Compliance and policy settings API

{{< details >}}

• Tier: Ultimate
• Offering: GitLab Self-Managed, GitLab Dedicated

{{< /details >}}

{{< history >}}

• Introduced in GitLab 18.2 with a flag named security_policies_csp. Disabled by default.
• Enabled by default on GitLab Self-Managed in GitLab 18.3.
• Generally available in GitLab 18.5. Feature flag security_policies_csp removed.

{{< /history >}}

Use this API to interact with the security policy settings for your GitLab instance.

Prerequisites:

• You must have administrator access to the instance.
• Your instance must have the Ultimate tier to use security policies.

Retrieve security policy settings

Retrieves the current security policy settings for this GitLab instance.

GET /admin/security/compliance_policy_settings

curl --request GET \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --url "https://gitlab.example.com/api/v4/admin/security/compliance_policy_settings"

Example response:

{
  "csp_namespace_id": 42
}

When no CSP namespace is configured:

{
  "csp_namespace_id": null
}

Update security policy settings

Updates the security policy settings for this GitLab instance.

PUT /admin/security/compliance_policy_settings

curl --request PUT \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --header "Content-Type: application/json" \
  --data '{"csp_namespace_id": 42}' \
  --url "https://gitlab.example.com/api/v4/admin/security/compliance_policy_settings"

Example response:

{
  "csp_namespace_id": 42
}