GitLab Security Project Classification

How GitLab uses security attributes to classify projects for security workflows

How classification works

GitLab projects are classified using security attributes. This helps Security identify product-related projects, prioritize security work, and support security workflows that rely on project classification.

A centralized pipeline keeps security attributes aligned with the Data team’s product inventory. For implementation details, see the related project.

Security attributes schema

The current schema covers product classification. Expansion is planned for future use cases.

Category Attribute Description
Classification Product Project contains code we ship to customers, or is part of building and delivering that code

Making changes

  1. New projects: Follow the creating a new project guidelines. Classification will be applied automatically once the project appears in the product inventory.
  2. Incorrect or missing classification: Submit an MR to the Data team’s product inventory to add or correct the entry. The sync pipeline will apply the attribute change within 24 hours.
  3. Proposed schema changes: Open an issue in product-security-meta to discuss with the product security team before making changes.
Last modified May 21, 2026: Feature: Add project security classification attributes (918667cb)
View page source - Edit this page - please contribute. Creative Commons License