GitLab Hardening Recommendations
- Tier: Free, Premium, Ultimate
- Offering: GitLab Self-Managed, GitLab Dedicated
This documentation is for GitLab instances where the overall system can be “hardened” against common and even not-so-common attacks. It is not designed to completely eradicate attacks, but to provide strong mitigation thereby reducing overall risk. Some of the techniques apply to any GitLab deployment, such as SaaS or self-managed, while other techniques apply to the underlying OS.
These techniques are a work in progress, and have not been tested at scale (such as a large environments with many users). They have been tested on a self-managed single instance running a Linux package installation, and while many of the techniques can translated to other deployment types, they may not all work or apply.
Most of the listed recommendations provide specific recommendations or reference choices one can make based upon the general documentation. Through hardening, there may be impact to certain features your users may specifically want or depend on, so you should communicate with users and do a phased rollout of hardening changes.
The hardening instructions are in five categories for easier understanding. They are listed in the following section.
GitLab hardening general concepts
This details information on hardening as an approach to security and some of the larger philosophies. For more information, see hardening general concepts.
GitLab application settings
Application settings made using the GitLab GUI to the application itself. For more information, see application recommendations.
GitLab CI/CD settings
CI/CD is a core component of GitLab, and while application of security principles are based upon needs, there are several things you can do to make your CI/CD more secure. For more information, see CI/CD Recommendations.
GitLab configuration settings
Configuration file settings used to control and configure the
application (such as gitlab.rb) are documented separately. For more information, see the
configuration recommendations.
Operating System settings
You can adjust the underlying operating system to increase overall security. For more information, see the operating system recommendations.
NIST 800-53 compliance
You can configure GitLab Self-Managed to enforce compliance with the NIST 800-53 security standard. For more information, see NIST 800-53 compliance.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support