diff options
author | Kathy Wang <kwang@gitlab.com> | 2019-04-02 00:26:32 +0000 |
---|---|---|
committer | Kathy Wang <kwang@gitlab.com> | 2019-04-02 00:26:32 +0000 |
commit | 0013b9d66efacf57cbcac562fd11e04c9014c846 (patch) | |
tree | 14bd308ae4487c7438436832a5209f0b9618d35b | |
parent | 58a6cc872378606c69c21dd9d1519e82304a5ad5 (diff) | |
download | gitlab-ce-asaba-default-templates.tar.gz |
Update Default.mdasaba-default-templates
-rw-r--r-- | .gitlab/merge_request_templates/Default.md | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/.gitlab/merge_request_templates/Default.md b/.gitlab/merge_request_templates/Default.md index c8066389e82..07d87c3c668 100644 --- a/.gitlab/merge_request_templates/Default.md +++ b/.gitlab/merge_request_templates/Default.md @@ -33,9 +33,12 @@ Make sure to remove this comment when you are done. ## Community Contributions - [ ] Maintainer: Label as ~security and @ mention `@gitlab-com/gl-security/appsec` if the change affects: - - [ ] authentication: passwords, oauth, etc. - - [ ] authorization and permissions: permissions checks (for example, changes visibility of a UI element), token usage, etc. - - [ ] handling and storage of secrets, for example, any field that uses `attr_encrypted` + - [ ] Processing credentials/tokens + - [ ] Storing credentials/tokens (e.g., any field that uses `attr_encrypted`) + - [ ] Logic for privilege escalation + - [ ] Authorization logic (e.g., permissions checks such as changes visibility of a UI element, token usage, etc.) + - [ ] User/account access controls + - [ ] Authentication mechanisms (e.g., passwords, oauth, etc.) - [ ] Maintainer: Does the MR include necessary changes to maintain consistency between UI, API, email, or other methods? - [ ] Security Engineer: review if labeled as ~security, ~permissions. |