Ensure all components of GitLab have automated security checks
We want that every component of our product is checked against security vulnerabilities. We have great features available in GitLab (SAST, Dependency Scanning, Containers Scanning, DAST) and we want to have ourselves as the first tester and customer. This will improve both security and the features!
This issue will track the projects and the status of the security checks. The table shows what is already enabled for each component, and what is still missing. For some components, only a subset of the features may apply.
-
✅ Enabled -
⚠ Enabled but with custom configuration -
❌ Not relevant
| Repo | sast |
dependency_scanning |
container_scanning |
dast |
code quality |
|---|---|---|---|---|---|
| gitlab | |||||
| gitlab-runner | *1 |
||||
| gitlab-shell | |||||
| sast | |||||
| dependency-scanning | |||||
| codequality | *3 |
||||
| gitlab-development-kit | |||||
| www-gitlab-com | |||||
| Gitaly | |||||
| license-gitlab-com | |||||
| version-gitlab-com |
-
*1: Build process doesn't fit. See https://gitlab.com/gitlab-org/gitlab-ee/issues/5650 -
*3: similar as*1.
Please keep this issue updated and add as many projects as needed.
Edited by Takuya Noguchi