# Geo security review (Q&A)
> 原文:[https://docs.gitlab.com/ee/administration/geo/replication/security_review.html](https://docs.gitlab.com/ee/administration/geo/replication/security_review.html)
* [Business Model](#business-model)
* [What geographic areas does the application service?](#what-geographic-areas-does-the-application-service)
* [Data Essentials](#data-essentials)
* [What data does the application receive, produce, and process?](#what-data-does-the-application-receive-produce-and-process)
* [How can the data be classified into categories according to its sensitivity?](#how-can-the-data-be-classified-into-categories-according-to-its-sensitivity)
* [What data backup and retention requirements have been defined for the application?](#what-data-backup-and-retention-requirements-have-been-defined-for-the-application)
* [End-Users](#end-users)
* [Who are the application’s end‐users?](#who-are-the-applications-endusers)
* [How do the end‐users interact with the application?](#how-do-the-endusers-interact-with-the-application)
* [What security expectations do the end‐users have?](#what-security-expectations-do-the-endusers-have)
* [Administrators](#administrators)
* [Who has administrative capabilities in the application?](#who-has-administrative-capabilities-in-the-application)
* [What administrative capabilities does the application offer?](#what-administrative-capabilities-does-the-application-offer)
* [Network](#network)
* [What details regarding routing, switching, firewalling, and load‐balancing have been defined?](#what-details-regarding-routing-switching-firewalling-and-loadbalancing-have-been-defined)
* [What core network devices support the application?](#what-core-network-devices-support-the-application)
* [What network performance requirements exist?](#what-network-performance-requirements-exist)
* [What private and public network links support the application?](#what-private-and-public-network-links-support-the-application)
* [Systems](#systems)
* [What operating systems support the application?](#what-operating-systems-support-the-application)
* [What details regarding required OS components and lock‐down needs have been defined?](#what-details-regarding-required-os-components-and-lockdown-needs-have-been-defined)
* [Infrastructure Monitoring](#infrastructure-monitoring)
* [What network and system performance monitoring requirements have been defined?](#what-network-and-system-performance-monitoring-requirements-have-been-defined)
* [What mechanisms exist to detect malicious code or compromised application components?](#what-mechanisms-exist-to-detect-malicious-code-or-compromised-application-components)
* [What network and system security monitoring requirements have been defined?](#what-network-and-system-security-monitoring-requirements-have-been-defined)
* [Virtualization and Externalization](#virtualization-and-externalization)
* [What aspects of the application lend themselves to virtualization?](#what-aspects-of-the-application-lend-themselves-to-virtualization)
* [What virtualization requirements have been defined for the application?](#what-virtualization-requirements-have-been-defined-for-the-application)
* [What aspects of the product may or may not be hosted via the cloud computing model?](#what-aspects-of-the-product-may-or-may-not-be-hosted-via-the-cloud-computing-model)
* [If applicable, what approach(es) to cloud computing will be taken (Managed Hosting versus “Pure” Cloud, a “full machine” approach such as AWS-EC2 versus a “hosted database” approach such as AWS-RDS and Azure, etc)?](#if-applicable-what-approaches-to-cloud-computing-will-be-taken-managed-hosting-versus-pure-cloud-a-full-machine-approach-such-as-aws-ec2-versus-a-hosted-database-approach-such-as-aws-rds-and-azure-etc)
* [Environment](#environment)
* [What frameworks and programming languages have been used to create the application?](#what-frameworks-and-programming-languages-have-been-used-to-create-the-application)
* [What process, code, or infrastructure dependencies have been defined for the application?](#what-process-code-or-infrastructure-dependencies-have-been-defined-for-the-application)
* [What databases and application servers support the application?](#what-databases-and-application-servers-support-the-application)
* [How will database connection strings, encryption keys, and other sensitive components be stored, accessed, and protected from unauthorized detection?](#how-will-database-connection-strings-encryption-keys-and-other-sensitive-components-be-stored-accessed-and-protected-from-unauthorized-detection)
* [Data Processing](#data-processing)
* [What data entry paths does the application support?](#what-data-entry-paths-does-the-application-support)
* [What data output paths does the application support?](#what-data-output-paths-does-the-application-support)
* [How does data flow across the application’s internal components?](#how-does-data-flow-across-the-applications-internal-components)
* [What data input validation requirements have been defined?](#what-data-input-validation-requirements-have-been-defined)
* [What data does the application store and how?](#what-data-does-the-application-store-and-how)
* [What data is or may need to be encrypted and what key management requirements have been defined?](#what-data-is-or-may-need-to-be-encrypted-and-what-key-management-requirements-have-been-defined)
* [What capabilities exist to detect the leakage of sensitive data?](#what-capabilities-exist-to-detect-the-leakage-of-sensitive-data)
* [What encryption requirements have been defined for data in transit - including transmission over WAN, LAN, SecureFTP, or publicly accessible protocols such as http: and https:?](#what-encryption-requirements-have-been-defined-for-data-in-transit---including-transmission-over-wan-lan-secureftp-or-publicly-accessible-protocols-such-as-http-and-https)
* [Access](#access)
* [What user privilege levels does the application support?](#what-user-privilege-levels-does-the-application-support)
* [What user identification and authentication requirements have been defined?](#what-user-identification-and-authentication-requirements-have-been-defined)
* [What user authorization requirements have been defined?](#what-user-authorization-requirements-have-been-defined)
* [What session management requirements have been defined?](#what-session-management-requirements-have-been-defined)
* [What access requirements have been defined for URI and Service calls?](#what-access-requirements-have-been-defined-for-uri-and-service-calls)
* [Application Monitoring](#application-monitoring)
* [What application auditing requirements have been defined? How are audit and debug logs accessed, stored, and secured?](#what-application-auditing-requirements-have-been-defined-how-are-audit-and-debug-logs-accessed-stored-and-secured)
# Geo security review (Q&A)[](#geo-security-review-qa-premium-only "Permalink")
以下对地理功能集的安全性审查集中于该功能的安全性方面,因为它们适用于运行自己的 GitLab 实例的客户. 复习题部分基于[owasp.org](https://owasp.org/)的[OWASP 应用程序安全验证标准项目](https://owasp.org/www-project-application-security-verification-standard/) .
## Business Model[](#business-model "Permalink")
### What geographic areas does the application service?[](#what-geographic-areas-does-the-application-service "Permalink")
* 这因客户而异. Geo 使客户可以部署到多个区域,然后他们可以选择自己的位置.
* 区域和节点选择完全是手动的.
## Data Essentials[](#data-essentials "Permalink")
### What data does the application receive, produce, and process?[](#what-data-does-the-application-receive-produce-and-process "Permalink")
* Geo 几乎在站点之间流传输 GitLab 实例保存的所有数据. 这包括完整的数据库复制,大多数文件(用户上传的附件等)以及存储库+ Wiki 数据. 在典型的配置中,这将在公共 Internet 上发生,并经过 TLS 加密.
* PostgreSQL 复制是 TLS 加密的.
* 另请参阅: [仅应支持 TLSv1.2](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/2948)
### How can the data be classified into categories according to its sensitivity?[](#how-can-the-data-be-classified-into-categories-according-to-its-sensitivity "Permalink")
* GitLab’s model of sensitivity is centered around public vs. internal vs. private projects. Geo replicates them all indiscriminately. “Selective sync” exists for files and repositories (but not database content), which would permit only less-sensitive projects to be replicated to a **secondary** node if desired.
* 另请参阅: [GitLab 数据分类策略](https://about.gitlab.com/handbook/engineering/security/data-classification-policy.html) .
### What data backup and retention requirements have been defined for the application?[](#what-data-backup-and-retention-requirements-have-been-defined-for-the-application "Permalink")
* Geo 旨在提供应用程序数据的某些子集的复制. 它是解决方案的一部分,而不是问题的一部分.
## End-Users[](#end-users "Permalink")
### Who are the application’s end‐users?[](#who-are-the-applications-endusers "Permalink")
* **辅助**节点在是遥远(在互联网延迟而言)从主 GitLab 安装( **主**节点)区创建. 打算由通常使用**主**节点的任何人使用它们,他们发现**辅助**节点距离它们更近(就 Internet 延迟而言).
### How do the end‐users interact with the application?[](#how-do-the-endusers-interact-with-the-application "Permalink")
* **辅助**节点提供了**主**节点执行的所有接口(特别是 HTTP / HTTPS Web 应用程序以及 HTTP / HTTPS 或 SSH Git 存储库访问),但仅限于只读活动. 设想主要用例是从**辅助**节点克隆 Git 存储库以支持**主**节点,但是最终用户可以使用 GitLab Web 界面查看项目,问题,合并请求,摘要等.
### What security expectations do the end‐users have?[](#what-security-expectations-do-the-endusers-have "Permalink")
* 复制过程必须是安全的. 例如,在整个公共 Internet 上以纯文本格式传输整个数据库内容或所有文件和存储库通常是不可接受的.
* **辅助**节点必须对其内容具有与**主**节点相同的访问控制-未经身份验证的用户不能通过查询**辅助**节点来获得对**主**节点上特权信息的访问.
* 攻击者必须不能将**辅助**节点模拟为**主要**节点,从而不能访问特权信息.
## Administrators[](#administrators "Permalink")
### Who has administrative capabilities in the application?[](#who-has-administrative-capabilities-in-the-application "Permalink")
* 没有特定于地理位置的信息. 在数据库中设置了`admin: true`任何用户都被视为具有超级用户特权的 admin.
* 另请参阅: [更详细的访问控制](https://gitlab.com/gitlab-org/gitlab/-/issues/18242) (不是特定于地理位置的).
* Geo 的许多集成(例如,数据库复制)必须由应用程序配置,通常由系统管理员配置.
### What administrative capabilities does the application offer?[](#what-administrative-capabilities-does-the-application-offer "Permalink")
* 具有管理访问权限的用户可以添加,修改或删除**辅助**节点.
* 复制过程可以通过 Sidekiq 管理控件进行控制(启动/停止).
## Network[](#network "Permalink")
### What details regarding routing, switching, firewalling, and load‐balancing have been defined?[](#what-details-regarding-routing-switching-firewalling-and-loadbalancing-have-been-defined "Permalink")
* Geo 要求**主要**节点和**次要**节点能够通过 TCP / IP 网络相互通信. 特别是, **辅助**节点必须能够访问**主**节点上的 HTTP / HTTPS 和 PostgreSQL 服务.
### What core network devices support the application?[](#what-core-network-devices-support-the-application "Permalink")
* 因客户而异.
### What network performance requirements exist?[](#what-network-performance-requirements-exist "Permalink")
* **主**节点和**辅助**节点之间的最大复制速度受到站点之间可用带宽的限制. 没有硬性要求-完成复制的时间(以及跟上**主**节点的更改的能力)取决于数据集的大小,对延迟的容忍度以及可用的网络容量.
### What private and public network links support the application?[](#what-private-and-public-network-links-support-the-application "Permalink")
* 客户选择自己的网络. 由于打算将站点在地理位置上分开,因此可以设想,复制流量将在典型部署中通过公共 Internet 传递,但这不是必需的.
## Systems[](#systems "Permalink")
### What operating systems support the application?[](#what-operating-systems-support-the-application "Permalink")
* Geo 对操作系统没有任何其他限制(有关更多详细信息,请参见[GitLab 安装](https://about.gitlab.com/install/)页面),但是我们建议您使用[Geo 文档中](index.html#requirements-for-running-geo)列出的操作系统.
### What details regarding required OS components and lock‐down needs have been defined?[](#what-details-regarding-required-os-components-and-lockdown-needs-have-been-defined "Permalink")
* 受支持的安装方法(Omnibus)打包了大多数组件本身.
* 系统安装的 OpenSSH 守护程序(Geo 要求用户设置自定义身份验证方法)和 omnibus 或系统提供的 PostgreSQL 守护程序(必须配置为侦听 TCP,必须添加其他用户和复制插槽)之间存在很大的依赖关系,等等).
* 处理安全更新的过程(例如,如果 OpenSSH 或其他服务中存在重大漏洞,并且客户希望在 OS 上修补这些服务)与非 Geo 情况相同:对 OpenSSH 的安全更新为通过通常的分发渠道提供给用户. Geo 在那里没有延迟.
## Infrastructure Monitoring[](#infrastructure-monitoring "Permalink")
### What network and system performance monitoring requirements have been defined?[](#what-network-and-system-performance-monitoring-requirements-have-been-defined "Permalink")
* 没有特定于 Geo 的内容.
### What mechanisms exist to detect malicious code or compromised application components?[](#what-mechanisms-exist-to-detect-malicious-code-or-compromised-application-components "Permalink")
* 没有特定于 Geo 的内容.
### What network and system security monitoring requirements have been defined?[](#what-network-and-system-security-monitoring-requirements-have-been-defined "Permalink")
* 没有特定于 Geo 的内容.
## Virtualization and Externalization[](#virtualization-and-externalization "Permalink")
### What aspects of the application lend themselves to virtualization?[](#what-aspects-of-the-application-lend-themselves-to-virtualization "Permalink")
* All.
## What virtualization requirements have been defined for the application?[](#what-virtualization-requirements-have-been-defined-for-the-application "Permalink")
* 没有特定于地理位置的信息,但是在这样的环境中,GitLab 中的所有内容都需要具有完整的功能.
### What aspects of the product may or may not be hosted via the cloud computing model?[](#what-aspects-of-the-product-may-or-may-not-be-hosted-via-the-cloud-computing-model "Permalink")
* GitLab 是"云原生"的,这不仅适用于 Geo,还适用于产品的其余部分. 在云中进行部署是常见且受支持的方案.
## If applicable, what approach(es) to cloud computing will be taken (Managed Hosting versus “Pure” Cloud, a “full machine” approach such as AWS-EC2 versus a “hosted database” approach such as AWS-RDS and Azure, etc)?[](#if-applicable-what-approaches-to-cloud-computing-will-be-taken-managed-hosting-versus-pure-cloud-a-full-machine-approach-such-as-aws-ec2-versus-a-hosted-database-approach-such-as-aws-rds-and-azure-etc "Permalink")
* 由我们的客户根据他们的运营需求来决定.
