Controls
R2Devops allows defining controls for GitLab projects, covering both CI/CD configuration and project settings. When a control is not respected, an issue is created.
Container Security
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Unknown image source | The origin of a container image you are using to run your CI/CD is unknown, posing a security risk. | Can introduce malicious code that steals API tokens, source code, or alters it | High | Medium |
| Untrusted image source | The origin of a container image you are using to run your CI/CD is not trusted, posing a security risk. | Can introduce malicious code that steals API tokens, source code, or alters it | Critical | Medium |
| Forbidden container image tag | A container image used to run a CI/CD job is using a tag that is not recommended for security. | Can result in insecure containers or unexpected breaking changes | Medium | Quick |
Secret Management
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Unprotected variable | A variable can be used in CI/CD pipelines of all branches and tags, making its value exposed to all users in the project. | Unauthorized users can exploit variables, leading to security breaches | Medium | Quick |
| Unmasked variable | A CI/CD variable stored in a GitLab project or group is not masked, causing its value to be exposed in pipeline logs. | Exposed values can result in unauthorized access to sensitive data | Medium | Quick |
| Unmasked and unprotected variable | A variable is both exposed in pipeline logs and allowed to be used on unprotected branches or tags. | Increases likelihood of sensitive data leakage and unauthorized access | High | Quick |
| Secret leak in pipeline configuration | Secret, such as API key or password, is hardcoded in the .gitlab-ci.yml file, making it visible to anyone with repository access. | Increases risk of unauthorized access, data leaks, and resource misuse | Critical | Quick |
CI/CD Pipeline Configuration
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Hardcoded job | A job in the pipeline configuration is hardcoded, increasing maintainability costs and introducing a compliance risk. | Makes pipelines harder to maintain and risks non-compliance with standards | Medium | Medium |
| Forbidden override of job | A CI/CD job coming from a template has been overridden in the project CI/CD configuration. | May cause inconsistent or insecure pipeline configurations | Medium | Medium |
| Outdated template | An outdated template is used in the project CI/CD pipeline configuration. | May have known vulnerabilities or lack compliance with current standards | Low | Quick |
| Forbidden template version | A CI/CD template in your pipeline is included using a version that is not recommended for security. | Can result in insecure templates or unexpected breaking changes | Medium | Quick |
| Missing required template | A required CI/CD template for security compliance is missing in the project pipeline. | Results in non-compliant and insecure pipeline configurations | High | Medium |
| Forbidden override of required template | A required CI/CD template for security compliance has been overridden in the project pipeline. | Can lead to non-compliant and insecure pipelines | High | Medium |
| Forbidden override of global variable | A variable defined globally in the project CI/CD configuration is considered a forbidden variable override for security compliance. | May result in inconsistent or insecure pipeline behavior | Medium | Medium |
| Invalid pipeline composition | The project's CI pipeline does not include all the required actions for security compliance. | Can lead to unverified code being deployed, increasing security risks | High | Long |
| No pipeline composition requirement defined | There is no pipeline composition requirements defined for the project, which is required for security compliance. | Can result in insecure or incomplete pipeline setups | High | Medium |
| Missing required component | A required GitLab catalog component for security compliance is missing in the project pipeline. | Results in non-compliant and insecure pipeline configurations | High | Medium |
| Forbidden override of required component | A required GitLab catalog component for security compliance has been overridden in the project pipeline. | Can lead to non-compliant and insecure pipelines | High | Medium |
Branch Protection
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Branch protection missing | A branch is not protected on the repository. | Highly vulnerable to unauthorized modifications | Critical | Quick |
| Branch protection configuration not compliant | The branch protection configuration does not meet the security requirements. The branch settings allow unauthorized access levels, force push capabilities, or bypass code owner approval requirements. | Can lead to unauthorized code changes, security vulnerabilities, and compliance issues | High | Quick |
Merge Request Settings
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Merge request approval rule is below minimum | The merge request approval rule is configured with fewer approvers than the minimum required for security. | Can lead to unreviewed code being merged, increasing security risks | High | Quick |
| Merge request approval settings are not compliant | The current merge request approval settings do not align with security requirements. | Can lead to unreviewed code being merged, increasing security risks | High | Quick |
| No merge request approval rule covering all protected branches | There is no merge request approval rule configured in the project that applies to all protected branches. | Increases likelihood of unauthorized or insecure changes being merged | High | Quick |
| Merge request settings are not compliant | The merge request settings in the project do not comply with security requirements, such as incorrect merge methods or merge options. | Can lead to unauthorized code changes and security vulnerabilities | Medium | Quick |
Role Management
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Members' role quotas are not respected | The number of members assigned to specific roles in a GitLab project or group does not respect the recommended quotas for security. | Can lead to uncontrolled access to project resources, weakening security | High | Medium |
Security Policy
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Missing security policy source on project | The project lacks the required security configuration source, violating compliance requirements. | Project may become non-compliant and vulnerable to risks | Critical | Quick |