Application Security Team Organization

Application Security page on how the team is organized

This page provides you with the resources:

  • To understand how the work of the team is organised
  • To know in which repositories we are performing our work

Work Organization

The Application Security team organizes the work on a monthly milestone basis. To know more how we do it, please consult our specific milestone planning page here

Important Repositories

The Application Security team maintains several key repositories that support our mission. These repositories enable collaboration with Engineering and Product teams while maintaining our security standards and processes.

Team organization and planning

Purpose: Central repository for team operations, issue tracking, and cross-team collaboration
Location: appsec-team tracker
Key Uses:

  • Track team initiatives and operational improvements
  • Coordinate cross-team collaboration efforts
  • Plan milestone work

Application Security reviews

Purpose: Repository to request and perform AppSec reviews
Location: appsec-team reviews
Key Uses:

  • Feature design reviews
  • Architecture assessments

Learn more about our security review process in our dedicated page).

Security Tools & Automation

Purpose: Houses our automation tooling
Location: Tooling repository
Key Uses:

  • Automation scripts

Threat Modeling Resources

Purpose: Templates and documentation for threat modeling activities
Location: Threat modeling repository
Learn More: Threat Modeling Process

PSIRT Operations

Purpose: Central repository for PSIRT team operations and issue tracking.
Location: gitlab-com/gl-security/product-security/appsec/psirt
Learn More: PSIRT Services

Useful Information For External Customers

Public Security Resources

Documentation

Last modified June 24, 2025: Re-organize the metrics section and add an appsec organization section (441b836f)
View page source - Edit this page - please contribute. Creative Commons License