2.2 KiB
2.2 KiB
| type | stage | group | info |
|---|---|---|---|
| reference, howto | Secure | Static Analysis | To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments |
Security Configuration (ULTIMATE)
- Introduced in GitLab Ultimate 12.6.
- SAST configuration was enabled in 13.3 and improved in 13.4.
- DAST Profiles feature was introduced in 13.4.
The Security Configuration page displays the configuration state of each security control in the current project.
To view a project's security configuration, go to the project's home page, then in the left sidebar go to Security & Compliance > Configuration.
For each security control the page displays:
- Security Control: Name, description, and a documentation link.
- Status: The security control's status (enabled, not enabled, or available).
- Manage: A management option or a documentation link.
Status
The status of each security control is determined by the project's latest default branch CI pipeline. If a job with the expected security report artifact exists in the pipeline, the feature's status is enabled.
If the latest pipeline used Auto DevOps, all security features are configured by default.
For SAST, click View history to see the .gitlab-ci.yml file's history.
Manage
You can configure the following security controls:
- Auto DevOps
- Click Enable Auto DevOps to enable it for the current project. For more details, see Auto DevOps.
- SAST
- Click either Enable or Configure to use SAST for the current project. For more details, see Configure SAST in the UI.
- DAST Profiles
- Click Manage to manage the available DAST profiles used for on-demand scans. For more details, see DAST on-demand scans.