Security attributes

  • Tier: Ultimate
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

Security teams can now apply metadata specific to their own organization and business needs to projects using security attributes.

Security attributes are organized by categories based on:

  • Business impact
  • Application
  • Business unit
  • Internet exposure
  • Location

By applying these attributes across your projects, you can much more quickly identify which projects require action based on your own organizations risk posture and business needs. With security attributes, you can:

  • Identify projects that are mission critical and require stronger scan coverage.
  • Review scan coverage for each application or business unit.
  • Locate projects that contribute to publicly accessible and exposed applications.

Track the development of the security inventory in epic 16939. Share your feedback as development continues on this feature.

Manage security attributes for groups

Prerequisites:

  • You must have the Maintainer or Owner role in the group to manage security attributes.

To manage security attributes for a group:

  1. On the top bar, select Search or go to and find your group.
  2. Select Secure > Security configuration.

Manage security attributes for projects

Prerequisites:

  • You must have the Maintainer or Owner role in the project to manage security attributes.

To manage security attributes for a project:

  1. On the top bar, select Search or go to and find your project.
  2. Select Secure > Security configuration.
  3. Select the Security attributes tab.

Troubleshooting

When working with the security attributes, you might encounter the following issues.

Security configuration menu item missing

Some users do not have the required permissions to access the Security configuration menu item. The menu item only displays for groups when the authenticated user has the Maintainer or Owner role.

To manage security attributes, ask a maintainer to complete the configuration changes or request the Maintainer role from your administrator, if necessary.