Fixing a lot more threat insights references, and bringing back the svg

1. Search within the [Product Categories](/handbook/product/categories/) handbook page. On this page, you can do a Command ⌘ + F search for the feature in question. For example, if the question is on Review Apps, you can do a Command ⌘ + F search to see that the Review Apps feature is under the [Pipeline Security](/handbook/product/categories/#pipeline-security-group) group. If the question is related to our product roadmap, you can review the direction page associated with each product group.

1. Search within the documentation. Let's say you are wondering which product group could help with a question on [GitLab's Security Dashboard](https://docs.gitlab.com/ee/user/application_security/security_dashboard/). If you scroll to the bottom of the page and click `View page source`, you'll see which product Stage and Group the Security Dashboard rolls up to. In this case, it's the Threat Insights group.

1. Search within the documentation. Let's say you are wondering which product group could help with a question on [GitLab's Security Dashboard](https://docs.gitlab.com/ee/user/application_security/security_dashboard/). If you scroll to the bottom of the page and click `View page source`, you'll see which product Stage and Group the Security Dashboard rolls up to. In this case, it's the Security Insights group.

![image-1.png](/images/customer-success/csm/researching-customer-questions/image-1.png)

1. You can also determine the right product group by reviewing epics/issues related to the feature. For example, when researching [Customizable Roles and Permissions](https://gitlab.com/groups/gitlab-org/-/epics/4035), you see on the right-hand side under labels that Authentication and Authorization is the appropriate group.

  - Security Policies group - [handbook](/handbook/engineering/development/sec/security-risk-management/security-policies/)

  - Security Platform Management group

  - Security Insights group - [handbook](/handbook/engineering/development/sec/security-risk-management/security-insights/)

  - Security Infrastructure group - [handbook](/handbook/engineering/development/sec/security-risk-management/security-infrastructure/)

It is important to delineate who the EM and PM DRIs are for every functionality, especially where this may not be obvious. This is documented on a dedicated [delineation page](delineate-sec.html).

---

title: Secure / Govern sub-department delineation

description: "Definition of what engineering group is responsible for features in the Secure and Govern stages of the GitLab product"

title: Sec sub-department delineation

description: "Definition of what engineering group is responsible for features in the AST and SRM stages of the GitLab product"

---

{{<devops-diagram "Application Security Testing"  "Security Risk Management">}}

## Why does this page exist?

In the spirit of establishing a [DRI](/handbook/people-group/directly-responsible-individuals/) for each set of functionality where this may not be obvious, the purpose of this page is to explicitly define which engineering group has reponsibility for which portions of the product and for specific decisions.

Depending on the context, the security reports can be stored in the database or stay as Report Artifacts for on-demand access.

This part is mainly covered by the [Threat Insights group](/handbook/product/categories/#threat-insights-group).

Though, the boundaries can sometimes be a bit blurry so [we're trying to delineate this as clearly as possible](/handbook/engineering/development/sec/delineate-sec/#technical-boundaries).

## ClickHouse Datastore

| [Code quality](https://gitlab.com/gitlab-org/gitlab/-/issues/338280) | [#336178](https://gitlab.com/gitlab-org/gitlab/-/issues/336178) | Secure:Static Analysis | [@mfangman](https://gitlab.com/mfangman) | [@jannik_lehmann](https://gitlab.com/jannik_lehmann) |

| [License compliance](https://gitlab.com/gitlab-org/gitlab/-/issues/338281) | [#336177](https://gitlab.com/gitlab-org/gitlab/-/issues/336177) | Secure:Composition Analysis | [@andyvolpe](https://gitlab.com/andyvolpe) | [@farias-gl](https://gitlab.com/farias-gl) |

| [Metrics](https://gitlab.com/gitlab-org/gitlab/-/issues/338282) | [#336176](https://gitlab.com/gitlab-org/gitlab/-/issues/336176) | Verify:Pipeline Security | [@gdoyle](https://gitlab.com/gdoyle) | [@mfluharty](https://gitlab.com/mfluharty) |

| [Security](https://gitlab.com/gitlab-org/gitlab/-/issues/338283) | [#336175](https://gitlab.com/gitlab-org/gitlab/-/issues/336175) | Security Risk Management:Threat Insights  | [@beckalippert](https://gitlab.com/beckalippert) | [@svedova](https://gitlab.com/svedova) |

| [Security](https://gitlab.com/gitlab-org/gitlab/-/issues/338283) | [#336175](https://gitlab.com/gitlab-org/gitlab/-/issues/336175) | Security Risk Management:Security Insights  | [@beckalippert](https://gitlab.com/beckalippert) | [@svedova](https://gitlab.com/svedova) |

| [Terraform](https://gitlab.com/gitlab-org/gitlab/-/issues/338284) | [#336174](https://gitlab.com/gitlab-org/gitlab/-/issues/336174) | Configure | [@andlovu](https://gitlab.com/andlovu) | [@anna_vovchenko](https://gitlab.com/anna_vovchenko)  |

| [Test summary](https://gitlab.com/gitlab-org/gitlab/-/issues/338285) | [#336173](https://gitlab.com/gitlab-org/gitlab/-/issues/336173) | Verify:Pipeline Security | [@gdoyle](https://gitlab.com/gdoyle) | [@mfluharty](https://gitlab.com/mfluharty) |

| [Status checks](https://gitlab.com/groups/gitlab-org/-/epics/7066) | [#336172](https://gitlab.com/gitlab-org/gitlab/-/issues/336172) | Software Supply Chain Security:Compliance | [@cam.x](https://gitlab.com/cam.x) | [@xanf](https://gitlab.com/xanf) |