To provide guidance and insight into our incident response process. Incident response is a key aspect of GitLab’s overall security program. This guidance will provide all in scope individuals the information they need to help GitLab ensure incidents are reported, investigated and handled in such a way that minimize security events or data loss.
The definition of an incident is the first step in determining how to report an incident.
Security Team Incident: Any violation, or threat of violation, of GitLab security, acceptable use or other relevant policies.
Infrastructure Team Incident: Anomalous conditions that result in, or may lead to, service degradation or outages.
This guidance is meant to support all GitLab team members, contractors, advisors, contracted parties interacting with GitLab, customers, individual contributors or any external entity that has a need to report an identified or suspected incident.
Incidents at GitLab are separated into two workflows depending on the type of incident reported. This guidance provides links to the associated handbook pages that define specific actions or processes from either our Security Team or our Infrastructure Team. Actions from either of these processes are meant to minimize the impact, operationally or financially, of critical business operations.
A. If you are able to determine the type of incident that has been suspected or identified, report your incident to either Security or Infrastructure.
A. Security:
Internally or externally through various pathways
Internally only via Slack or Email
B. Infrastructure:
Externally through the support web form. Incident response times are based on your SLA
Internally via on-call
A. Security:
B. Infrastructure:
A. Security:
B. Infrastructure:
A. Security:
Managing the flow of information via Communication
B. Infrastructure:
Managing the flow of information via Communication
A. Security:
B. Infrastructure:
