Security Security choices in V1 GitLab signup disabled 2FA required for administrators and maintainers component visibility can be public inside GitLab while the whole instance stays restricted to the internal network non-privileged Docker runner CPU and RAM limits on GitLab, runner, and CI jobs unnecessary GitLab services disabled, registry, pages, mattermost, embedded monitoring Additional recommendations protect default branches on component projects keep the number of maintainers low run the runner on a dedicated host if the environment is sensitive rotate runner tokens regularly restrict network access to the instance as tightly as possible define backup and restore procedures before production use