Skip to main content

Outside a Config File: Security Settings

Project Settings

Review project settings to ensure they are set correctly, this can be done via the UI or API .

Confirm that the following Advanced settings are toggled off unless needed for your use case:

  • Build forked pull requests

  • Pass secrets to builds from forked pull requests

Confirm that the following API only project settings are toggled on unless not needed for your use case:

  • disable-ssh

  • write-settings-requires-admin

Confirm no unexpected SSH keys, project API tokens, or integrations are present.

Org Settings

Confirm there are no unexpected technical or security contacts present. Add at least one if none are present.

Confirm contexts are restricted appropriately.

Ensure use of uncertified orbs is disabled if applicable.

Next Step: Outside the Config: Secret Management

Related Articles
Why Are Words Being Masked with Asterisks in the Build Log?
Troubleshooting pull requests from fork of private repository are failing at checkout step
Outside a Config File: Project Settings
Receiving "Your compiled config is too large to be processed." How Can I Reduce my Config File Size?
What to do if you suspect you have a secret leaked from CircleCI
Did this answer your question?