Security Division Ecosystem
This page outlines the Security Division ecosystem, by describing the different processes of our departments. These processes, represented with diagrams, highlight the data flows between our teams but also with external actors like the Product or the Engineering divisions.
This page describe how to maintain the Security Division ecosystem.
Scope of the Security Ecosystem
Every process where Security is involved should be documented in this page. Each Security Department is represented and responsible for their own diagrams.
Diagrams are maintained by the team or department responsible for the process described. The ecosystems should be available in each departments subfolders, so that the
CODEOWNERS file is leveraged to require the right approvers. A dedicated page is recommanded for each department, and even each sub-department.
The Security Division Ecosystem should be maintained and updated as processes are updated to keep it as the single source of truth for these processes. The Security Leadership will review the ecosystem diagrams prior to every offsite.
In order to maintain consistency across all diagrams and this ecosystem in general, we use the Mermaid native integration in GitLab and in this Handbook.
Diagrams were created during the FY24-Q2 Security Leadership Offsite and are available in the Security Google Drive (only available for team members of the Security Division) until they are migrated in the handbook.
While sequence diagrams links are not yet supported, it can be useful to add links above or below ecosystem diagrams to runbooks or other documentation.
The Mermaid DSL for sequence diagrams already define how participants and interactions are declared. Use the following guidelines and recomm
Use sequence numbers (
autonumber) to get a sequence number attached to each arrow. This helps the reading of the sequences and let us reference a part of the diagram if necessary.
sequenceDiagram autonumber participant H1 as HackerOne participant SE as SecEng H1->>SE: Hackerone report SE-->>H1: Validation
You can use alternative paths (
alt) to express “or” conditions.
sequenceDiagram autonumber participant H1 as HackerOne participant TM as Threat Management participant SE as SecEng alt Report/Research/Threat TM->>SE: Threat else H1->>SE: Hackerone report end
- Mermaid sequence diagrams documentation
- FY24-Q2 Offsite: Ecosystem diagrams issue related to the creation of this page.