## Environment[](#environment "Permalink")
### What frameworks and programming languages have been used to create the application?[](#what-frameworks-and-programming-languages-have-been-used-to-create-the-application "Permalink")
* Ruby on Rails,Ruby.
### What process, code, or infrastructure dependencies have been defined for the application?[](#what-process-code-or-infrastructure-dependencies-have-been-defined-for-the-application "Permalink")
* 没有特定于 Geo 的内容.
### What databases and application servers support the application?[](#what-databases-and-application-servers-support-the-application "Permalink")
* PostgreSQL> = 11,Redis,Sidekiq,Puma.
### How will database connection strings, encryption keys, and other sensitive components be stored, accessed, and protected from unauthorized detection?[](#how-will-database-connection-strings-encryption-keys-and-other-sensitive-components-be-stored-accessed-and-protected-from-unauthorized-detection "Permalink")
* 有一些特定于地理位置的值. 有些是共享机密,必须在设置时将其从**主**节点安全地传输到**辅助**节点. 我们的文档建议通过 SSH 将它们从**主**节点传输到系统管理员,然后以相同方式回传到**辅助**节点. 特别是,这包括 PostgreSQL 复制凭证和一个秘密密钥( `db_key_base` ),该密钥用于解密数据库中的某些列. `db_key_base`秘密与其他许多秘密一起未加密地存储在文件系统中的`/etc/gitlab/gitlab-secrets.json` . 他们没有休息保护.
## Data Processing[](#data-processing "Permalink")
### What data entry paths does the application support?[](#what-data-entry-paths-does-the-application-support "Permalink")
* 数据是通过 GitLab 本身公开的 Web 应用程序输入的. 使用 GitLab 服务器上的系统管理命令(例如`gitlab-ctl set-primary-node` )也输入了一些数据.
* **辅助**节点还通过 PostgreSQL 流复制从**主**节点接收输入.
### What data output paths does the application support?[](#what-data-output-paths-does-the-application-support "Permalink")
* **主**节点通过 PostgreSQL 流复制输出到**辅助**节点. 否则,主要是通过 GitLab 本身公开的 Web 应用程序以及最终用户启动的 SSH `git clone`操作.
### How does data flow across the application’s internal components?[](#how-does-data-flow-across-the-applications-internal-components "Permalink")
* **辅助**节点和**主**节点通过 HTTP / HTTPS(受 JSON Web 令牌保护)和 PostgreSQL 流复制进行交互.
* 在**主**节点或**辅助**节点内,SSOT 是文件系统和数据库(包括**辅助**节点上的 Geo 跟踪数据库). 精心安排了各种内部组件以对这些存储进行更改.
### What data input validation requirements have been defined?[](#what-data-input-validation-requirements-have-been-defined "Permalink")
* **辅助**节点必须忠实地复制**主**节点的数据.
### What data does the application store and how?[](#what-data-does-the-application-store-and-how "Permalink")
* Git 存储库和文件,与它们相关的跟踪信息以及 GitLab 数据库内容.
### What data is or may need to be encrypted and what key management requirements have been defined?[](#what-data-is-or-may-need-to-be-encrypted-and-what-key-management-requirements-have-been-defined "Permalink")
* **主**节点或**辅助**节点都不会加密静态的 Git 存储库或文件系统数据. 数据库列的子集使用`db_otp_key`加密.
* 在 GitLab 部署中的所有主机之间共享的静态机密.
* 在传输过程中,尽管应用程序确实允许通信以未加密的方式进行,但是数据应该被加密. 两个主要过程是 PostgreSQL 和 Git 存储库/文件的**辅助**节点复制过程. 两者均应使用 TLS 保护,并通过现有配置通过 Omnibus 管理该密钥,以供最终用户访问 GitLab.
### What capabilities exist to detect the leakage of sensitive data?[](#what-capabilities-exist-to-detect-the-leakage-of-sensitive-data "Permalink")
* 存在全面的系统日志,跟踪与 GitLab 和 PostgreSQL 的每个连接.
### What encryption requirements have been defined for data in transit - including transmission over WAN, LAN, SecureFTP, or publicly accessible protocols such as http: and https:?[](#what-encryption-requirements-have-been-defined-for-data-in-transit---including-transmission-over-wan-lan-secureftp-or-publicly-accessible-protocols-such-as-http-and-https "Permalink")
* 数据必须具有在传输过程中进行加密的选项,并且必须能够抵抗被动和主动攻击(例如,不可能进行 MITM 攻击).
## Access[](#access "Permalink")
### What user privilege levels does the application support?[](#what-user-privilege-levels-does-the-application-support "Permalink")
* Geo 添加了一种类型的特权: **辅助**节点可以访问特殊的 Geo API,以通过 HTTP / HTTPS 下载文件,以及使用 HTTP / HTTPS 克隆存储库.
