Manage your organization's security policies, alerts, and approval rulesTry GitLab Free
Organizations need to manage and enforce security standards across their organization. GitLab's security risk mitigation capabilities provide policy, alert, and security approval orchestration support for the vulnerability scanners and cloud-native security capabilities that are available in GitLab. Users are able to leverage a simple, consolidated user interface to establish, enforce, and monitor their security posture.
Security policies allow users to use a single, simple UI to define rules and actions that are then enforced. Security policies can be created to enforce cloud-native network firewall rules for applications in production. Users can also create policies to require vulnerability scans to be run, either on a specified schedule or as part of a pipeline job. Security policies themselves are fully audited and can be configured to go through a two-step approval process before any changes are made.
Security approvals are an optional feature for merge requests. Users can select the conditions that must be met to trigger the security approval rule, including which branches, scanners, vulnerability count, and vulnerability severity levels must be present in the MR. If all conditions are met, then the merge request is blocked unless someone in the security approval group approves. This extra layer of oversight can serve as an enforcement mechanism as part of a strong security compliance program