Sec Support Pod

A technical interest Support Pod focused on GitLab Sec Section features.

Sec Pod is a technical interest Support Pod focused on GitLab Sec section features.

Secure Pod members

Purpose, key results and exit criteria (if any)

Sec Pod is a way for Support Engineers interested in Sec section features to work on relevant tickets and projects together.

The goals of Sec pod are to:

  • identify underlying patterns and trends across Sec tickets
  • file targeted issues and detailed bug reports to improve our Sec features
  • submit MRs to GitLab documentation for self-service support and ticket deflection
  • assist customers and team members with problems and questions involving Sec section features

FAQ

How can I get involved in Sec Pod?

  1. Talk with your manager.
  2. Submit a merge request to add 'Support Focus: Secure' to your ZenDesk Groups in the Support Team data.
  3. Let your teammates and groupmates know about your new focus area.
  4. Join #spt_pod_sec Slack channel.
  5. Attend Sec Pod pairing sessions. (Check GitLab Support calendar for meeting times)

How the Sec Pod works

  • In the #spt_pod_sec Slack channel, we pin Slack messages about 🎫 tickets that we are keeping an eye on for colleagues, typically when they are out of the office.
    • During 🍐 pairing sessions, check the pinned messages to see if the tickets there require attention.
    • If you pin a ticket, please remove it when it no longer requires attention from the pod.
  • We apply the scoped pod::secure label to the pairing issues that we create.

Support Pod Resources

  • Weekly session: “Sec Pod Pairing” on the GitLab Support Team Calendar, currently scheduled Thursdays at 3:00 PM UTC.
  • Slack channel: #spt_pod_sec GitLab.com label: ~“devops::secure”

Sec Pod Troubleshooting Resources

Secure Stage

SAST (Static Application Security Testing)

Secret Detection

Dependency Scanning

DAST (Dynamic Application Security Testing)

IaC (Infrastructure as Code) Scanning

Security Dashboard / Vulnerability Report

Security Scan Policies

Code Quality

Technically owned by Secret Detection, but not related to security vulnerabilities.

Container Scanning

License Scanning

Fuzz testing

Learning Resources