debian-mirror-gitlab/doc/user/application_security/configuration/index.md

type	stage	group	info
reference, howto	Secure	Static Analysis	To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers

Security Configuration (ULTIMATE)

• Introduced in GitLab Ultimate 12.6.
• SAST configuration was enabled in 13.3 and improved in 13.4.
• DAST Profiles feature was introduced in 13.4.

The Security Configuration page displays the configuration state of each security control in the current project.

To view a project's security configuration, go to the project's home page, then in the left sidebar go to Security & Compliance > Configuration.

For each security control the page displays:

• Status - Status of the security control: enabled, not enabled, or available.
• Manage - A management option or a link to the documentation.

Status

The status of each security control is determined by the project's latest default branch CI pipeline. If a job with the expected security report artifact exists in the pipeline, the feature's status is enabled.

For SAST, click View history to see the .gitlab-ci.yml file’s history.

NOTE: Note: If the latest pipeline used Auto DevOps, all security features are configured by default.

Manage

You can configure the following security controls:

• Auto DevOps
  • Click Enable Auto DevOps to enable it for the current project. For more details, see Auto DevOps.
• SAST
  • Click either Enable or Configure to use SAST for the current project. For more details, see Configure SAST in the UI.
• DAST Profiles
  • Click Manage to manage the available DAST profiles used for on-demand scans. For more details, see DAST on-demand scans.