Secure your installation
- Passwords and OAuth tokens storage
- Password length limits
- Generated passwords for users created through integrated authentication
- Restrict SSH key technologies and minimum length
- Rate limits
- Webhooks and insecure internal web services
- Information exclusivity
- Reset user password
- Unlock a locked user
- User File Uploads
- How we manage the CRIME vulnerability
- Enforce Two-factor authentication
- Send email confirmation on sign-up
- Security of running jobs
- Proxying images
- CI/CD variables
- Token overview
- Project Import decompressed archive size limits
- Responding to security incidents
To harden your GitLab instance and minimize the risk of unwanted user account creation, consider access control features like Sign up restrictions and Authentication options .
Self-managed GitLab customers and administrators are responsible for the security of their underlying hosts, and for keeping GitLab itself up to date. It is important to regularly patch GitLab, patch your operating system and its software, and harden your hosts in accordance with vendor guidance.