Status Docs

How We Use GitHub Labels For Security Processes

“Security: Skip” - no need to do a threat analysis for this issue

“Security: Approved” - all the critical threats were found and mitigated
(from the Security Champion PoV)

“Security: Exception” - not all the critical threats were mitigated, but
this issue can be merged anyway as an exception.


  • the non-mitigated risks to be linked in the PR/GHI;

  • add an explanation of why it is an exception;

  • PO and TO of the particular team should be aware of this exception.

Last update: 2023-12-09