Security attributes
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
- Status: Beta
The availability of this feature is controlled by feature flags. For more information, see the history.
Security teams can now apply metadata specific to their own organization and business needs to projects using security attributes.
Security attributes are organized by categories based on:
- Business impact
- Application
- Business unit
- Internet exposure
- Location
By applying these attributes across your projects, you can much more quickly identify which projects require action based on your own organizations risk posture and business needs. With security attributes, you can:
- Identify projects that are mission critical and require stronger scan coverage.
- Review scan coverage for each application or business unit.
- Locate projects that contribute to publicly accessible and exposed applications.
This feature is in beta. Track the development of security attributes in epic 18010. Share your feedback in issue 576032 with us as we continue to develop this feature. The security attributes feature is disabled by default.
Manage security attributes for groups
Prerequisites:
- You must have at least the Maintainer role in the group to manage security attributes.
To manage security attributes for a group:
- On the left sidebar, select Search or go to and find your group.
- Select Secure > Security configuration.
Manage security attributes for projects
Prerequisites:
- You must have at least the Maintainer role in the project to manage security attributes.
To manage security attributes for a project:
- On the left sidebar, select Search or go to and find your project.
- Select Secure > Security configuration.
- Select the Security attributes tab.
Related topics
Troubleshooting
When working with the security attributes, you might encounter the following issues.
Security configuration menu item missing
Some users do not have the required permissions to access the Security configuration menu item. The menu item only displays for groups when the authenticated user has at least the Maintainer role.
To manage security attributes, ask a maintainer to complete the configuration changes or request the Maintainer role from your administrator, if necessary.