The 28 GitLab security checks Black Cat runs
Black Cat SSPM evaluates 28 security policies against your GitLab configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Lock GitLab group membership to prevent subgroup owners from adding members outside the hierarchy
Require at least one merge request approval for GitLab projects
Enable branch protection on the default GitLab project branch to restrict direct pushes
Disable force push on the default protected branch of the GitLab project
Require code owner approval on the default GitLab project branch and create a CODEOWNERS file
Remove deactivated GitLab members from the group and any subgroups
Review and resend or revoke long-pending GitLab group invitations
Restrict subgroup creation to group owners only
Remove blocked members from the GitLab group
configuration
Add IP address restrictions to the GitLab group to limit access to organization networks
Enable container scanning in the GitLab CI/CD pipeline for the project
Require all merge request discussions to be resolved before merging in GitLab
Disable shared runners on sensitive GitLab projects and use project-specific runners instead
Investigate and restore offline GitLab runners by checking connectivity and runner service status
Update GitLab integration webhook URLs to use HTTPS and enable SSL verification
Assign a compliance framework to the GitLab project to enforce governance pipelines
Require CI pipelines to succeed before merge requests can be merged
Lock group or project runners to prevent unauthorized use across projects
Disable shared runners on projects that should use dedicated runners
mfa
Enforce two-factor authentication for all members of the GitLab group
Reduce the GitLab group 2FA grace period to 48 hours or less
Contact GitLab group members who have not enrolled in 2FA and direct them to set it up
Ensure all group owners have two-factor authentication enabled immediately
sharing
Change GitLab group visibility from Public to Private or Internal
Enable Share with group lock in GitLab to prevent projects from being shared outside the group
Prevent project forking outside the GitLab group to protect source code
Prevent GitLab groups from being shared outside the organization hierarchy
Review public GitLab projects and change visibility to Private or Internal if they contain sensitive code