Security
- Password storage
- Password length limits
- Generated passwords for users created through integrated authentication
- Restrict SSH key technologies and minimum length
- Rate limits
- Webhooks and insecure internal web services
- Information exclusivity
- Reset user password
- Unlock a locked user
- User File Uploads
- How we manage the CRIME vulnerability
- Enforce Two-factor authentication
- Send email confirmation on sign-up
- Security of running jobs
- Proxying images
- CI/CD environment variables
Securing your GitLab installation
Consider access control features like Sign up restrictions and Authentication options to harden your GitLab instance and minimize the risk of unwanted user account creation.