Product Security Incident Response Team (PSIRT) Services Overview
Last updated: May 27, 2025
Product Security Incident Response Team (PSIRT)
The Product Security Incident Response Team (PSIRT) analyzes and validates reports of vulnerabilities in GitLab products and services, and works with GitLab engineers and product teams to remediate and mitigate security vulnerabilities to protect customers. The PSIRT also manages GitLab’s Coordinated Vulnerability Disclosure program.
The PSIRT’s responsibility includes the fifth and final Secure Developer Experience (SDX) pillar. SDX is a developer UX centered approach to traditional DevSecOps practices.
- SDX: Maintain: establishment of an incident response plan, managing Coordinated Vulnerability Disclosure, bug bounty program administration, and critical product security incident response release and post-release operations.
Helpful Quicklinks
Root Cause Analysis for Critical Vulnerabilities
Application Security Engineer Handling priority::1/severity::1 Issues
Application Security Engineer Working With SIRT
General process for the application security team in patch releases
Handling unintended vulnerability disclosures
How to handle upstream security patches
Learn how to identify or remediate security issues using real examples with GitLab’s Reproducible Vulnerabilities.
Learn how GitLab is implementing Reproducible Builds for our build processes.
How to Contact the Product Security Incident Response Team
- Mention
@gitlab-com/gl-security/product-security/psirton GitLab - Ask in
#sec-appsecand mention@psirt-teamon Slack - For cross team collaboration improvement opportunities, use this template for collaboration improvement opportunities
Content Review and Updates
This page will be reviewed quarterly to ensure alignment with company and divisional priorities, the GitLab Security product roadmap, and relevant business and operational changes. Updates may occur more frequently as business operations evolve.
Next scheduled review: June 30, 2025
09c47ea1)
