Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Defend Stage

The defend stage is in the "Secure & Defend" sub-department (with the secure stage).


Protect our customers' cloud-native applications, services, and infrastructure from the ever-evolving threat landscape.

FY21 Vision

By the end of FY21:


Launch GitLab developed security technologies and integrate open-source projects to provide security controls for customers.

Employ security controls for our customers at the container, network, host, and application layers.

Provide features to allow customers to manage their security risks effectively and efficiently.

For more details, see the Defend stage.

Team Members

The following people are permanent members of the Defend Stage:

Person Role
Wayne Haber Director of Engineering, Defend
Philippe Lafoucrière Distinguished Backend Engineer, Secure, Defend
Lindsay Kerr Frontend Engineering Manager, Defend
Thiago F. Backend Engineering Manager, Defend


Person Role
Thiago F. Backend Engineering Manager, Defend
Jonathan Schafer Backend Engineer, Defend
Arthur Evstifeev Backend Engineer, Defend
Zamir Martins Filho Backend Engineer, Defend
Mehmet. I. Backend Engineer, Defend
Alan (Maciej) Paruszewski Backend Engineer, Defend
Michał Zając Backend Engineer, Defend


Person Role
Lindsay Kerr Frontend Engineering Manager, Defend
Daniel Tian Senior Frontend Engineer, Defend
Savas Vedova Senior Frontend Engineer, Defend
Alexander Turinske Frontend Engineer, Defend

Stable Counterparts

The following members of other functional teams are our stable counterparts:

Person Role
Achilleas Pipinellis Senior Technical Writer, Create, Package, Monitor, Secure, Defend
Andy Volpe Senior Product Designer, Defend
Valerie Karnes UX Manager, Secure & Defend
Lucas Charles Senior Backend Engineer, Secure:Static Analysis, Defend
Mark Florian Senior Frontend Engineer, Secure, Defend
Samuel White Senior Product Manager, Defend:Application Infrastructure Security
Matt Wilson Senior Product Manager, Defend
Rebecca 'Becka' Lippert Product Designer, Defend
Amy Qualls Senior Technical Writer and stable counterpart, Defend

Defend Team

The Defend Team is responsible for defending applications, networks and infrastructure from security intrusions. The team maps to the defend transversal page. You can learn more about our approach on the Defend Vision page.

Open-source projects

The defend team makes use of a number of open source projects including:


There are a few product categories that are critical for success here; each one is intended to represent what you might find as an entire product out in the market. We want our single application to solve the important problems solved by other tools in this space - if you see an opportunity where we can deliver a specific solution that would be enough for you to switch over to GitLab, please reach out to the PM for this stage and let us know.

Each of these categories has a designated level of maturity; you can read more about our category maturity model to help you decide which categories you want to start using and when.


A Web Application Firewall (WAF) can examine traffic being sent to your web application and can detect then block malicious traffic before it reaches them. The ModSecurity WAF is installed via Auto DevOps behind the ingress controller in your Kubernetes cluster. It is configured by default to run the OWASP ModSecurity core ruleset. This category is at the "minimal" level of maturity.

Priority: medium • DocumentationDirection

Container Behavior Analytics

Detect and respond to security threats at the Kubernetes, network, and host level. This category is planned, but not yet available.

Priority: high • Direction

Vulnerability Management

View, triage, trend, track, and resolve vulnerabilities detected in your applications. This category is planned, but not yet available.

Priority: high • Direction

Container Network Security

Container network security allows the implementation of network policies in Kubernetes to detect and block unauthorized network traffic between pods and to/from the Internet. This category is at the "minimal" level of maturity.

Priority: medium • DocumentationDirection


User and Entity Behavior Analytics (UEBA) is a solution that uses machine learning and other technologies to detect, alert, and block on anomalous behavior by users and systems. This category is planned, but not yet available.

Priority: high • Direction

Responsible Disclosure

GitLab believes in responsibly disclosing software vulnerabilities. As such, GitLab is becoming an authorized provider of CVE IDs to researchers and information technology vendors. We will be integrating CVE ID request solution which will be available within our Secure and Defend Categories.

Priority: low

Defend YouTube Playlist

You can find demos of features, team meetings, release kick-offs, public group sessions, and more in the Defend YouTube Playlist.

Label Usage

If you are submitting an issue about a Defend Stage feature, use devops::defend and one of the following group labels. Doing this will get the issue in front of the most appropriate team members and will make it so that Defend Stage work is tracked appropriately for various metrics.

Label Use
devops::defend All issues related to the Defend Stage
group::threat management Vulnerability Management, Responsible Disclosure
group::application infrastructure security Container Network Security, Threat Detection, DDoS Protection
group::runtime application security WAF, RASP

Additional labels should be added according to the Workflow Labels Documentation.

Release process

Our release process is specified in this project. The vulnerability database is updated on a regular basis.


Because we have a wide range of domains to cover, it requires a lot of different expertises and skills:

Technology skills Areas of interest
Ruby on Rails Backend development
Go Backend development
Javascript Frontend development
SQL (PostgreSQL) Various
Docker/Kubernetes Threat Detection
Network Security Container network security
Host Security Various

Engineering Grooming & Planning

To maximize our velocity and meet our deliverables, we follow a grooming process for all issues.

Product Documentation Process

As the product evolves, it is important to maintain accurate and up to date documentation for our users. If it is not documented, customers may not know a feature exists.

To update the documentation, follow this process:

  1. When an issue has been identified as needing documentation, add the ~Documentation label and outline in the description of the issue what documentation is needed.
  2. Assign a Backend Engineer and Technical Writer to the issue. To find the appropriate TW, search the product categories.
  3. For documentation around features or bugs, a Backend Engineer should write the documentation and work with the technical writer for editing. If the documentation only needs styling cleanup, clarification, or reorganization, the Technical Writer should lead the work, with support from a Backend Engineer as necessary. The availability of a technical writer should in no way hold up work on the documentation.

Further information on the documentation process.

Highlights on how we operate

How to work with us

While we love to get contributions from our users in the community, we also strive to attract talents in the Engineer teams of this stage to bring our product to the next level.

Check out our Defend promotion video to learn more:

Our open positions are listed on the GitLab Jobs page: Select "Defend" Under "Engineering", then "Developement".