Security Threat Management

Security Threat Management Sub-Department

The Security Threat Management sub-department is responsible for identifying and remediating vulnerabilities or threats that may impact GitLab, our Team Members or our Customers and the community at large.

Security Threat Management Mission

The Security Threat Management sub-department’s mission is to support the business and our overall security efforts by ensuring that we are focused on real world threats and vulnerabilities that impact us. We accomplish this by:

  • working closely with engineering, product, infrastructure, and other security department teams
  • designing and deploying vulnerability and threat management processes
  • conducting in-depth security related research and assessments
  • transparently communicating important information externally to customers and the community alike


The Security Threat Management sub-department includes the following teams. Learn more about each by visiting their Handbook pages.

  • Security Research specialists conduct internal testing and research against GitLab assets, against FOSS that is critical to GitLab products and operations, and against vendor products being considered for purchase and integration with GitLab.
  • Security Red Team conducts real word adversarial exercises and collaborates with our defensive and detection teams.
  • Security Threat & Vulnerability Management focuses on ensuring that vulnerabilities are identified and mitigated in an easy but consistent manner. This team covers our infrastructure, code base and other pieces of GitLab’s infrastructure.

Red Team
GitLab's internal Red Team extends the objectives of penetration testing by examining the security posture of the organization and their ability to implement effective cyber defenses.
Security Research
Team Focus Security Research focuses on identifying, investigating, and developing solutions for security problems for which current best practices are not sufficient. This work is focused on improving the security posture of the product and the company, but always with an eye for contributing new functionality as a differentiator. Additionally, we aim to share our results as widely as appropriate in order to educate fellow team members and bring awareness to the Gitlab Security program.
Vulnerability Management
This is a Controlled Document Inline with GitLab’s regulatory obligations, changes to controlled documents must be approved or merged by a code owner. All contributions are welcome and encouraged. Vulnerability Management is the continual process of identifying, prioritizing, mitigating and remediating vulnerabilities. At GitLab we identify vulnerabilities in a number of different ways depending on the component being analyzed. This process and assosciated tooling is owned by the Vulnerability Management team.
Last modified September 6, 2023: Replace taps with spaces (69f17a79)