VladPolskiy/gitlab-foss
1
0
Fork 0
mirror of https://gitlab.com/gitlab-org/gitlab-foss.git synced 2025-07-29 12:00:32 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
master
gitlab-foss/doc/api/project_security_settings.md
GitLab Bot d4e9ba0deb Add latest changes from gitlab-org/gitlab@master
2025-05-27 18:07:19 +00:00

102 lines
3.8 KiB
Markdown
Raw Permalink Blame History

---
stage: Application Security Testing
group: Secret Detection
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
title: Project security settings API
---
{{< details >}}
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
{{< /details >}}
Every API call to project security settings must be [authenticated](rest/authentication.md).
If a project is private, and a user isn't a member of the project to which the security setting
belongs, requests to that project returns a `404 Not Found` status code.
## List project security settings
List all of a project's security settings.
Prerequisites:
- You must have at least the Developer role for the project.
```plaintext
GET /projects/:id/security_settings
```
| Attribute | Type | Required | Description |
| ------------- | -------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](rest/_index.md#namespaced-paths). |
```shell
curl --request GET \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/7/security_settings"
```
Example response:
```json
{
"project_id": 7,
"created_at": "2024-08-27T15:30:33.075Z",
"updated_at": "2024-10-16T05:09:22.233Z",
"auto_fix_container_scanning": true,
"auto_fix_dast": true,
"auto_fix_dependency_scanning": true,
"auto_fix_sast": true,
"continuous_vulnerability_scans_enabled": true,
"container_scanning_for_registry_enabled": false,
"secret_push_protection_enabled": true
}
```
## Update `secret_push_protection_enabled` setting
{{< history >}}
- [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/185310) from `pre_receive_secret_detection_enabled` in GitLab 17.11.
{{< /history >}}
Update the `secret_push_protection_enabled` setting for the project to the provided value.
Set to `true` to enable [secret push protection](../user/application_security/secret_detection/secret_push_protection/_index.md) for the project.
Prerequisites:
- You must have at least the Maintainer role for the project.
| Attribute | Type | Required | Description |
| ------------------- | ----------------- | ---------- | -----------------------------------------------------------------------------------------------------------------------------|
| `id` | integer or string | yes | The ID or [URL-encoded path of the project](rest/_index.md#namespaced-paths) which the authenticated user is a member of |
| `secret_push_protection_enabled` | boolean | yes | The value to update `secret_push_protection_enabled` to |
```shell
curl --request PUT \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/7/security_settings?secret_push_protection_enabled=false"
```
Example response:
```json
{
"project_id": 7,
"created_at": "2024-08-27T15:30:33.075Z",
"updated_at": "2024-10-16T05:09:22.233Z",
"auto_fix_container_scanning": true,
"auto_fix_dast": true,
"auto_fix_dependency_scanning": true,
"auto_fix_sast": true,
"continuous_vulnerability_scans_enabled": true,
"container_scanning_for_registry_enabled": false,
"secret_push_protection_enabled": false
}
```
Reference in New Issue View Git Blame Copy Permalink