Working with Security

On this page


Occasionally, users will reach out to security [at] gitlab [dot] com with questions that may be better addressed by Support (e.g., help resizing a repository in response to a mass notification).

Other times, users will reach out to Support to report a security issue.

General Guidelines

Support issues identified as needing transfer to security should be treated with the same caution as any other suspicious email:

Identifying Issues for Transfer to Security

Identifying Issues for Transfer to Support


Transfer from Security to Support

In the case that something ended up in the Security inbox and was forwarded on via email:

  1. Open the ticket in ZenDesk.
  2. Depending on the content of the forward, you can usually change the requestor to the user. Sometimes, it's preferable to create a new ticket. In either case, proceed as if it's a regular ticket from a user.
  3. Often, these tickets will lack the name and email address of the user. You can usually find the original email by searching in the #security-alert-manual channel (everything emailed to security [at] is also shared there). Should that search turn up short, feel free to reach out to the individual who forwarded the ticket for this information.

Transfer from Support to Security

In the case that a security issue was reported through a support ticket:

  1. Update the assignee in ZenDesk to Security