[{"data":1,"prerenderedAt":2049},["ShallowReactive",2],{"/ja-jp/blog/severity-override-vulnerability-management-policy":3,"navigation-ja-jp":1281,"banner-ja-jp":1699,"footer-ja-jp":1708,"blog-post-authors-ja-jp-Grant Hickman":1949,"blog-related-posts-ja-jp-severity-override-vulnerability-management-policy":1964,"blog-promotions-ja-jp":1987,"next-steps-ja-jp":2040},{"id":4,"title":5,"authors":6,"body":8,"category":1261,"date":1262,"description":1263,"extension":1264,"externalUrl":1265,"featured":1266,"heroImage":1267,"meta":1268,"navigation":1269,"path":1270,"seo":1271,"slug":1274,"stem":1275,"tags":1276,"template":1278,"updatedDate":1279,"__hash__":1280},"blogPosts/ja-jp/blog/severity-override-vulnerability-management-policy.md","誤解を招く脆弱性の重大度を、ポリシーで修正する5つの方法",[7],"Grant Hickman",{"type":9,"value":10,"toc":1247},"minimark",[11,15,18,22,32,35,58,61,64,67,72,75,78,273,280,284,303,306,461,470,474,477,480,619,622,626,635,638,776,779,783,790,793,966,969,972,975,1012,1015,1177,1180,1189,1201,1209,1217,1225,1243],[12,13,14],"p",{},"企業の脆弱性レポートには、スキャンサイクルごとに数百件もの検出結果が表示され、すべてCVSS（共通脆弱性評価システム）によってランク付けされています。問題は、CVSSがCVE（共通脆弱性識別子）の理論的な特性を記述するものであり、自社環境での実際のリスクを示すものではないという点です。内部専用のユーティリティライブラリにある「緊急（Critical）」の脆弱性と、公開されている認証サービスにある「中（Medium）」の脆弱性は、リスクとして同列には扱えません。しかし、手動でトリアージしない限り、両者は同じように扱われてしまいます。こうした手動トリアージは、スケールしません。",[12,16,17],{},"GitLabの脆弱性管理ポリシーでは、定義した条件に基づいてデフォルトのCVSS重大度レベルを自動的にオーバーライドできるようになりました。これにより、脆弱性レポートが汎用的なスコアではなく、自社の実際のリスクモデルを反映したものになります。",[19,20,21],"h2",{"id":21},"重大度オーバーライドポリシーの仕組み",[12,23,24,25,31],{},"重大度オーバーライドポリシーは、",[26,27,30],"a",{"href":28,"rel":29},"https://docs.gitlab.com/ja-jp/user/application_security/policies/vulnerability_management_policy/",[],"脆弱性管理ポリシー","の一種で、デフォルトブランチのパイプライン実行のたびに脆弱性の重大度レベルを自動的に調整します。マッチ条件（CVE ID、CWE ID、ファイルパス、ディレクトリ）とオーバーライドアクションを含むルールを定義します。脆弱性が条件に一致すると、GitLabのSecurity Policy Botが即座に重大度を更新します。",[12,33,34],{},"利用できるオーバーライド操作は3種類です。",[36,37,38,46,52],"ul",{},[39,40,41,45],"li",{},[42,43,44],"strong",{},"重大度を設定（Set Severity）",": 重大度を特定のレベル（info、low、medium、high、critical）に固定します。",[39,47,48,51],{},[42,49,50],{},"重大度を上げる（Increase Severity）",": 重大度を1段階引き上げます。",[39,53,54,57],{},[42,55,56],{},"重大度を下げる（Decrease Severity）",": 重大度を1段階引き下げます。",[12,59,60],{},"権限を持つユーザーによる手動オーバーライドは、常にポリシーによるオーバーライドより優先されます。自動変更はすべて脆弱性の履歴と監査イベントに記録されるため、何が変更され、その理由についての完全な記録を維持できます。",[19,62,63],{"id":63},"すぐに使える設定付きユースケース",[12,65,66],{},"以下の各例には、すぐにコピー・カスタマイズして適用できるポリシー設定を記載しています。",[68,69,71],"h3",{"id":70},"_1-内部サービスにおける低リスクcveの重大度を下げる","1. 内部サービスにおける低リスクCVEの重大度を下げる",[12,73,74],{},"セキュリティスキャナーは、どのプロジェクトが内部ツール、テストユーティリティ、または本番サービスであるかを認識しません。デプロイのコンテキストに関わらず、すべてのCVEを同じように評価します。外部トラフィックにさらされることのない内部管理ダッシュボード、開発者向けツール、バッチ処理ジョブを運用しているチームにとって、Critical評価の依存関係の脆弱性は、顧客向けAPIにある脆弱性と同じ対応を必要とするわけではありません。",[12,76,77],{},"このポリシーは、内部サービスのディレクトリで検出された特定のCVEの重大度を下げます。",[79,80,85],"pre",{"className":81,"code":82,"language":83,"meta":84,"style":84},"language-yaml shiki shiki-themes github-light","vulnerability_management_policy:\n  - name: \"Downgrade CVEs in internal services\"\n    description: \"Internal-only services have lower exposure risk\"\n    enabled: