Software Development Lifecycle Policy
Purpose
Secure software development is critical to developing and maintaining a safe and trusted application. This policy outlines the general components of GitLab’s software development lifecycle.
Scope
This policy applies to anyone developing, reviewing, and merging code at GitLab in support of GitLab’s production applications.
Roles and responsibilities
| Role | Responsibility |
|---|---|
| Security Governance | Responsible for creating and implementing this policy |
| Team members | Responsible for execution of the policy statements |
Policy
In-scope development activities are performed in accordance with GitLab’s product development flow. (SA-3)
Development activities are performed with security, confidentiality, and availability principles in mind. (PL-8, SA-8)
Test data used throughout the development process is subject to GitLab’s Data Classification Standard (SA-3(2))
Standard
For further details, please review GitLab’s Software Development Lifecycle Standard.
Exceptions
Exceptions to this procedure will be tracked as per the Information Security Policy Exception Management Process.
9b1c2d9e)
