Security inventory
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
- Status: Beta
The availability of this feature is controlled by a feature flag. For more information, see the history.
The security inventory provides an overview of your organization’s security posture. It shows:
- Your groups, subgroups, and projects.
- Which security scanners are enabled in each project, including:
- Static application security testing (SAST)
- Dependency scanning
- Container scanning
- Secret detection
- Dynamic application security testing (DAST)
- Infrastructure-as-code (IaC) scanning
- The number of vulnerabilities in each group or project, sorted by security level.
Use the security inventory to visualize your assets, understand coverage gaps, and triage risks to your organization.
This feature is in beta. Track the development of the security inventory in epic 16484.
Getting started
The security inventory is enabled by default.
Prerequisites:
- You must have at least the Developer role.
To view the security inventory:
- On the left sidebar, select Search or go to and find your group.
- Select Secure > Security inventory.
- Select a group to view its subgroups, projects, and security assets.
Related topics
Troubleshooting
When working with the security inventory, you might encounter the following issues.
Inaccurate scanner coverage
Due to a known issue, scanner configuration data is still being backfilled. As a result, the displayed container scanning and secret detection coverage might not be entirely accurate. A fix for this issue is proposed in issue 548281.