true\n    rules:\n      - type: detected\n        criteria:\n          - type: identifier\n            identifier_type: cve\n            values:\n              - \"CVE-2023-44487\"\n              - \"CVE-2024-29041\"\n          - type: directory\n            value: \"internal/**/*\"\n    actions:\n      - type: severity_override\n        severity_override_operation: decrease\n","yaml","",[86,87,88,101,117,128,140,148,162,170,183,194,202,211,219,231,242,250,262],"code",{"__ignoreMap":84},[89,90,93,97],"span",{"class":91,"line":92},"line",1,[89,94,96],{"class":95},"shJU0","vulnerability_management_policy",[89,98,100],{"class":99},"sgsFI",":\n",[89,102,104,107,110,113],{"class":91,"line":103},2,[89,105,106],{"class":99},"  - ",[89,108,109],{"class":95},"name",[89,111,112],{"class":99},": ",[89,114,116],{"class":115},"sYBdl","\"Downgrade CVEs in internal services\"\n",[89,118,120,123,125],{"class":91,"line":119},3,[89,121,122],{"class":95},"    description",[89,124,112],{"class":99},[89,126,127],{"class":115},"\"Internal-only services have lower exposure risk\"\n",[89,129,131,134,136],{"class":91,"line":130},4,[89,132,133],{"class":95},"    enabled",[89,135,112],{"class":99},[89,137,139],{"class":138},"sYu0t","true\n",[89,141,143,146],{"class":91,"line":142},5,[89,144,145],{"class":95},"    rules",[89,147,100],{"class":99},[89,149,151,154,157,159],{"class":91,"line":150},6,[89,152,153],{"class":99},"      - ",[89,155,156],{"class":95},"type",[89,158,112],{"class":99},[89,160,161],{"class":115},"detected\n",[89,163,165,168],{"class":91,"line":164},7,[89,166,167],{"class":95},"        criteria",[89,169,100],{"class":99},[89,171,173,176,178,180],{"class":91,"line":172},8,[89,174,175],{"class":99},"          - ",[89,177,156],{"class":95},[89,179,112],{"class":99},[89,181,182],{"class":115},"identifier\n",[89,184,186,189,191],{"class":91,"line":185},9,[89,187,188],{"class":95},"            identifier_type",[89,190,112],{"class":99},[89,192,193],{"class":115},"cve\n",[89,195,197,200],{"class":91,"line":196},10,[89,198,199],{"class":95},"            values",[89,201,100],{"class":99},[89,203,205,208],{"class":91,"line":204},11,[89,206,207],{"class":99},"              - ",[89,209,210],{"class":115},"\"CVE-2023-44487\"\n",[89,212,214,216],{"class":91,"line":213},12,[89,215,207],{"class":99},[89,217,218],{"class":115},"\"CVE-2024-29041\"\n",[89,220,222,224,226,228],{"class":91,"line":221},13,[89,223,175],{"class":99},[89,225,156],{"class":95},[89,227,112],{"class":99},[89,229,230],{"class":115},"directory\n",[89,232,234,237,239],{"class":91,"line":233},14,[89,235,236],{"class":95},"            value",[89,238,112],{"class":99},[89,240,241],{"class":115},"\"internal/**/*\"\n",[89,243,245,248],{"class":91,"line":244},15,[89,246,247],{"class":95},"    actions",[89,249,100],{"class":99},[89,251,253,255,257,259],{"class":91,"line":252},16,[89,254,153],{"class":99},[89,256,156],{"class":95},[89,258,112],{"class":99},[89,260,261],{"class":115},"severity_override\n",[89,263,265,268,270],{"class":91,"line":264},17,[89,266,267],{"class":95},"        severity_override_operation",[89,269,112],{"class":99},[89,271,272],{"class":115},"decrease\n",[12,274,275,276,279],{},"CVEの値は、チームが内部デプロイにおいて低リスクと判断した識別子に置き換えてください。",[86,277,278],{},"decrease"," 操作により重大度が1段階下がります（CriticalはHighに、HighはMediumになります）。コンテキストに不適切なスコアに過剰反応することなく、相対的な優先度を維持できます。",[68,281,283],{"id":282},"_2-本番コードにおけるインジェクション脆弱性の重大度を上げる","2. 本番コードにおけるインジェクション脆弱性の重大度を上げる",[12,285,286,287,292,293,298,299,302],{},"本番ソースコードで検出された場合、より強力な対応が必要な脆弱性クラスがあります。クロスサイトスクリプティング（CWE-79）およびSQLインジェクション（CWE-89）は、",[26,288,291],{"href":289,"rel":290},"https://about.gitlab.com/blog/2025-owasp-top-10-whats-changed-and-why-it-matters/",[],"OWASP","とCISAの",[26,294,297],{"href":295,"rel":296},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog",[],"既知の悪用された脆弱性（KEV）","カタログによると、最も悪用されている脆弱性タイプに継続的にランクインしています。スキャナーが ",[86,300,301],{},"src/"," ディレクトリ内でこれらをMediumまたはHighと報告している場合、トリアージプロセスではCriticalとして扱う必要があります。",[12,304,305],{},"このポリシーは、本番コードにおけるXSSおよびSQLiの検出結果の重大度をCriticalに設定します。",[79,307,309],{"className":81,"code":308,"language":83,"meta":84,"style":84},"vulnerability_management_policy:\n  - name: \"Upgrade XSS and SQLi in production code\"\n    description: \"Injection vulnerabilities in src/ are always Critical\"\n    enabled: true\n    rules:\n      - type: detected\n        criteria:\n          - type: identifier\n            identifier_type: cwe\n            values:\n              - \"CWE-79\"\n              - \"CWE-89\"\n          - type: directory\n            value: \"src/**/*\"\n    actions:\n      - type: severity_override\n        severity_override_operation: set\n        severity_override_value: critical\n",[86,310,311,317,328,337,345,351,361,367,377,386,392,399,406,416,425,431,441,450],{"__ignoreMap":84},[89,312,313,315],{"class":91,"line":92},[89,314,96],{"class":95},[89,316,100],{"class":99},[89,318,319,321,323,325],{"class":91,"line":103},[89,320,106],{"class":99},[89,322,109],{"class":95},[89,324,112],{"class":99},[89,326,327],{"class":115},"\"Upgrade XSS and SQLi in production code\"\n",[89,329,330,332,334],{"class":91,"line":119},[89,331,122],{"class":95},[89,333,112],{"class":99},[89,335,336],{"class":115},"\"Injection vulnerabilities in src/ are always Critical\"\n",[89,338,339,341,343],{"class":91,"line":130},[89,340,133],{"class":95},[89,342,112],{"class":99},[89,344,139],{"class":138},[89,346,347,349],{"class":91,"line":142},[89,348,145],{"class":95},[89,350,100],{"class":99},[89,352,353,355,357,359],{"class":91,"line":150},[89,354,153],{"class":99},[89,356,156],{"class":95},[89,358,112],{"class":99},[89,360,161],{"class":115},[89,362,363,365],{"class":91,"line":164},[89,364,167],{"class":95},[89,366,100],{"class":99},[89,368,369,371,373,375],{"class":91,"line":172},[89,370,175],{"class":99},[89,372,156],{"class":95},[89,374,112],{"class":99},[89,376,182],{"class":115},[89,378,379,381,383],{"class":91,"line":185},[89,380,188],{"class":95},[89,382,112],{"class":99},[89,384,385],{"class":115},"cwe\n",[89,387,388,390],{"class":91,"line":196},[89,389,199],{"class":95},[89,391,100],{"class":99},[89,393,394,396],{"class":91,"line":204},[89,395,207],{"class":99},[89,397,398],{"class":115},"\"CWE-79\"\n",[89,400,401,403],{"class":91,"line":213},[89,402,207],{"class":99},[89,404,405],{"class":115},"\"CWE-89\"\n",[89,407,408,410,412,414],{"class":91,"line":221},[89,409,175],{"class":99},[89,411,156],{"class":95},[89,413,112],{"class":99},[89,415,230],{"class":115},[89,417,418,420,422],{"class":91,"line":233},[89,419,236],{"class":95},[89,421,112],{"class":99},[89,423,424],{"class":115},"\"src/**/*\"\n",[89,426,427,429],{"class":91,"line":244},[89,428,247],{"class":95},[89,430,100],{"class":99},[89,432,433,435,437,439],{"class":91,"line":252},[89,434,153],{"class":99},[89,436,156],{"class":95},[89,438,112],{"class":99},[89,440,261],{"class":115},[89,442,443,445,447],{"class":91,"line":264},[89,444,267],{"class":95},[89,446,112],{"class":99},[89,448,449],{"class":115},"set\n",[89,451,453,456,458],{"class":91,"line":452},18,[89,454,455],{"class":95},"        severity_override_value",[89,457,112],{"class":99},[89,459,460],{"class":115},"critical\n",[12,462,463,464,469],{},"このポリシーと、Criticalの検出結果にセキュリティチームの承認を必要とする",[26,465,468],{"href":466,"rel":467},"https://docs.gitlab.com/ja-jp/user/application_security/policies/merge_request_approval_policies/",[],"マージリクエスト承認ポリシー","を組み合わせることをお勧めします。重大度オーバーライドにより、脆弱性レポートで適切な検出結果にフラグが立てられて優先度が付けられ、承認ポリシーにより、新たに検出された検出結果がレビューなしに本番環境に到達できなくなります。",[68,471,473],{"id":472},"_3-スキャナー間で重大度を統一する","3. スキャナー間で重大度を統一する",[12,475,476],{},"スキャナーによっては、同じCVEに異なる重大度レベルを割り当てることがあります。SAST（静的アプリケーションセキュリティテスト）スキャナーがHighと評価した検出結果を、依存関係スキャンがMediumと呼ぶ場合があります。こうした不整合はトリアージ時に混乱を招き、スキャンタイプをまたいだ一貫した承認しきい値の設定を困難にします。",[12,478,479],{},"重大度オーバーライドポリシーを使用して、一貫したベースラインを適用します。セキュリティチームが特定のCVEファミリーを評価し、どのスキャナーで検出されたかに関わらず常にHighであるべきと判断した場合、明示的に設定できます。",[79,481,483],{"className":81,"code":482,"language":83,"meta":84,"style":84},"vulnerability_management_policy:\n  - name: \"Normalize log4j severity to High\"\n    description: \"Consistent severity for log4j CVEs across all scanners\"\n    enabled: true\n    rules:\n      - type: detected\n        criteria:\n          - type: identifier\n            identifier_type: cve\n            values:\n              - \"CVE-2021-44228\"\n              - \"CVE-2021-45046\"\n              - \"CVE-2021-45105\"\n    actions:\n      - type: severity_override\n        severity_override_operation: set\n        severity_override_value: high\n",[86,484,485,491,502,511,519,525,535,541,551,559,565,572,579,586,592,602,610],{"__ignoreMap":84},[89,486,487,489],{"class":91,"line":92},[89,488,96],{"class":95},[89,490,100],{"class":99},[89,492,493,495,497,499],{"class":91,"line":103},[89,494,106],{"class":99},[89,496,109],{"class":95},[89,498,112],{"class":99},[89,500,501],{"class":115},"\"Normalize log4j severity to High\"\n",[89,503,504,506,508],{"class":91,"line":119},[89,505,122],{"class":95},[89,507,112],{"class":99},[89,509,510],{"class":115},"\"Consistent severity for log4j CVEs across all scanners\"\n",[89,512,513,515,517],{"class":91,"line":130},[89,514,133],{"class":95},[89,516,112],{"class":99},[89,518,139],{"class":138},[89,520,521,523],{"class":91,"line":142},[89,522,145],{"class":95},[89,524,100],{"class":99},[89,526,527,529,531,533],{"class":91,"line":150},[89,528,153],{"class":99},[89,530,156],{"class":95},[89,532,112],{"class":99},[89,534,161],{"class":115},[89,536,537,539],{"class":91,"line":164},[89,538,167],{"class":95},[89,540,100],{"class":99},[89,542,543,545,547,549],{"class":91,"line":172},[89,544,175],{"class":99},[89,546,156],{"class":95},[89,548,112],{"class":99},[89,550,182],{"class":115},[89,552,553,555,557],{"class":91,"line":185},[89,554,188],{"class":95},[89,556,112],{"class":99},[89,558,193],{"class":115},[89,560,561,563],{"class":91,"line":196},[89,562,199],{"class":95},[89,564,100],{"class":99},[89,566,567,569],{"class":91,"line":204},[89,568,207],{"class":99},[89,570,571],{"class":115},"\"CVE-2021-44228\"\n",[89,573,574,576],{"class":91,"line":213},[89,575,207],{"class":99},[89,577,578],{"class":115},"\"CVE-2021-45046\"\n",[89,580,581,583],{"class":91,"line":221},[89,582,207],{"class":99},[89,584,585],{"class":115},"\"CVE-2021-45105\"\n",[89,587,588,590],{"class":91,"line":233},[89,589,247],{"class":95},[89,591,100],{"class":99},[89,593,594,596,598,600],{"class":91,"line":244},[89,595,153],{"class":99},[89,597,156],{"class":95},[89,599,112],{"class":99},[89,601,261],{"class":115},[89,603,604,606,608],{"class":91,"line":252},[89,605,267],{"class":95},[89,607,112],{"class":99},[89,609,449],{"class":115},[89,611,612,614,616],{"class":91,"line":264},[89,613,455],{"class":95},[89,615,112],{"class":99},[89,617,618],{"class":115},"high\n",[12,620,621],{},"これは、SAST、依存関係スキャン、コンテナスキャンなど複数のスキャンタイプを運用している組織において特に有効です。検出方法によって評価が異なる同一の脆弱性が、それぞれ異なる重大度で表示される状況に対処できます。",[68,623,625],{"id":624},"_4-エクスプロイトインテリジェンスに合わせて重大度を調整する","4. エクスプロイトインテリジェンスに合わせて重大度を調整する",[12,627,628,629,634],{},"CVSSスコアは静的です。脆弱性が実際に悪用されはじめても変化せず、現実世界での悪用確率も考慮しません。FIRSTの",[26,630,633],{"href":631,"rel":632},"https://www.first.org/epss/",[],"Exploit Prediction Scoring System（EPSS）","とCISAのKEVカタログが、この欠けているシグナルを提供します。",[12,636,637],{},"脅威インテリジェンスから、あるMedium重大度のCVEが現在活発に悪用されている（KEV）か、悪用確率が高い（EPSSが0.5超）と判明した場合、重大度オーバーライドで引き上げます。",[79,639,641],{"className":81,"code":640,"language":83,"meta":84,"style":84},"vulnerability_management_policy:\n  - name: \"Upgrade actively exploited CVEs\"\n    description: \"CVEs in CISA KEV catalog should be treated as Critical\"\n    enabled: true\n    rules:\n      - type: detected\n        criteria:\n          - type: identifier\n            identifier_type: cve\n            values:\n              - \"CVE-2024-3094\"\n              - \"CVE-2023-4966\"\n              - \"CVE-2023-22515\"\n    actions:\n      - type: severity_override\n        severity_override_operation: set\n        severity_override_value: critical\n",[86,642,643,649,660,669,677,683,693,699,709,717,723,730,737,744,750,760,768],{"__ignoreMap":84},[89,644,645,647],{"class":91,"line":92},[89,646,96],{"class":95},[89,648,100],{"class":99},[89,650,651,653,655,657],{"class":91,"line":103},[89,652,106],{"class":99},[89,654,109],{"class":95},[89,656,112],{"class":99},[89,658,659],{"class":115},"\"Upgrade actively exploited CVEs\"\n",[89,661,662,664,666],{"class":91,"line":119},[89,663,122],{"class":95},[89,665,112],{"class":99},[89,667,668],{"class":115},"\"CVEs in CISA KEV catalog should be treated as Critical\"\n",[89,670,671,673,675],{"class":91,"line":130},[89,672,133],{"class":95},[89,674,112],{"class":99},[89,676,139],{"class":138},[89,678,679,681],{"class":91,"line":142},[89,680,145],{"class":95},[89,682,100],{"class":99},[89,684,685,687,689,691],{"class":91,"line":150},[89,686,153],{"class":99},[89,688,156],{"class":95},[89,690,112],{"class":99},[89,692,161],{"class":115},[89,694,695,697],{"class":91,"line":164},[89,696,167],{"class":95},[89,698,100],{"class":99},[89,700,701,703,705,707],{"class":91,"line":172},[89,702,175],{"class":99},[89,704,156],{"class":95},[89,706,112],{"class":99},[89,708,182],{"class":115},[89,710,711,713,715],{"class":91,"line":185},[89,712,188],{"class":95},[89,714,112],{"class":99},[89,716,193],{"class":115},[89,718,719,721],{"class":91,"line":196},[89,720,199],{"class":95},[89,722,100],{"class":99},[89,724,725,727],{"class":91,"line":204},[89,726,207],{"class":99},[89,728,729],{"class":115},"\"CVE-2024-3094\"\n",[89,731,732,734],{"class":91,"line":213},[89,733,207],{"class":99},[89,735,736],{"class":115},"\"CVE-2023-4966\"\n",[89,738,739,741],{"class":91,"line":221},[89,740,207],{"class":99},[89,742,743],{"class":115},"\"CVE-2023-22515\"\n",[89,745,746,748],{"class":91,"line":233},[89,747,247],{"class":95},[89,749,100],{"class":99},[89,751,752,754,756,758],{"class":91,"line":244},[89,753,153],{"class":99},[89,755,156],{"class":95},[89,757,112],{"class":99},[89,759,261],{"class":115},[89,761,762,764,766],{"class":91,"line":252},[89,763,267],{"class":95},[89,765,112],{"class":99},[89,767,449],{"class":115},[89,769,770,772,774],{"class":91,"line":264},[89,771,455],{"class":95},[89,773,112],{"class":99},[89,775,460],{"class":115},[12,777,778],{},"自社のスタックに関連するKEVエントリのリストを管理し、新たなCVEがカタログに追加されるたびにポリシーを更新してください。これにより、アナリストが各検出結果を手動で調整することなく、脅威インテリジェンスと開発者向けの重大度表示をつなぐフィードバックループが生まれます。",[68,780,782],{"id":781},"_5-グループレベルで組織全体のリスクモデルを適用する","5. グループレベルで組織全体のリスクモデルを適用する",[12,784,785,786,789],{},"組織に数百または数千のプロジェクトがある場合、プロジェクト単位のポリシーは管理できません。重大度オーバーライドポリシーはグループレベルで適用でき、グループ内のすべてのプロジェクトに影響を与えます。",[86,787,788],{},"policy_scope"," と組み合わせることで、特定のコンプライアンスフレームワークラベルに一致するプロジェクトにポリシーをターゲット指定できます。",[12,791,792],{},"例えば、「PCI-DSS」コンプライアンスフレームワークを持つ組織では、PCI対象プロジェクト全体にインジェクション脆弱性の厳格な重大度処理を適用しつつ、内部ツールグループには緩いポリシーを適用できます。",[79,794,796],{"className":81,"code":795,"language":83,"meta":84,"style":84},"vulnerability_management_policy:\n  - name: \"PCI projects: upgrade injection severity\"\n    description: \"All injection vulnerabilities are Critical in PCI scope\"\n    enabled: true\n    policy_scope:\n      compliance_frameworks:\n        - id: 12345\n    rules:\n      - type: detected\n        criteria:\n          - type: identifier\n            identifier_type: cwe\n            values:\n              - \"CWE-79\"\n              - \"CWE-89\"\n              - \"CWE-78\"\n              - \"CWE-94\"\n    actions:\n      - type: severity_override\n        severity_override_operation: set\n        severity_override_value: critical\n",[86,797,798,804,815,824,832,839,846,859,865,875,881,891,899,905,911,917,924,931,937,948,957],{"__ignoreMap":84},[89,799,800,802],{"class":91,"line":92},[89,801,96],{"class":95},[89,803,100],{"class":99},[89,805,806,808,810,812],{"class":91,"line":103},[89,807,106],{"class":99},[89,809,109],{"class":95},[89,811,112],{"class":99},[89,813,814],{"class":115},"\"PCI projects: upgrade injection severity\"\n",[89,816,817,819,821],{"class":91,"line":119},[89,818,122],{"class":95},[89,820,112],{"class":99},[89,822,823],{"class":115},"\"All injection vulnerabilities are Critical in PCI scope\"\n",[89,825,826,828,830],{"class":91,"line":130},[89,827,133],{"class":95},[89,829,112],{"class":99},[89,831,139],{"class":138},[89,833,834,837],{"class":91,"line":142},[89,835,836],{"class":95},"    policy_scope",[89,838,100],{"class":99},[89,840,841,844],{"class":91,"line":150},[89,842,843],{"class":95},"      compliance_frameworks",[89,845,100],{"class":99},[89,847,848,851,854,856],{"class":91,"line":164},[89,849,850],{"class":99},"        - ",[89,852,853],{"class":95},"id",[89,855,112],{"class":99},[89,857,858],{"class":138},"12345\n",[89,860,861,863],{"class":91,"line":172},[89,862,145],{"class":95},[89,864,100],{"class":99},[89,866,867,869,871,873],{"class":91,"line":185},[89,868,153],{"class":99},[89,870,156],{"class":95},[89,872,112],{"class":99},[89,874,161],{"class":115},[89,876,877,879],{"class":91,"line":196},[89,878,167],{"class":95},[89,880,100],{"class":99},[89,882,883,885,887,889],{"class":91,"line":204},[89,884,175],{"class":99},[89,886,156],{"class":95},[89,888,112],{"class":99},[89,890,182],{"class":115},[89,892,893,895,897],{"class":91,"line":213},[89,894,188],{"class":95},[89,896,112],{"class":99},[89,898,385],{"class":115},[89,900,901,903],{"class":91,"line":221},[89,902,199],{"class":95},[89,904,100],{"class":99},[89,906,907,909],{"class":91,"line":233},[89,908,207],{"class":99},[89,910,398],{"class":115},[89,912,913,915],{"class":91,"line":244},[89,914,207],{"class":99},[89,916,405],{"class":115},[89,918,919,921],{"class":91,"line":252},[89,920,207],{"class":99},[89,922,923],{"class":115},"\"CWE-78\"\n",[89,925,926,928],{"class":91,"line":264},[89,927,207],{"class":99},[89,929,930],{"class":115},"\"CWE-94\"\n",[89,932,933,935],{"class":91,"line":452},[89,934,247],{"class":95},[89,936,100],{"class":99},[89,938,940,942,944,946],{"class":91,"line":939},19,[89,941,153],{"class":99},[89,943,156],{"class":95},[89,945,112],{"class":99},[89,947,261],{"class":115},[89,949,951,953,955],{"class":91,"line":950},20,[89,952,267],{"class":95},[89,954,112],{"class":99},[89,956,449],{"class":115},[89,958,960,962,964],{"class":91,"line":959},21,[89,961,455],{"class":95},[89,963,112],{"class":99},[89,965,460],{"class":115},[12,967,968],{},"このパターンにより、セキュリティチームがリスクモデルを一度定義するだけで、あらゆる場所に一貫して適用されます。プロジェクトごとの設定も、個々のチームが正しく設定することへの依存も不要です。",[19,970,971],{"id":971},"はじめ方",[12,973,974],{},"脆弱性管理ポリシーを作成するには、以下の手順に従ってください。",[976,977,978,984,990,996,1006],"ol",{},[39,979,980,983],{},[42,981,982],{},"不一致を特定する。"," 脆弱性レポートを開き、「Needs triage」でフィルタリングします。パターンを探してください。