### What user identification and authentication requirements have been defined?[](#what-user-identification-and-authentication-requirements-have-been-defined "Permalink")
* **辅助**节点基于共享数据库(HTTP 访问)或 PostgreSQL 复制用户(用于数据库复制)通过 OAuth 或 JWT 身份验证向 Geo **主**节点标识. 数据库复制还需要定义基于 IP 的访问控制.
### What user authorization requirements have been defined?[](#what-user-authorization-requirements-have-been-defined "Permalink")
* **辅助**节点只能*读取*数据. 他们当前无法对**主**节点上的数据进行突变.
### What session management requirements have been defined?[](#what-session-management-requirements-have-been-defined "Permalink")
* 地理 JWT 被定义为仅持续两分钟,然后需要重新生成.
* Geo JWT 是为以下特定范围之一生成的:
* Geo API 访问.
* Git 访问.
* LFS 和文件 ID.
* 上传和文件 ID.
* 作业工件和文件 ID.
### What access requirements have been defined for URI and Service calls?[](#what-access-requirements-have-been-defined-for-uri-and-service-calls "Permalink")
* **辅助**节点对**主**节点的 API 进行了许多调用. 例如,这就是文件复制的进行方式. 只能使用 JWT 令牌访问此端点.
* **主**节点还调用**辅助**节点以获取状态信息.
## Application Monitoring[](#application-monitoring "Permalink")
### What application auditing requirements have been defined? How are audit and debug logs accessed, stored, and secured?[](#what-application-auditing-requirements-have-been-defined-how-are-audit-and-debug-logs-accessed-stored-and-secured "Permalink")
* 结构化 JSON 日志将写入文件系统,也可以将其提取到 Kibana 安装中以进行进一步分析.
- GitLab Docs
- Installation
- Requirements
- GitLab cloud native Helm Chart
- Install GitLab with Docker
- Installation from source
- Install GitLab on Microsoft Azure
- Installing GitLab on Google Cloud Platform
- Installing GitLab on Amazon Web Services (AWS)
- Analytics
- Code Review Analytics
- Productivity Analytics
- Value Stream Analytics
- Kubernetes clusters
- Adding and removing Kubernetes clusters
- Adding EKS clusters
- Adding GKE clusters
- Group-level Kubernetes clusters
- Instance-level Kubernetes clusters
- Canary Deployments
- Cluster Environments
- Deploy Boards
- GitLab Managed Apps
- Crossplane configuration
- Cluster management project (alpha)
- Kubernetes Logs
- Runbooks
- Serverless
- Deploying AWS Lambda function using GitLab CI/CD
- Securing your deployed applications
- Groups
- Contribution Analytics
- Custom group-level project templates
- Epics
- Manage epics
- Group Import/Export
- Insights
- Issues Analytics
- Iterations
- Public access
- SAML SSO for GitLab.com groups
- SCIM provisioning using SAML SSO for GitLab.com groups
- Subgroups
- Roadmap
- Projects
- GitLab Secure
- Security Configuration
- Container Scanning
- Dependency Scanning
- Dependency List
- Static Application Security Testing (SAST)
- Secret Detection
- Dynamic Application Security Testing (DAST)
- GitLab Security Dashboard
- Offline environments
- Standalone Vulnerability pages
- Security scanner integration
- Badges
- Bulk editing issues and merge requests at the project level
- Code Owners
- Compliance
- License Compliance
- Compliance Dashboard
- Create a project
- Description templates
- Deploy Keys
- Deploy Tokens
- File finder
- Project integrations
- Integrations
- Atlassian Bamboo CI Service
- Bugzilla Service
- Custom Issue Tracker service
- Discord Notifications service
- Enabling emails on push
- GitHub project integration
- Hangouts Chat service
- Atlassian HipChat
- Irker IRC Gateway
- GitLab Jira integration
- Mattermost Notifications Service
- Mattermost slash commands
- Microsoft Teams service
- Mock CI Service
- Prometheus integration
- Redmine Service
- Slack Notifications Service
- Slack slash commands
- GitLab Slack application
- Webhooks
- YouTrack Service
- Insights
- Issues
- Crosslinking Issues
- Design Management
- Confidential issues
- Due dates
- Issue Boards
- Issue Data and Actions
- Labels
- Managing issues
- Milestones
- Multiple Assignees for Issues
- Related issues
- Service Desk
- Sorting and ordering issue lists
- Issue weight
- Associate a Zoom meeting with an issue
- Merge requests
- Allow collaboration on merge requests across forks
- Merge Request Approvals
- Browser Performance Testing
- How to create a merge request
- Cherry-pick changes
- Code Quality
- Load Performance Testing
- Merge Request dependencies
- Fast-forward merge requests
- Merge when pipeline succeeds
- Merge request conflict resolution
- Reverting changes
- Reviewing and managing merge requests
- Squash and merge
- Merge requests versions
- Draft merge requests
- Members of a project
- Migrating projects to a GitLab instance
- Import your project from Bitbucket Cloud to GitLab
- Import your project from Bitbucket Server to GitLab
- Migrating from ClearCase
- Migrating from CVS
- Import your project from FogBugz to GitLab
- Gemnasium
- Import your project from GitHub to GitLab
- Project importing from GitLab.com to your private GitLab instance
- Import your project from Gitea to GitLab
- Import your Jira project issues to GitLab
- Migrating from Perforce Helix
- Import Phabricator tasks into a GitLab project
- Import multiple repositories by uploading a manifest file
- Import project from repo by URL
- Migrating from SVN to GitLab
- Migrating from TFVC to Git
- Push Options
- Releases
- Repository
- Branches
- Git Attributes
- File Locking
- Git file blame
- Git file history
- Repository mirroring
- Protected branches
- Protected tags
- Push Rules
- Reduce repository size
- Signing commits with GPG
- Syntax Highlighting
- GitLab Web Editor
- Web IDE
- Requirements Management
- Project settings
- Project import/export
- Project access tokens (Alpha)
- Share Projects with other Groups
- Snippets
- Static Site Editor
- Wiki
- Project operations
- Monitor metrics for your CI/CD environment
- Set up alerts for Prometheus metrics
- Embedding metric charts within GitLab-flavored Markdown
- Embedding Grafana charts
- Using the Metrics Dashboard
- Dashboard YAML properties
- Metrics dashboard settings
- Panel types for dashboards
- Using Variables
- Templating variables for metrics dashboards
- Prometheus Metrics library
- Monitoring AWS Resources
- Monitoring HAProxy
- Monitoring Kubernetes
- Monitoring NGINX
- Monitoring NGINX Ingress Controller
- Monitoring NGINX Ingress Controller with VTS metrics
- Alert Management
- Error Tracking
- Tracing
- Incident Management
- GitLab Status Page
- Feature Flags
- GitLab CI/CD
- GitLab CI/CD pipeline configuration reference
- GitLab CI/CD include examples
- Introduction to CI/CD with GitLab
- Getting started with GitLab CI/CD
- How to enable or disable GitLab CI/CD
- Using SSH keys with GitLab CI/CD
- Migrating from CircleCI
- Migrating from Jenkins
- Auto DevOps
- Getting started with Auto DevOps
- Requirements for Auto DevOps
- Customizing Auto DevOps
- Stages of Auto DevOps
- Upgrading PostgreSQL for Auto DevOps
- Cache dependencies in GitLab CI/CD
- GitLab ChatOps
- Cloud deployment
- Docker integration
- Building Docker images with GitLab CI/CD
- Using Docker images
- Building images with kaniko and GitLab CI/CD
- GitLab CI/CD environment variables
- Predefined environment variables reference
- Where variables can be used
- Deprecated GitLab CI/CD variables
- Environments and deployments
- Protected Environments
- GitLab CI/CD Examples
- Test a Clojure application with GitLab CI/CD
- Using Dpl as deployment tool
- Testing a Phoenix application with GitLab CI/CD
- End-to-end testing with GitLab CI/CD and WebdriverIO
- DevOps and Game Dev with GitLab CI/CD
- Deploy a Spring Boot application to Cloud Foundry with GitLab CI/CD
- How to deploy Maven projects to Artifactory with GitLab CI/CD
- Testing PHP projects
- Running Composer and NPM scripts with deployment via SCP in GitLab CI/CD
- Test and deploy Laravel applications with GitLab CI/CD and Envoy
- Test and deploy a Python application with GitLab CI/CD
- Test and deploy a Ruby application with GitLab CI/CD
- Test and deploy a Scala application to Heroku
- GitLab CI/CD for external repositories
- Using GitLab CI/CD with a Bitbucket Cloud repository
- Using GitLab CI/CD with a GitHub repository
- GitLab Pages
- GitLab Pages
- GitLab Pages domain names, URLs, and baseurls
- Create a GitLab Pages website from scratch
- Custom domains and SSL/TLS Certificates
- GitLab Pages integration with Let's Encrypt
- GitLab Pages Access Control
- Exploring GitLab Pages
- Incremental Rollouts with GitLab CI/CD
- Interactive Web Terminals
- Optimizing GitLab for large repositories
- Metrics Reports
- CI/CD pipelines
- Pipeline Architecture
- Directed Acyclic Graph
- Multi-project pipelines
- Parent-child pipelines
- Pipelines for Merge Requests
- Pipelines for Merged Results
- Merge Trains
- Job artifacts
- Pipeline schedules
- Pipeline settings
- Triggering pipelines through the API
- Review Apps
- Configuring GitLab Runners
- GitLab CI services examples
- Using MySQL
- Using PostgreSQL
- Using Redis
- Troubleshooting CI/CD
- GitLab Package Registry
- GitLab Container Registry
- Dependency Proxy
- GitLab Composer Repository
- GitLab Conan Repository
- GitLab Maven Repository
- GitLab NPM Registry
- GitLab NuGet Repository
- GitLab PyPi Repository
- API Docs
- API resources
