Secure your installation (FREE ALL)

• Passwords and OAuth tokens storage
• Password length limits
• Generated passwords for users created through integrated authentication
• Restrict SSH key technologies and minimum length
• Rate limits
• Filtering outbound requests
• Information exclusivity
• Reset user password
• Unlock a locked user
• User File Uploads
• How we manage the CRIME vulnerability
• Enforce Two-factor authentication
• Send email confirmation on sign-up
• Security of running jobs
• Proxying images
• CI/CD variables
• Token overview
• Rotate secrets of third-party integrations
• Maximum decompressed file size for imported archives
• Responding to security incidents

To harden your GitLab instance and minimize the risk of unwanted user account creation, consider access control features like Sign up restrictions and Authentication options. For more detailed information, refer to Hardening.

Self-managed GitLab customers and administrators are responsible for the security of their underlying hosts, and for keeping GitLab itself up to date. It is important to regularly patch GitLab, patch your operating system and its software, and harden your hosts in accordance with vendor guidance.