Security Configuration
Version history
- Introduced in GitLab Ultimate 12.6.
- SAST configuration was enabled in 13.3 and improved in 13.4.
- DAST Profiles feature was introduced in 13.4.
The Security Configuration page displays the configuration state of each security control in the current project.
To view a project’s security configuration, go to the project’s home page, then in the left sidebar go to Security & Compliance > Configuration.
For each security control the page displays:
- Security Control: Name, description, and a documentation link.
- Status: The security control’s status (enabled, not enabled, or available).
- Manage: A management option or a documentation link.
Status
The status of each security control is determined by the project’s latest default branch CI pipeline. If a job with the expected security report artifact exists in the pipeline, the feature’s status is enabled.
For SAST, click View history to see the .gitlab-ci.yml file’s history.
Note:
If the latest pipeline used Auto DevOps,
all security features are configured by default.
Manage
You can configure the following security controls:
- Auto DevOps
- Click Enable Auto DevOps to enable it for the current project. For more details, see Auto DevOps.
- SAST
- Click either Enable or Configure to use SAST for the current project. For more details, see Configure SAST in the UI.
- DAST Profiles
- Click Manage to manage the available DAST profiles used for on-demand scans. For more details, see DAST on-demand scans.