Outside a Config File: Security Settings

Project Settings

Review project settings to ensure they are set correctly, this can be done via the UI or API .

Confirm that the following Advanced settings are toggled off unless needed for your use case:

  • Build forked pull requests
  • Pass secrets to builds from forked pull requests

Confirm that the following API only project settings  are toggled on unless not needed for your use case:

  • disable-ssh
  • write-settings-requires-admin

Confirm no unexpected SSH keys, project API tokens, or integrations are present.

Org Settings

Confirm there are no unexpected technical or security contacts present. Add at least one if none are present.

Confirm contexts are restricted appropriately.

Ensure use of uncertified orbs is disabled if applicable.

Next Step: Outside the Config: Secret Management

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.