Security Configuration

Version history
cautionThis feature might not be available to you. Check the version history note above for details.

The Security Configuration page displays what security scans are available, links to documentation and also simple enablement tools for the current project.

To view a project’s security configuration, go to the project’s home page, then in the left sidebar go to Security & Compliance > Configuration.

For each security control the page displays:

  • Security Control: Name, description, and a documentation link.
  • Manage: A management option or a documentation link.

UI redesign

Version history
  • Introduced in 14.0 for GitLab Free and Premium, behind a feature flag, disabled by default.
  • Enabled on GitLab.com for Free & Premium.
  • Recommended for production use.
  • It can be enabled or disabled for a single project.
  • To use in GitLab self-managed instances, ask a GitLab administrator to enable it.
  • Introduced in 14.1 for GitLab Ultimate, behind a feature flag, disabled by default.
  • Disabled on GitLab.com.
  • Not recommended for production use.
  • It can be enabled or disabled for a single project.
  • To use in GitLab self-managed instances, ask a GitLab administrator to enable it.
cautionThis feature might not be available to you. Check the version history note above for details.

The Security Configuration page has been redesigned in GitLab Free and Premium. The same functionality exists as before, but presented in a more extensible way.

For each security control the page displays:

  • Its name, description and a documentation link.
  • Whether or not it is available.
  • A configuration button or a link to its configuration guide.

Status

Version history

The status of each security control is determined by the project’s latest default branch CI pipeline. If a job with the expected security report artifact exists in the pipeline, the feature’s status is enabled.

If the latest pipeline used Auto DevOps, all security features are configured by default.

For SAST, click View history to see the .gitlab-ci.yml file’s history.

Manage

You can configure the following security controls:

Enable or disable UI redesign

The Security Configuration redesign is under development, but is ready for production use. It is deployed behind a feature flag that is disabled by default. GitLab administrators with access to the GitLab Rails console can enable it.

To enable it:

# For the instance
Feature.enable(:security_configuration_redesign)
# For a single project
Feature.enable(:security_configuration_redesign, Project.find(<project id>))

To disable it:

# For the instance
Feature.disable(:security_configuration_redesign)
# For a single project
Feature.disable(:security_configuration_redesign, Project.find(<project id>))

Enable or disable UI redesign for Ultimate

The Security Configuration redesign is under development, and is not ready for production use. It is deployed behind a feature flag that is disabled by default. GitLab administrators with access to the GitLab Rails console can enable it.

To enable it:

# For the instance
Feature.enable(:security_configuration_redesign_ee)
# For a single project
Feature.enable(:security_configuration_redesign_ee, Project.find(<project id>))

To disable it:

# For the instance
Feature.disable(:security_configuration_redesign_ee)
# For a single project
Feature.disable(:security_configuration_redesign_ee, Project.find(<project id>))