@@ -7,23 +7,37 @@ info: To determine the technical writer assigned to the Stage/Group associated w
...
@@ -7,23 +7,37 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Security Configuration **(ULTIMATE)**
# Security Configuration **(ULTIMATE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4.
> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4.
The Security Configuration page displays the configuration state of each security feature in the
The Security Configuration page displays the configuration state of each security control in the
current project. The page uses the project's latest default branch [CI pipeline](../../../ci/pipelines/index.md)
current project.
to determine each feature's configuration state. If a job with the expected security report artifact
exists in the pipeline, the feature is considered enabled.
You can only enable SAST from the Security Configuration page. Documentation links are included for
To view a project's security configuration, go to the project's home page,
the other features. For details about configuring SAST, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
then in the left sidebar, go to **Security & Compliance** > **Configuration**.
## Status
For each security control, the page displays the status and either a management option or a
documentation link.
The status of each security control is determined by the project's latest default branch
[CI pipeline](../../../ci/pipelines/index.md).
If a job with the expected security report artifact exists in the pipeline, the feature's status is
_enabled_.
NOTE: **Note:**
NOTE: **Note:**
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
all security features are configured by default.
all security features are configured by default.
## View Security Configuration
## Manage
To view a project's security configuration:
You can configure the following security controls:
1. Go to the project's home page.
- Auto DevOps
1. In the left sidebar, go to **Security & Compliance** > **Configuration**.
- Click **Enable Auto DevOps** to enable it for the current project. For more details, see [Auto DevOps](../../../topics/autodevops/index.md).
- SAST
- Click either **Enable** or **Configure** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
- DAST Profiles
- Click **Manage** to manage the available DAST profiles used for on-demand scans. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans).