Security inventory

Tier: Ultimate
Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Status: Beta

Version history

Introduced in GitLab 18.2 with a flag named security_inventory_dashboard. Enabled by default. This feature is in beta

The availability of this feature is controlled by a feature flag. For more information, see the history.

Use the security inventory to visualize which assets you need to secure and understand the actions you need to take to improve security. A common phrase in security is, "you can't secure what you can't see." The security inventory provides visibility into the security posture of your organization's top-level groups, helps you identify coverage gaps, and enables you to make efficient, risk-based prioritization decisions.

The security inventory shows:

Your groups, subgroups, and projects.
Security scanner coverage for each project, regardless of how the scanner is enabled. Security scanners include:
- Static application security testing (SAST)
- Dependency scanning
- Container scanning
- Secret detection
- Dynamic application security testing (DAST)
- Infrastructure-as-code (IaC) scanning
The number of vulnerabilities in each group or project, sorted by severity level.

This feature is in beta. Track the development of the security inventory in epic 16484. Share your feedback with us as we continue to develop this feature. The security inventory is enabled by default.

View the security inventory

Prerequisites:

You must have at least the Developer role in the group to view the security inventory.

To view the security inventory:

On the left sidebar, select Search or go to and find your group.
Select Secure > Security inventory.
Complete one of the following actions:
- To view a group's subgroups, projects, and security assets, select the group.
- To view a group or project's scanner coverage, search for the group or project.

Troubleshooting

When working with the security inventory, you might encounter the following issues: