@@ -13,61 +13,56 @@ info: To determine the technical writer assigned to the Stage/Group associated w
...
@@ -13,61 +13,56 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
> - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2.
> - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2.
The Security Configuration page displays what security scans are available, links to documentation and also simple enablement tools for the current project.
The Security Configuration page lists the following for the security testing and compliance tools:
To view a project's security configuration, go to the project's home page,
- Name, description, and a documentation link.
then in the left sidebar go to **Security & Compliance > Configuration**.
For each security control the page displays:
- Its name, description and a documentation link.
- Whether or not it is available.
- Whether or not it is available.
- A configuration button or a link to its configuration guide.
- A configuration button or a link to its configuration guide.
The status of each security control is determined by the project's latest default branch
[CI pipeline](../../../ci/pipelines/index.md).
If a job with the expected security report artifact exists in the pipeline, the feature's status is
_enabled_.
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
all security features are configured by default.
To view a project's security configuration:
1. On the top bar, select **Menu > Projects** and find your project.
1. On the left sidebar, select **Security & Compliance > Configuration**.
Select **Configuration history** to see the `.gitlab-ci.yml` file's history.
## Security testing
## Security testing
You can configure the following security controls:
You can configure the following security controls:
- Auto DevOps
- Static Application Security Testing (SAST)
- Click **Enable Auto DevOps** on the alert to enable it for the current project. For more details, see [Auto DevOps](../../../topics/autodevops/index.md).
- Select **Enable SAST** to configure SAST for the current project.
- SAST
For more details, read [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
- Click **Enable SAST** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
- Select **Enable DAST** to configure DAST for the current project.
- Click **Enable DAST** to use DAST for the current Project. To manage the available DAST profiles used for on-demand scans Click **Manage Scans**. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans).
- Select **Manage scans** to manage the saved DAST scans, site profiles, and scanner profiles.
For more details, read [DAST on-demand scans](../dast/index.md#on-demand-scans).
- Dependency Scanning **(ULTIMATE)**
- Dependency Scanning **(ULTIMATE)**
- Select **Configure via Merge Request** to create a merge request with the changes required to
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
- Container Scanning **(ULTIMATE)**
- Container Scanning **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see[Container Scanning](../../../user/application_security/container_scanning/index.md#configuration).
- Can be configured with `.gitlab-ci.yml`. For more details, read[Container Scanning](../../../user/application_security/container_scanning/index.md#configuration).
- Cluster Image Scanning **(ULTIMATE)**
- Cluster Image Scanning **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see[Cluster Image Scanning](../../../user/application_security/cluster_image_scanning/#configuration).
- Can be configured with `.gitlab-ci.yml`. For more details, read[Cluster Image Scanning](../../../user/application_security/cluster_image_scanning/#configuration).
- Secret Detection
- Secret Detection
- Select **Configure via Merge Request** to create a merge request with the changes required to
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Secret Detection. For more details, see [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
enable Secret Detection. For more details, read [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
- API Fuzzing **(ULTIMATE)**
- API Fuzzing **(ULTIMATE)**
-Click **Enable API Fuzzing** to use API Fuzzing for the current Project. For more details, see[API Fuzzing](../../../user/application_security/api_fuzzing/index.md#enable-web-api-fuzzing).
-Select **Enable API Fuzzing** to use API Fuzzing for the current project. For more details, read[API Fuzzing](../../../user/application_security/api_fuzzing/index.md#enable-web-api-fuzzing).
- Coverage Fuzzing **(ULTIMATE)**
- Coverage Fuzzing **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see [Coverage Fuzzing](../../../user/application_security/coverage_fuzzing/index.md#configuration).
- Can be configured with `.gitlab-ci.yml`. For more details, read [Coverage Fuzzing](../../../user/application_security/coverage_fuzzing/index.md#configuration).
## Status **(ULTIMATE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
The status of each security control is determined by the project's latest default branch
[CI pipeline](../../../ci/pipelines/index.md).
If a job with the expected security report artifact exists in the pipeline, the feature's status is
_enabled_.
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
all security features are configured by default.
Click **View history** to see the `.gitlab-ci.yml` file's history.
## Compliance **(ULTIMATE)**
## Compliance **(ULTIMATE)**
You can configure the following security controls:
You can configure the following security controls:
- License Compliance **(ULTIMATE)**
- License Compliance **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see[License Compliance](../../../user/compliance/license_compliance/index.md#configuration).
- Can be configured with `.gitlab-ci.yml`. For more details, read[License Compliance](../../../user/compliance/license_compliance/index.md#configuration).