ISSUE-601 Critical Quick Platform Security Source
Missing security policy source on project
Control: Project must have a security policy source · Config key: projectMustHaveSecurityPolicySource
📋 What is this?
The project lacks the security policy source defined in your Policy controls, violating compliance requirements.
⚠️ Impact
Without a security policy source, your project may become non-compliant and vulnerable to risks. For example, if your project lacks a defined security policy source, critical checks might not be enforced.
🔧 How to fix
Define the security policy source as defined in your Policy controls on the project to ensure compliance and security.
✗ Before No security policy project is linked to this GitLab project.
# GitLab project settings — ❌ No security policy source# Secure > Security configuration > Security policy project:# (none)## The project has no linked security policy project, meaning# no security policies are enforced on this project.✓ After The project is linked to the organization's security policy source.
# GitLab project settings — ✅ Security policy source configured# Secure > Security configuration > Security policy project:## The project is now linked to the organization's security# policy repository, ensuring all security policies are enforced.💡 Tips
- Create a dedicated security policy project in your organization to centralize all security policies.
- Security policy sources can be managed at the group level to apply to all projects at once.
- Check GitLab documentation for supported security policy types (scan execution, scan result, etc.).