Application and rate limit guidelines

GitLab, like most large applications, enforces limits in certain features. The absences of limits can affect security, performance, data, or could even exhaust the allocated resources for the application.

Every new feature should have safe usage limits included in its implementation. Limits are applicable for:

• System-level resource pools such as API requests, SSHD connections, database connections, and storage.
• Domain-level objects such as compute quota, groups, and sign-in attempts.

When limits are required

1. Limits are required if the absence of the limit matches severity 1 - 3 in the severity definitions for limit-related bugs.
2. GitLab application limits documentation must be updated anytime limits are added, removed, or updated.

Additional reading

• Existing GitLab application limits
• Product processes: introducing application limits
• Development documentation: guide for adding application limits
• Infrastructure guide to rate limits: rate limit architecture
• A guide for when, where, and how to configure rate limits: managing rate limits