Auto Enforcement of Security Policy Configuration Files in Project Templates

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

GitLab now supports automatic enforcement of the existing Security Policies as Code feature. When a security policy as code file exists in a newly deployed project template, by default it will be enforced on the current project only.

The ability to have security policies specified in a project and applied to many projects will supersede this functionality if it is implemented.

Problem to solve

Allow simple preconfiguration of the existing GitLab security policies capability in project templates.

Benefits:

• encourages "Security by Default" for all organization sizes. ("fall into the pit of success")
• allows quick and easy guardrails for smaller organizations that may not implement a comprehensive approach to GitLab security policies.

Proposal

Support:

• do not limit this to formal project templates, but any time a project is copied, support that the value in "security policy project" comes over when copying.
• allow the security project setting to point to an existing security policy project so that enablement teams can default project templates to the standard.
• allows the security project setting to have a special value "self" and for that value to be the default
• if necessary, only default the value to "self" if there is actually one or more security policies present in the project. I think simply always defaulting it would be more clear in more situations, but I do not know what effect this might have in other scenarios.

Intended users

• Parker (Product Manager)
• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Priyanka (Platform Engineer)
• Sidney (Systems Administrator)
• Rachel (Release Manager)
• Simone (Software Engineer in Test)
• Allison (Application Ops)
• Dakota (Application Development Director)
• Isaac (Infrastructure Engineer)
• Alex (Security Operations Engineer)
• Cameron (Compliance Manager)

Feature Usage Metrics

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.