The Trust and Safety team is a sub department of the Security Team at GitLab that forms part of the Security Operations subdepartment in Security at GitLab Inc and are tasked with the mitigation of Abuse on gitlab.com.
Mission
Our mission is to help build and maintain user trust, while keeping the GitLab platform safe and harm-free to help enable everyone to contribute.
We aim to achieve this by building a culture of care, protection, and a respect for privacy. We aim to stop the “bad” while also enabling the “good”.
Vision
Our vision for GitLab Trust and Safety is to build a team and tooling capable of achieving both accuracy and scale in our work.
We want to make our corner of the internet a little safer, but also be the best internet citizens we can be by helping to detect and report abuse externally.
For Open Source Program Partners, Premium and Ultimate customers that would like to discuss, and potentially improve, your current abuse prevention and mitigation strategies, you can reach us at abuse@gitlab.com. Include any relevant information as to the abuse issue you are currently experiencing to help us provide the most relevant information.
Abuse prevention/mitigation feature requests or suggestions should be created in the Feature Proposal issue from the provided templates in the Project, add the ~Abuse Prevention label.
Feature proposals can be submitted for the following:
You can tag @gitlab-com/gl-security/security-operations/trust-and-safety and @gitlab-org/modelops/anti-abuse to review the GitLab issue.
GitLab team members can reach Trust and Safety via
Slack: #abuse channel using the team Slack handle: @trust-and-safety
Non-urgent queries should be created in our Operations Tracker or tag us (@gitlab-com/gl-security/security-operations/trust-and-safety) in the issue and notify us in the #abuse slack channel.
For URGENT issues that require the immediate attention of the Trust and Safety team, use the /security Slack slash command, the command triggers the Trust and Safety Escalation Workflow and requests that you file an incident using a form. The form asks questions about the incident, which will help the Trust and Safety Team automatically determine severity and priority. Depending on which labels get assigned, the Trust and Safety on-call will be paged.
URGENT Trust and Safety issues are defined as instances of user generated abuse :
that is or has a high probability of resulting in service degradation or outages of GitLab.com and/or its features.
on GitLab.com that has the potential of causing significant legal, financial or reputational damage or liability to the company.
Non GitLab team members
Non GitLab members should use the report Abuse button to report abuse.
If you are running your own GitLab instance and looking for some tips and tricks to manage abuse on your instance, have a look at our DIY page for more information.
Detailed abuse reports can be reported via abuse@gitlab.com
If you would like to submit a more detailed report, you can do this by emailing abuse@gitlab.com where a member of our team will review your report.
Reinstating your gitlab.com account
Requests to have your reinstated can be done by reaching out to our Support Team.
Exceptions
Malware for Research Purposes
Making use of GitLab.com services to deliver malicious executables or as attack infrastructure is prohibited under the [GitLab Acceptable Use Policy] [link to be added once AUP has been launched].
We do however understand that making such technical details available for research purposes can benefit the wider community, and as such it will be allowed as an exception to our if the content meets the following criteria:
GitLab takes the intellectual property rights of others seriously and require that our users do the same. The Digital Millennium Copyright Act (DMCA) established a process for addressing claims of copyright infringement. If you own a copyright or have authority to act on behalf of a copyright owner and want to report a claim that a third party is infringing that material on or through GitLab’s services, review the Submitting a DMCA Notice section further below.
You can open an Account Reinstatement request with GitLab Support
Select GitLab.com (SaaS) user accounts and login issues and complete the form.
Wait for feedback from the support team.
DMCA Requests
I received a DMCA request and my Account is Blocked?
If you received a DMCA request for your account, you can do one of the following.
Review the request and determine whether or not you would like to submit a counter notice.
If you want to submit a counter notice, visit the Intellectual property on gitlab.compage.
Alternatively, you can agree to remove the copyright content from your account immediately.
Trademark Requests
I received a Trademark request and my Account is Blocked
Should you receive a Trademark take down request, you can do one of the following.
Agree to submit proof that you own the rights to use the reported Trademark.
Alternatively, you can agree to speedily remove the trademark content from your account.
Reported or Blocked Accounts
My account was reported for abuse, what can I do?
Should your account be blocked, continue to reach out to the GitLab support team to have your account reinstated.
My account was blocked for no reason
If you notice that your account was blocked, you can;
Reach out to GitLab Support to obtain more information on getting the block removed.
My account was blocked soon after signing up
If your account gets blocked soon after signing up, you can;
Reach out to GitLab Support to obtain more information on getting the block removed.
Security Research
Can I host Security Research tools?
Making use of GitLab.com services to deliver malicious executables or as attack infrastructure is prohibited under the GitLab Website Terms of Use (Section 3, “Responsibility of Website Visitors”).
