Security
- Password storage
- Password length limits
- Restrict SSH key technologies and minimum length
- Rate limits
- Webhooks and insecure internal web services
- Information exclusivity
- Reset your root password
- Unlock a locked user
- User File Uploads
- How we manage the CRIME vulnerability
- Enforce Two-factor authentication
- Send email confirmation on sign-up
- Security of running jobs
- Proxying images
- CI/CD environment variables
Securing your GitLab installation
Consider access control features like Sign up restrictions and Authentication options to harden your GitLab instance and minimize the risk of unwanted user account creation.