Controls
R2Devops allows defining controls for GitLab projects, covering both CI/CD configuration and project settings. When a control is not respected, an issue is created.
CI/CD Container Images
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Containers images must come from authorized sources | Verifies that container images used to run your CI/CD pipelines come from authorized and trusted sources. | Helps mitigate security risks introduced by the use of malicious, compromised, or vulnerable images. | Critical | Medium |
| Container images must not use forbidden tags | Verifies that container images used to run your CI/CD pipelines rely on authorized tags. | Helps mitigate both security and functional risks introduced by the use of unverified, outdated, or compromised image versions. | Medium | Quick |
CI/CD Variables
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| CI/CD variables must be protected | Verifies that CI/CD variables used in a project have the protected field enabled. | Ensures sensitive values are restricted to protected branches or tags, reducing unauthorized exposure. | Medium | Quick |
| CI/CD variables must be masked | Verifies that CI/CD variables used in a project have the masked field enabled. | Prevents variable values from being exposed in pipeline logs, reducing the risk of leaks. | Medium | Quick |
CI/CD Secrets
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Pipeline configuration must not contain secrets | Uses Gitleaks to verify that both merged and unmerged CI/CD configurations don't have leaked secrets. | Prevents exposure of API keys, passwords, or tokens that could lead to unauthorized access. | Critical | Quick |
Pipeline Composition
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Pipelines must include templates | Verifies that the projects contain specific templates. This control can also allow overriding certain variables in the included templates. | Ensures pipelines comply with required security and compliance practices. | High | Medium |
| Pipelines must include components | Verifies that the projects contain specific GitLab components. This control can also allow overriding certain variables in the included components. | Ensures pipelines integrate mandatory security and compliance steps. | High | Medium |
| Pipeline must include required phases | Verifies that the CI/CD pipeline includes a group of job types. | Ensures completeness and compliance of the pipeline execution flow. | High | Long |
| Pipeline must not contain hardcoded jobs | Verifies that no hardcoded job is used in CI/CD pipelines. | Improves maintainability and ensures compliance with best practices. | Medium | Medium |
| Pipeline must not use forbidden ref in includes | Verifies that the included refs are using specified tags. | Prevents reliance on insecure or non-compliant references. | Medium | Quick |
| Pipeline must use only up-to-date includes | Verifies that the included pipelines are up-to-date compared to their source. | Reduces risks from outdated or vulnerable templates. | Low | Quick |
Access and Authorization
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Branch must be protected | Verifies that the project configuration respects the protection, push, merge and owner approval on included branch names. | Prevents unauthorized modifications and enforces branch protection standards. | Critical | Quick |
| MR approval rules must have at least N approval required | Verifies that the project merge request approval rules that cover all protected branches have a minimum number of approval requirements. | Prevents unreviewed code from being merged, reducing security risks. | High | Quick |
| MR approval settings must be compliant | Verifies that MR approval settings are properly configured. | Ensures compliance with review and security requirements. | High | Quick |
| An MR approval rule must be defined to cover all protected branches | Verifies that the protected branches have at least one approval rule. | Ensures protected branches cannot bypass review processes. | High | Quick |
| Number of project members must respect a quota | Verifies that the project configuration respects the owner, maintainer and developer quotas. | Prevents uncontrolled access that could weaken project security. | High | Medium |
| Number of group members must respect a quota | Verifies that the group configuration respects the owner, maintainer and developer quotas. | Prevents uncontrolled access at group level, strengthening governance. | High | Medium |
| MR settings must be compliant | Verifies that the project's merge request settings are correct in terms of merge method, resolving differences, squashing, etc. | Reduces risk of unauthorized or insecure code changes. | Medium | Quick |
Other Controls
| Control | Problem | Impact | Severity | Fix Duration |
|---|---|---|---|---|
| Project must have a security policy source | Verifies if the projects have a specific project as their source of security policy. | Ensures compliance with security policy and reduces risk of unmanaged vulnerabilities. | Critical | Quick |