DOS6038: Project visibility should not be public | Security KB - DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.

This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, please review our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

GitLab project Severitymedium builtIn

Description

Less-strict alternative to GL_Project_Visibility_Should_Be_Private: any value other than public is acceptable (private OR internal). Use this rule when an organization permits internal projects across its GitLab tenant but disallows public exposure to anonymous internet users.

Learn More

https://docs.gitlab.com/ee/user/public_access.html

Recommendation

1. Go to project Settings > General > Visibility, project features, permissions. 
2. Set Project visibility to Private or Internal (not Public). 
3. Save changes.

Policy Rule

{
  "target": "GLProject",
  "if": {
    "allOf": [
      {
        "resource": "GLProject",
        "property": "Visibility",
        "operator": "notEquals",
        "value": "public"
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}

« DOS6037 DOS6039 »

Rule Details

Rule ID: DOS6038
Code: GL_Project_Visibility_Should_Not_Be_Public
Platform: GitLab
Category: project
Severity: Severitymedium
Type: builtIn

DOS6038

Project visibility should not be public

DOS6038

Description

Recommendation

Policy Rule

View evaluation logic (JSON)

Rule Details

Related Rules