@@ -106,6 +106,15 @@ project owners need to make available a test environment. Please get
in touch with DIGIT S. And read their wiki (link available on the EC
internal FPIS ThinkOpen wiki).
## Security and Vulnerability Scanning Options for Project Teams
Project's hosted on code.europa.eu can benefit from [Gitlab's Ultimate features](https://about.gitlab.com/pricing/ultimate/), including a variety of security scanning capabilities. They help the project teams in making sure their software is secure and free from vulnerabilities.
The projects teams have at their disposal at least 2 different ways to scan for vulnerabilities when it comes to using vulnerability scanning engines within code.europe.eu
1) can use the **GitLab's Ultimate built-in security scans** and reports. You can read more about it [here](https://docs.gitlab.com/ee/user/application_security/secure_your_application.html/).
2) integrate your GitLab project with the **European Commission's in-house vulnerability scanning tools** and manage vulnerabilities and reports directly from GitLab. You can read [here](https://webgate.ec.europa.eu/fpfis/wikis/x/2AprG) on how to integrate your GitLab repository.
Project teams are advised to manage roles and permissions of their project's members in a way not to disclose vulnerabilities and vulnerability reports to third parties until the vulnerabilities are mitigated. You can read more about [Gitlab's Roles and Permissions here.](https://docs.gitlab.com/ee/user/permissions.html)
## Vulnerability Disclosure Policy
We have a "Vulnerability Disclosure Policy". Interested researchers
