DOS6024: Group visibility should be private | Security KB - DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.

This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, please review our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

GitLab organization Severityhigh builtIn

Description

Top-level groups holding private code should set visibility = private. Public visibility exposes group metadata (name, description, member count, project list) to anonymous users, which is incompatible with confidential workloads. Internal visibility limits exposure to authenticated GitLab users only.

Learn More

https://docs.gitlab.com/ee/user/public_access.html

Recommendation

1. Go to your top-level Group Settings > General. 
2. Expand the Naming, visibility section. 
3. Set Visibility level to Private. 
4. Save changes.

Policy Rule

{
  "target": "GLGroup",
  "if": {
    "allOf": [
      {
        "resource": "GLGroup",
        "property": "Visibility",
        "operator": "equals",
        "value": "private"
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}

« DOS6023 DOS6025 »

Rule Details

Rule ID: DOS6024
Code: GL_Group_Visibility_Should_Be_Private
Platform: GitLab
Category: organization
Severity: Severityhigh
Type: builtIn

DOS6024

Group visibility should be private

DOS6024

Description

Recommendation

Policy Rule

View evaluation logic (JSON)

Rule Details

Related Rules