The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
Stage | Secure |
Maturity | Planned |
Content Last Reviewed | 2025-01-02 |
Thank you for visiting this category direction page on Security Testing Configuration at GitLab. This page belongs to the Security Platform Management group of the Security Risk Management stage and is maintained by Sara Meadzinger.
This direction page is a work in progress and everyone can contribute:
Security testing configuration gives teams control over the vulnerabilities AppSec tools generate. Configuration should be simple and intuitive, while also providing granular control to cutomize detection rules. Configuration must meet the needs of small and large teams who may wish to adjust settings via code, API, or the UI, and it must easily scale beyond the project level. Configuration consists of defining which security tests are applied to an asset (a project or group of projects), which detection rules are applied, and which files or paths are excluded from scanning. Configuration enables teams to define when and how scans are run.
See our prioritized roadmap here.
BIC (Best In Class) is an indicator of forecasted near-term market performance based on a combination of factors, including analyst views, market news, and feedback from the sales and product teams. It is critical that we understand where GitLab appears in the BIC landscape.
For this product area, these are the capabilities a best-in-class solution should provide:
GitLab security testing configuration features are all packaged as part of the GitLab Ultimate tier. This aligns with our pricing strategy as these features are relevant for executives who are concerned about keeping their organizations' applications secure.
Security testing configuration is evaluated by analysts in the Application Security and ASPM markets.