Our goal is to provide Insider Threat features for your applications as well as GitLab itself. We will help proactively identify malicious activity, accidental risk, compromised user accounts or infrastructure components, anomalous use of the GitLab platform, and various high-risk behaviors where actionable remediation steps are possible.
The following people are permanent members of the Anti-Abuse Group:
Who | Role |
---|---|
Alex Buijs | Senior Fullstack Engineer |
Eugie Limpin | Senior Fullstack Engineer |
Guillermo De los Santos García | Senior Backend Engineer |
Hinam Mehra | Fullstack Engineer |
Jay Swain | Engineering Manager |
Jensen Stava | Sr. Product Manager |
Building the team and detecting and preventing spam and cyrptomining abuse of the GitLab SaaS platform.
Our team uses a hybrid of Scrum for our project management process. This process follows GitLab's monthly milestone release cycle.
(Sisense↗) We also track our backlog of issues, including past due security and infradev issues, and total open SUS-impacting issues and bugs.
(Sisense↗) MR Type labels help us report what we're working on to industry analysts in a way that's consistent across the engineering department. The dashboard below shows the trend of MR Types over time and a list of merged MRs.
Our team use the following workflow stages defined in the Product Development Flow:
We use an epic roadmap to track epic progress on a quarterly basis.
We use a team specific issue board to track issue progress on a daily basis. Issue boards are our single source of truth for the status of our work. Issue boards should be viewed at the highest group level for visibility into all nested projects in a group.
We follow the iteration process outlined by the Engineering function.
Refinement is the responsibility of every team member. Every Friday, Slack will post a refinement reminder in our group channel. During refinement, we make sure that every issue on the issue board is kept up to date with the necessary details and next steps.
Each engineer is expected to provide a quick async issue update by commenting on their assigned issues using the following template:
<!---
Please be sure to update the workflow labels of your issue to one of the following (that best describes the status)"
- ~"workflow::In dev"
- ~"workflow::In review"
- ~"workflow::verification"
- ~"workflow::blocked"
-->
### Async issue update
1. Please provide a quick summary of the current status (one sentence).
1. When do you predict this feature to be ready for maintainer review?
1. Are there any opportunities to further break the issue or merge request into smaller pieces (if applicable)?
1. Were expectations met from a previous update? If not, please explain why.
We do this to encourage our team to be more async in collaboration and to allow the community and other team members to know the progress of issues that we are actively working on.
Our team follows the Product Development Timeline as our group is dependent on the GitLab self-managed release cycle.
We use issue labels to keep us organized. Every issue has a set of required labels that the issue must be tagged with. Every issue also has a set of optional labels that are used as needed.
Required labels
~devops::anti-abuse
~group::anti-abuse
MR labels can mirror issue labels (which is automatically done when created from an issue), but only certain labels are required for correctly measuring engineering performance.
Required labels
~devops::anti-abuse
~group::anti-abuse
We tag each issue and MR with the planned milestone or the milestone at time of completion.
Our group holds synchronous meetings to gain additional clarity and alignment on our async discussions. We aspire to record all of our meetings as our team members are spread across several time zones and often cannot attend at the scheduled time.
We have a weekly team meeting with rotating EMEA/AMER and AMER/APAC friendly time slots: Weds 14:30 UTC and Thurs 00:00 UTC.
Meetings will be recorded and automatically syncd to Google Drive as per our handbook, for example jswain@gitlab.com-Anti-abuse team sync - AMER/EMEA.