Define self-hosted security responsibilities

ed120f3b · Nick Malcolm · Achilleas Pipinellis · 87734e88 · ed120f3b · ed120f3b
Commit ed120f3b authored Jan 26, 2022 by Nick Malcolm Committed by Achilleas Pipinellis Jan 26, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

doc/install/requirements.md doc/install/requirements.md +4 -0

doc/security/index.md doc/security/index.md +2 -0

No files found.
--- a/doc/install/requirements.md
+++ b/doc/install/requirements.md
@@ -331,6 +331,10 @@ NOTE:
 We don't support running GitLab with JavaScript disabled in the browser and have no plans of supporting that
 in the future because we have features such as issue boards which require JavaScript extensively.

+## Security
+
+After installation, be sure to read and follow guidance on [maintaining a secure GitLab installation](../security/index.md).
+
 <!-- ## Troubleshooting

 Include any troubleshooting steps that you can foresee. If you know beforehand what issues

--- a/doc/security/index.md
+++ b/doc/security/index.md
@@ -30,3 +30,5 @@ type: index
 ## Securing your GitLab installation

 Consider access control features like [Sign up restrictions](../user/admin_area/settings/sign_up_restrictions.md) and [Authentication options](../topics/authentication/) to harden your GitLab instance and minimize the risk of unwanted user account creation.
+
+Self-hosting GitLab customers and administrators are responsible for the security of their underlying hosts, and for keeping GitLab itself up to date. It is important to [regularly patch GitLab](../policy/maintenance.md), patch your operating system and its software, and harden your hosts in accordance with vendor guidance.