Opportunities for security automation originate from the day-to-day operations of other teams, active security abuse, and from internal requirements. If you have an automation idea for anything security-related at GitLab, please add the security-automation label to your issue and we will prioritize requests during our bi-weekly meeting.
The security pager creates the /security command to create urgent security issues as designed to support the security on-call process.
The h1-gitlab project is a suite of tools for integrating HackerOne with GitLab. It creates the /h1import command in our many Slack channels.
GitLab uses many third-party services with audit trails that must be centralized for thread analysis and detection.
All service logs are stored in a special security-only ELK cluster.
|1Password||Activity Log CLI||Investigating||Poll|
|Google Suite||Reports API (Watch)||Complete||Webhook||gsuite-ingestor|
|Slack||Audit Log API||Blocked||Poll|