Secure GitLab

Tier: Free, Premium, Ultimate Offering: GitLab.com, Self-managed, GitLab Dedicated

General information

This section covers some general information and recommendations regarding the platform.

Recommendations

For more information about improving the security posture of your GitLab environment, see the hardening recommendations.

Antivirus software

Generally, running an antivirus software on the GitLab host is not recommended.

However, if you must use one, all of the location of GitLab on the system should be excluded from scanning as it could be quarantined as a false positive.

Specifically, you should exclude the following GitLab directories from scanning:

  • /var/opt/gitlab
  • /etc/gitlab/
  • /var/log/gitlab/
  • /opt/gitlab/

You can find all those directories listed in the Linux package configuration documentation.

User accounts

Data access

Platform usage and settings

Patching

Self-managed GitLab customers and administrators are responsible for the security of their underlying hosts, and for keeping GitLab itself up to date. It is important to regularly patch GitLab, patch your operating system and its software, and harden your hosts in accordance with vendor guidance.

Monitoring

Logs

Response

Rate limits

For information about rate limits, see Rate limits.