Skip to content

Latest commit

 

History

History
84 lines (64 loc) · 5.57 KB

File metadata and controls

84 lines (64 loc) · 5.57 KB
type stage group info
reference, howto
Secure
Static Analysis
To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments

Security configuration (FREE)

The Security configuration page lists the following for the security testing and compliance tools:

  • Name, description, and a documentation link.
  • Whether or not it is available.
  • A configuration button or a link to its configuration guide.

To determine the status of each security control, GitLab checks for a CI/CD pipeline in the most recent commit on the default branch.

If GitLab finds a CI/CD pipeline, then it inspects each job in the .gitlab-ci.yml file.

  • If a job defines an artifacts:reports keyword for a security scanner, then GitLab considers the security scanner enabled and shows the Enabled status.
  • If no jobs define an artifacts:reports keyword for a security scanner, then GitLab considers the security scanner disabled and shows the Not enabled status.

If GitLab does not find a CI/CD pipeline, then it considers all security scanners disabled and shows the Not enabled status.

Failed pipelines and jobs are included in this process. If a scanner is configured but the job fails, that scanner is still considered enabled. This process also determines the scanners and statuses returned through the API.

If the latest pipeline uses Auto DevOps, all security features are configured by default.

To view a project's security configuration:

  1. On the left sidebar, at the top, select Search GitLab ({search}) to find your project.
  2. Select Secure > Security configuration.

Select Configuration history to see the .gitlab-ci.yml file's history.

Security testing

You can configure the following security controls:

Compliance (ULTIMATE)

You can configure the following security controls: