers to manage their security risks effectively and efficiently.

For more details, see the Defend stage.

Team Members

The following people are permanent members of the Defend Section:

Person Role
Wayne Haber Director of Engineering, Defend
Philippe Lafoucrière Distinguished Backend Engineer, Secure, Defend
Lindsay Kerr Frontend Engineering Manager, Defend
New Vacancy - Thomas W. (Interim) Backend Engineering Manager, Defend

Backend

Person Role
New Vacancy - Thomas W. (Interim) Backend Engineering Manager, Defend
Jonathan Schafer Backend Engineer, Defend
Arthur Evstifeev Backend Engineer, Defend
Zamir Martins Filho Backend Engineer, Defend

Frontend

Person Role
Lindsay Kerr Frontend Engineering Manager, Defend
Daniel Tian Senior Frontend Engineer, Defend
New Vacancy - Sam B. (Interim) Frontend Engineer, Defend

Stable Counterparts

The following members of other functional teams are our stable counterparts:

Person Role
Achilleas Pipinellis Senior Technical Writer, Create, Package, Monitor, Secure, Defend
Andy Volpe Senior Product Designer, Defend
Valerie Karnes UX Manager, Secure & Defend
Lucas Charles Senior Backend Engineer, Secure:Static Analysis, Defend
Mark Florian Senior Frontend Engineer, Secure, Defend
Daniel Tian Senior Frontend Engineer, Defend
New Vacancy - Sam B. (Interim) Frontend Engineer, Defend
Jonathan Schafer Backend Engineer, Defend
Arthur Evstifeev Backend Engineer, Defend
Zamir Martins Filho Backend Engineer, Defend
Samuel White Senior Product Manager, Defend:Application Infrastructure Security
Matt Wilson Senior Product Manager, Defend
Rebecca 'Becka' Lippert Product Designer, Defend
Tali Lavi UX Researcher, Secure & Defend and Ops (Interim)
Greg Myers Support Engineer, Self-managed (Americas Central), Defend

Defend Team

The Defend Team is responsible for defending applications, networks and infrastructure from security intrusions. The team maps to the defend transversal page. You can learn more about our approach on the Defend Vision page.

Categories

There are a few product categories that are critical for success here; each one is intended to represent what you might find as an entire product out in the market. We want our single application to solve the important problems solved by other tools in this space - if you see an opportunity where we can deliver a specific solution that would be enough for you to switch over to GitLab, please reach out to the PM for this stage and let us know.

Each of these categories has a designated level of maturity; you can read more about our category maturity model to help you decide which categories you want to start using and when.

WAF

A Web Application Firewall (WAF) is able to examine traffic being sent to an application and can block malicious traffic before they reach your application. This category is at the "minimal" level of maturity.

Documentation • Strategy

Threat Detection

Detect and respond to security threats. This category is planned, but not yet available.

Strategy

Vulnerability Management

Security dashboards to help you manage vulnerabilities in your application. This category is planned, but not yet available.

Strategy

Container Network Security

This category is planned, but not yet available.
Strategy

RASP

When applications are deployed to production, they are subject to real security threats that may lead to unauthorized access to sensitive data. Runtime Application Self Protection (RASP) actively monitor and block threats before they can exploit vulnerability in the target application. This category is planned, but not yet available.

Strategy

UEBA

User and Entity Behavior Analytics (UEBA) is a machine learning solution to analyze normal and aberrant behavior. This category is planned, but not yet available.

Strategy

DDoS Protection

Detect and mitigate Distributed Denial-of-Service (DDoS) attacks targeting your application infrastructure.

Responsible Disclosure

GitLab believes in responsibly disclosing software vulnerabilities. As such, GitLab is becoming an authorized provider of CVE IDs to researchers and information technology vendors. We will be integrating CVE ID request solution which will be available within our Secure and Defend Categories.

Defend YouTube Playlist

You can find demos of features, team meetings, release kick-offs, public group sessions, and more in the Defend YouTube Playlist.

Label Usage

If you are submitting an issue about a Defend Stage feature, use devops::defend and one of the following group labels. Doing this will get the issue in front of the most appropriate team members and will make it so that Defend Stage work is tracked appropriately for various metrics.

Label Use
devops::defend All issues related to the Defend Stage
group::threat management Vulnerability Management, Responsible Disclosure
group::application infrastructure security Container Network Security, Threat Detection, DDoS Protection
group::runtime application security WAF, RASP

Additional labels should be added according to the Workflow Labels Documentation.

Release process

Our release process is specified in this project. The vulnerability database is updated on a regular basis.

Skills

Because we have a wide range of domains to cover, it requires a lot of different expertises and skills:

Technology skills Areas of interest
Ruby on Rails Backend development
Go Backend development
Javascript Frontend development
SQL (PostgreSQL) Various
Docker/Kubernetes Threat Detection
Network Security Container network security
Host Security Various

Engineering Grooming & Planning

To maximize our velocity and meet our deliverables, we follow a grooming process for all issues.

Product Documentation

TBD

Highlights on how we operate

How to work with us

While we love to get contributions from our users in the community, we also strive to attract talents in the Engineer teams of this stage to bring our product to the next level.

Check out our Defend promotion video to learn more:

Our open positions are listed on the GitLab Jobs page: Select "Defend" Under "Engineering", then "Developement".