Security Configuration

Version history

The Security Configuration page displays the configuration state of each security control in the current project.

To view a project’s security configuration, go to the project’s home page, then in the left sidebar go to Security & Compliance > Configuration.

For each security control the page displays:

  • Security Control: Name, description, and a documentation link.
  • Status: The security control’s status (enabled, not enabled, or available).
  • Manage: A management option or a documentation link.


The status of each security control is determined by the project’s latest default branch CI pipeline. If a job with the expected security report artifact exists in the pipeline, the feature’s status is enabled.

For SAST, click View history to see the .gitlab-ci.yml file’s history.

Note: If the latest pipeline used Auto DevOps, all security features are configured by default.


You can configure the following security controls:

  • Auto DevOps
    • Click Enable Auto DevOps to enable it for the current project. For more details, see Auto DevOps.
  • SAST
  • DAST Profiles
    • Click Manage to manage the available DAST profiles used for on-demand scans. For more details, see DAST on-demand scans.