- .gitignore API
- GitLab CI YMLs API
- Group and project access requests API
- Appearance API
- Applications API
- Audit Events API
- Avatar API
- Award Emoji API
- Project badges API
- Group badges API
- Branches API
- Broadcast Messages API
- Project clusters API
- Group clusters API
- Instance clusters API
- Commits API
- Container Registry API
- Custom Attributes API
- Dashboard annotations API
- Dependencies API
- Deploy Keys API
- Deployments API
- Discussions API
- Dockerfiles API
- Environments API
- Epics API
- Events
- Feature Flags API
- Feature flag user lists API
- Freeze Periods API
- Geo Nodes API
- Group Activity Analytics API
- Groups API
- Import API
- Issue Boards API
- Group Issue Boards API
- Issues API
- Epic Issues API
- Issues Statistics API
- Jobs API
- Keys API
- Labels API
- Group Labels API
- License
- Licenses API
- Issue links API
- Epic Links API
- Managed Licenses API
- Markdown API
- Group and project members API
- Merge request approvals API
- Merge requests API
- Project milestones API
- Group milestones API
- Namespaces API
- Notes API
- Notification settings API
- Packages API
- Pages domains API
- Pipeline schedules API
- Pipeline triggers API
- Pipelines API
- Project Aliases API
- Project import/export API
- Project repository storage moves API
- Project statistics API
- Project templates API
- Projects API
- Protected branches API
- Protected tags API
- Releases API
- Release links API
- Repositories API
- Repository files API
- Repository submodules API
- Resource label events API
- Resource milestone events API
- Resource weight events API
- Runners API
- SCIM API
- Search API
- Services API
- Application settings API
- Sidekiq Metrics API
- Snippets API
- Project snippets
- Application statistics API
- Suggest Changes API
- System hooks API
- Tags API
- Todos API
- Users API
- Project-level Variables API
- Group-level Variables API
- Version API
- Vulnerabilities API
- Vulnerability Findings API
- Wikis API
- GraphQL API
- Getting started with GitLab GraphQL API
- GraphQL API Resources
- API V3 to API V4
- Validate the .gitlab-ci.yml (API)
- User Docs
- Abuse reports
- User account
- Active sessions
- Deleting a User account
- Permissions
- Personal access tokens
- Profile preferences
- Threads
- GitLab and SSH keys
- GitLab integrations
- Git
- GitLab.com settings
- Infrastructure as code with Terraform and GitLab
- GitLab keyboard shortcuts
- GitLab Markdown
- AsciiDoc
- GitLab Notification Emails
- GitLab Quick Actions
- Autocomplete characters
- Reserved project and group names
- Search through GitLab
- Advanced Global Search
- Advanced Syntax Search
- Time Tracking
- GitLab To-Do List
- Administrator Docs
- Reference architectures
- Reference architecture: up to 1,000 users
- Reference architecture: up to 2,000 users
- Reference architecture: up to 3,000 users
- Reference architecture: up to 5,000 users
- Reference architecture: up to 10,000 users
- Reference architecture: up to 25,000 users
- Reference architecture: up to 50,000 users
- Troubleshooting a reference architecture set up
- Working with the bundled Consul service
- Configuring PostgreSQL for scaling
- Configuring GitLab application (Rails)
- Load Balancer for multi-node GitLab
- Configuring a Monitoring node for Scaling and High Availability
- NFS
- Working with the bundled PgBouncer service
- Configuring Redis for scaling
- Configuring Sidekiq
- Admin Area settings
- Continuous Integration and Deployment Admin settings
- Custom instance-level project templates
- Diff limits administration
- Enable and disable GitLab features deployed behind feature flags
- Geo nodes Admin Area
- GitLab Pages administration
- Health Check
- Job logs
- Labels administration
- Log system
- PlantUML & GitLab
- Repository checks
- Repository storage paths
- Repository storage types
- Account and limit settings
- Service templates
- System hooks
- Changing your time zone
- Uploads administration
- Abuse reports
- Activating and deactivating users
- Audit Events
- Blocking and unblocking users
- Broadcast Messages
- Elasticsearch integration
- Gitaly
- Gitaly Cluster
- Gitaly reference
- Monitoring GitLab
- Monitoring GitLab with Prometheus
- Performance Bar
- Usage statistics
- Object Storage
- Performing Operations in GitLab
- Cleaning up stale Redis sessions
- Fast lookup of authorized SSH keys in the database
- Filesystem Performance Benchmarking
- Moving repositories managed by GitLab
- Run multiple Sidekiq processes
- Sidekiq MemoryKiller
