[spondyl]

I don't know if any Gitlabbers are in the comments but I'd be interested to know: Is this basically your internal asset register open sourced?

I suppose they're not particularly top secret but there could be a version that has some more sensitive data and this is a safe derivative for example. Similarly, such an asset register would likely have non-technical assets as well while this just seems to be tangible, technical things?

I figure any large company with a risk management function will already have/need such a spreadsheet (or document), complete with some sort of data classifications to exist for auditing reasons so the interesting step is maintaining it out in the public.

Kudos to Gitlab for having the culture to allow this sort of stuff :)

[coleca]

You'd be surprised the scale of companies that do not have this data. Or how many companies think they know where their data is but really don't. Especially with the proliferation of the SaaS services like you see in Gitlab's diagram. It's very easy for someone in the accounting or marketing department to sign up for something on their department's PCard and the IT / security / etc departments have no idea that company data is being kept there.

[sytse]

On the go to market side the registry is a Google Sheet. On the GitLab.com infrastructure side it is an app we made that isn’t integrated into GitLab.

I’m seeing if we can move the sheet to the handbook and integrate the app into GitLab itself.

[throwaway_pdp09]

Err, what is an internal asset register?

[throwaway55554]

An asset register is how companies keep track of their assets. Any software license, computer, monitor, keyboard, copy machine, etc. the company claims as an asset is tracked in the register.

[ecnahc515]

Basically an inventory system.