From ed120f3b34f99d11f4f23e3fe04e421d357e8526 Mon Sep 17 00:00:00 2001
From: Nick Malcolm <nmalcolm@gitlab.com>
Date: Wed, 26 Jan 2022 13:39:48 +0000
Subject: [PATCH] Define self-hosted security responsibilities

---
 doc/install/requirements.md | 4 ++++
 doc/security/index.md       | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/doc/install/requirements.md b/doc/install/requirements.md
index 665e80e6e004e..bce9702b032c2 100644
--- a/doc/install/requirements.md
+++ b/doc/install/requirements.md
@@ -331,6 +331,10 @@ NOTE:
 We don't support running GitLab with JavaScript disabled in the browser and have no plans of supporting that
 in the future because we have features such as issue boards which require JavaScript extensively.
 
+## Security
+
+After installation, be sure to read and follow guidance on [maintaining a secure GitLab installation](../security/index.md).
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/security/index.md b/doc/security/index.md
index ab554e9135f43..5dc3814ea0847 100644
--- a/doc/security/index.md
+++ b/doc/security/index.md
@@ -30,3 +30,5 @@ type: index
 ## Securing your GitLab installation
 
 Consider access control features like [Sign up restrictions](../user/admin_area/settings/sign_up_restrictions.md) and [Authentication options](../topics/authentication/) to harden your GitLab instance and minimize the risk of unwanted user account creation.
+
+Self-hosting GitLab customers and administrators are responsible for the security of their underlying hosts, and for keeping GitLab itself up to date. It is important to [regularly patch GitLab](../policy/maintenance.md), patch your operating system and its software, and harden your hosts in accordance with vendor guidance.
-- 
GitLab