- Switching to Puma
- Understanding Unicorn and unicorn-worker-killer
- User lookup via OpenSSH's AuthorizedPrincipalsCommand
- GitLab Package Registry administration
- GitLab Container Registry administration
- Replication (Geo)
- Geo database replication
- Geo with external PostgreSQL instances
- Geo configuration
- Using a Geo Server
- Updating the Geo nodes
- Geo with Object storage
- Docker Registry for a secondary node
- Geo for multiple nodes
- Geo security review (Q&A)
- Location-aware Git remote URL with AWS Route53
- Tuning Geo
- Removing secondary Geo nodes
- Geo data types support
- Geo Frequently Asked Questions
- Geo Troubleshooting
- Geo validation tests
- Disaster Recovery (Geo)
- Disaster recovery for planned failover
- Bring a demoted primary node back online
- Automatic background verification
- Rake tasks
- Back up and restore GitLab
- Clean up
- Namespaces
- Maintenance Rake tasks
- Geo Rake Tasks
- GitHub import
- Import bare repositories
- Integrity check Rake task
- LDAP Rake tasks
- Listing repository directories
- Praefect Rake tasks
- Project import/export administration
- Repository storage Rake tasks
- Generate sample Prometheus data
- Uploads migrate Rake tasks
- Uploads sanitize Rake tasks
- User management
- Webhooks administration
- X.509 signatures
- Server hooks
- Static objects external storage
- Updating GitLab
- GitLab release and maintenance policy
- Security
- Password Storage
- Custom password length limits
- Restrict allowed SSH key technologies and minimum length
- Rate limits
- Webhooks and insecure internal web services
- Information exclusivity
- How to reset your root password
- How to unlock a locked user from the command line
- User File Uploads
- How we manage the TLS protocol CRIME vulnerability
- User email confirmation at sign-up
- Security of running jobs
- Proxying assets
- CI/CD Environment Variables
- Contributor and Development Docs
- Contribute to GitLab
- Community members & roles
- Implement design & UI elements
- Issues workflow
- Merge requests workflow
- Code Review Guidelines
- Style guides
- GitLab Architecture Overview
- CI/CD development documentation
- Database guides
- Database Review Guidelines
- Database Review Guidelines
- Migration Style Guide
- What requires downtime?
- Understanding EXPLAIN plans
- Rake tasks for developers
- Mass inserting Rails models
- GitLab Documentation guidelines
- Documentation Style Guide
- Documentation structure and template
- Documentation process
- Documentation site architecture
- Global navigation
- GitLab Docs monthly release process
- Telemetry Guide
- Usage Ping Guide
- Snowplow Guide
- Experiment Guide
- Feature flags in development of GitLab
- Feature flags process
- Developing with feature flags
- Feature flag controls
- Document features deployed behind feature flags
- Frontend Development Guidelines
- Accessibility & Readability
- Ajax
- Architecture
- Axios
- Design Patterns
- Frontend Development Process
- DropLab
- Emojis
- Filter
- Frontend FAQ
- GraphQL
- Icons and SVG Illustrations
- InputSetter
- Performance
- Principles
- Security
- Tooling
- Vuex
- Vue
- Geo (development)
- Geo self-service framework (alpha)
- Gitaly developers guide
- GitLab development style guides
- API style guide
- Go standards and style guidelines
- GraphQL API style guide
- Guidelines for shell commands in the GitLab codebase
- HTML style guide
- JavaScript style guide
- Migration Style Guide
- Newlines style guide
- Python Development Guidelines
- SCSS style guide
- Shell scripting standards and style guidelines
- Sidekiq debugging
- Sidekiq Style Guide
- SQL Query Guidelines
- Vue.js style guide
- Instrumenting Ruby code
- Testing standards and style guidelines
- Flaky tests
- Frontend testing standards and style guidelines
- GitLab tests in the Continuous Integration (CI) context
- Review Apps
- Smoke Tests
- Testing best practices
- Testing levels
- Testing Rails migrations at GitLab
- Testing Rake tasks
- End-to-end Testing
- Beginner's guide to writing end-to-end tests
- End-to-end testing Best Practices
- Dynamic Element Validation
- Flows in GitLab QA
- Page objects in GitLab QA
- Resource class in GitLab QA
- Style guide for writing end-to-end tests
- Testing with feature flags
- Translate GitLab to your language
- Internationalization for GitLab
- Translating GitLab
- Proofread Translations
- Merging translations from CrowdIn
- Value Stream Analytics development guide
- GitLab subscription
- Activate GitLab EE with a license