Outside a Config File: Security Settings

Helpful Resources Guides, Manuals, and Tutorials Self Service Configuration Review
, ,
1

Outside a Config File

Security Settings

Project Settings

Review project settings to ensure they are set correctly, this can be done via the UI or API.

Confirm that the following Advanced settings are toggled off unless needed for your use case:

  • Build forked pull requests
  • Pass secrets to builds from forked pull requests

Confirm that the following API only project settings are toggled on unless not needed for your use case:

  • disable-ssh
  • write-settings-requires-admin

Confirm no unexpected SSH keys, project API tokens, or integrations are present.

Org Settings

Confirm there are no unexpected technical or security contacts present. Add at least one if none are present.

Confirm contexts are restricted appropriately.

Ensure use of uncertified orbs is disabled if applicable.

:arrow_forward: Next Step: Outside the Config: Secret Management

:arrow_backward: Previous Step: Inside the Config: Dynamic Configuration

📑 Table of Contents

Self Service Configuration Review Overview

  1. Configuration Review Preparation
  2. Review Each Job for Improvement Opportunities
  3. Review Each Workflow for Improvement Opportunities
  4. High Level Improvement Opportunities
  5. Finalize Review