debian-mirror-gitlab/doc/user/application_security/configuration/index.md

74 lines
4.4 KiB
Markdown
Raw Normal View History

2020-01-01 13:55:28 +05:30
---
type: reference, howto
2020-06-23 00:09:42 +05:30
stage: Secure
group: Static Analysis
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-01-01 13:55:28 +05:30
---
2021-04-17 20:07:23 +05:30
# Security Configuration **(FREE)**
2020-01-01 13:55:28 +05:30
2021-04-17 20:07:23 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6. **(ULTIMATE)**
> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)**
> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)**
2021-06-08 01:23:25 +05:30
> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
2021-10-27 15:23:28 +05:30
> - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2.
2020-01-01 13:55:28 +05:30
2021-04-17 20:07:23 +05:30
The Security Configuration page displays what security scans are available, links to documentation and also simple enablement tools for the current project.
2020-01-01 13:55:28 +05:30
2020-11-24 15:15:51 +05:30
To view a project's security configuration, go to the project's home page,
then in the left sidebar go to **Security & Compliance > Configuration**.
For each security control the page displays:
2021-10-27 15:23:28 +05:30
- Its name, description and a documentation link.
- Whether or not it is available.
- A configuration button or a link to its configuration guide.
2021-09-30 23:02:18 +05:30
2021-10-27 15:23:28 +05:30
## Security testing
2021-09-30 23:02:18 +05:30
2021-10-27 15:23:28 +05:30
You can configure the following security controls:
2021-09-30 23:02:18 +05:30
2021-10-27 15:23:28 +05:30
- Auto DevOps
- Click **Enable Auto DevOps** on the alert to enable it for the current project. For more details, see [Auto DevOps](../../../topics/autodevops/index.md).
- SAST
- Click **Enable SAST** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
- DAST **(ULTIMATE)**
- Click **Enable DAST** to use DAST for the current Project. To manage the available DAST profiles used for on-demand scans Click **Manage Scans**. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans).
- Dependency Scanning **(ULTIMATE)**
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
2021-09-30 23:02:18 +05:30
2021-10-27 15:23:28 +05:30
- Container Scanning **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see [Container Scanning](../../../user/application_security/container_scanning/index.md#configuration).
- Cluster Image Scanning **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see [Cluster Image Scanning](../../../user/application_security/cluster_image_scanning/#configuration).
- Secret Detection
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Secret Detection. For more details, see [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
2021-09-30 23:02:18 +05:30
2021-10-27 15:23:28 +05:30
- API Fuzzing **(ULTIMATE)**
- Click **Enable API Fuzzing** to use API Fuzzing for the current Project. For more details, see [API Fuzzing](../../../user/application_security/api_fuzzing/index.md#enable-web-api-fuzzing).
- Coverage Fuzzing **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see [Coverage Fuzzing](../../../user/application_security/coverage_fuzzing/index.md#configuration).
2021-04-17 20:07:23 +05:30
## Status **(ULTIMATE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
2020-11-24 15:15:51 +05:30
The status of each security control is determined by the project's latest default branch
[CI pipeline](../../../ci/pipelines/index.md).
If a job with the expected security report artifact exists in the pipeline, the feature's status is
_enabled_.
2020-07-28 23:09:34 +05:30
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
2020-10-24 23:57:45 +05:30
all security features are configured by default.
2020-01-01 13:55:28 +05:30
2021-10-27 15:23:28 +05:30
Click **View history** to see the `.gitlab-ci.yml` file's history.
2021-01-03 14:25:43 +05:30
2021-10-27 15:23:28 +05:30
## Compliance **(ULTIMATE)**
2020-01-01 13:55:28 +05:30
2020-11-24 15:15:51 +05:30
You can configure the following security controls:
2020-07-28 23:09:34 +05:30
2021-10-27 15:23:28 +05:30
- License Compliance **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see [License Compliance](../../../user/compliance/license_compliance/index.md#configuration).