Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Security risk mitigation

Manage your organization's security policies, alerts, and approval rules

Try GitLab Free

Organizations need to manage and enforce security standards across their organization. GitLab's security risk mitigation capabilities provide policy, alert, and security approval orchestration support for the vulnerability scanners and cloud-native security capabilities that are available in GitLab. Users are able to leverage a simple, consolidated user interface to establish, enforce, and monitor their security posture.

Security policies

Security policies allow users to use a single, simple UI to define rules and actions that are then enforced. Security policies can be created to enforce cloud-native network firewall rules for applications in production. Users can also create policies to require vulnerability scans to be run, either on a specified schedule or as part of a pipeline job. Security policies themselves are fully audited and can be configured to go through a two-step approval process before any changes are made.

Security Policies

Security approvals

Security approvals are an optional feature for merge requests. Users can select the conditions that must be met to trigger the security approval rule, including which branches, scanners, vulnerability count, and vulnerability severity levels must be present in the MR. If all conditions are met, then the merge request is blocked unless someone in the security approval group approves. This extra layer of oversight can serve as an enforcement mechanism as part of a strong security compliance program

Security Approvals

Try all GitLab features - free for 30 days

GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

Try GitLab Free
Open in Web IDE View source