The Security Configuration page displays the configuration state of each security control in the current project.
To view a project’s security configuration, go to the project’s home page, then in the left sidebar go to Security & Compliance > Configuration.
For each security control the page displays:
- Security Control: Name, description, and a documentation link.
- Status: The security control’s status (enabled, not enabled, or available).
- Manage: A management option or a documentation link.
The status of each security control is determined by the project’s latest default branch CI pipeline. If a job with the expected security report artifact exists in the pipeline, the feature’s status is enabled.
For SAST, click View history to see the
.gitlab-ci.yml file’s history.
You can configure the following security controls:
- Auto DevOps
- Click Enable Auto DevOps to enable it for the current project. For more details, see Auto DevOps.
- Click either Enable or Configure to use SAST for the current project. For more details, see Configure SAST in the UI.
- DAST Profiles
- Click Manage to manage the available DAST profiles used for on-demand scans. For more details, see DAST on-demand scans.