テストコードにあるCriticalの検出結果、活発に悪用されているMediumの検出結果、スキャンタイプをまたいだ一貫性のない評価などです。",[39,985,986,989],{},[42,987,988],{},"ユースケースを1つ選ぶ。"," 上記のシナリオの中から、最も多くの不一致な検出結果に対応するものから始めます。",[39,991,992,995],{},[42,993,994],{},"ベースラインを記録する。"," ポリシーを作成する前の重大度分布（対象スコープ内のCritical、High、Mediumの件数）を記録します。",[39,997,998,1001,1002,1005],{},[42,999,1000],{},"作成して適用する。"," ",[42,1003,1004],{},"Secure > Policies > New policy > Vulnerability management policy"," に移動し、上記のユースケースから設定を貼り付けてマージリクエストをマージします。",[39,1007,1008,1011],{},[42,1009,1010],{},"結果を検証する。"," 次のデフォルトブランチパイプライン実行後、脆弱性レポートで更新された重大度を確認します。アクティビティログをフィルタリングして調整された検出結果を確認し、対象が正しいことを検証します。",[68,1013,1014],{"id":1014},"クイックリファレンス",[1016,1017,1018,1031],"table",{},[1019,1020,1021],"thead",{},[1022,1023,1024,1028],"tr",{},[1025,1026,1027],"th",{},"パラメータ",[1025,1029,1030],{},"詳細",[1032,1033,1034,1069,1089,1113,1134,1144,1154,1167],"tbody",{},[1022,1035,1036,1042],{},[1037,1038,1039],"td",{},[42,1040,1041],{},"条件タイプ",[1037,1043,1044,1047,1048,1047,1051,1054,1055,1058,1059,1047,1062,1047,1065,1068],{},[86,1045,1046],{},"file_path","、",[86,1049,1050],{},"directory",[86,1052,1053],{},"identifier","（オプションの ",[86,1056,1057],{},"identifier_type","：",[86,1060,1061],{},"cve",[86,1063,1064],{},"cwe",[86,1066,1067],{},"owasp","）",[1022,1070,1071,1076],{},[1037,1072,1073],{},[42,1074,1075],{},"オーバーライド操作",[1037,1077,1078,1081,1082,1085,1086,1088],{},[86,1079,1080],{},"set","（特定レベルに設定）、",[86,1083,1084],{},"increase","（1段階上げ）、",[86,1087,278],{},"（1段階下げ）",[1022,1090,1091,1096],{},[1037,1092,1093],{},[42,1094,1095],{},"重大度レベル",[1037,1097,1098,1047,1101,1047,1104,1047,1107,1047,1110],{},[86,1099,1100],{},"info",[86,1102,1103],{},"low",[86,1105,1106],{},"medium",[86,1108,1109],{},"high",[86,1111,1112],{},"critical",[1022,1114,1115,1120],{},[1037,1116,1117],{},[42,1118,1119],{},"値",[1037,1121,1122,1123,1126,1127,1130,1131,1068],{},"単一の ",[86,1124,1125],{},"value"," または ",[86,1128,1129],{},"values"," 配列（最大1,000件、OR論理）。ワイルドカード対応（例：",[86,1132,1133],{},"CVE-2023-*",[1022,1135,1136,1141],{},[1037,1137,1138],{},[42,1139,1140],{},"条件の論理",[1037,1142,1143],{},"1つのルール内の複数条件 = AND（すべてに一致）。1つのポリシー内の複数ルール = OR（いずれかに一致）",[1022,1145,1146,1151],{},[1037,1147,1148],{},[42,1149,1150],{},"制限",[1037,1152,1153],{},"ルールごとに条件3件、ポリシーごとにルール5件、セキュリティポリシープロジェクトごとにポリシー5件",[1022,1155,1156,1161],{},[1037,1157,1158],{},[42,1159,1160],{},"スコープ",[1037,1162,1163,1164,1166],{},"プロジェクトレベルまたはグループレベル。コンプライアンスフレームワークのターゲット指定には ",[86,1165,788],{}," を使用",[1022,1168,1169,1174],{},[1037,1170,1171],{},[42,1172,1173],{},"手動オーバーライドの優先度",[1037,1175,1176],{},"権限を持つユーザーによる手動オーバーライドは常に優先されます",[19,1178,1179],{"id":1179},"よくある質問",[12,1181,1182,1185,1188],{},[42,1183,1184],{},"自動却下（auto-dismiss）と重大度オーバーライドの違いは何ですか？",[1186,1187],"br",{},"\n自動却下は、検出結果をアクティブなトリアージキューから削除します。重大度オーバーライドは、検出結果を表示したまま優先度レベルを調整するため、適切な緊急度で追跡・レビューが続けられます。",[12,1190,1191,1194,1196,1197,1200],{},[42,1192,1193],{},"重大度オーバーライドを他のポリシータイプと組み合わせることはできますか？",[1186,1195],{},"\nはい。重大度オーバーライドは ",[86,1198,1199],{},"default"," ブランチの検出結果に適用され、GitLabの脆弱性レポートに表示される脆弱性に影響します。その後、マージリクエスト承認ポリシーを使用して新たに検出された検出結果をゲートできます。",[12,1202,1203,1206,1208],{},[42,1204,1205],{},"重大度オーバーライドは既存の脆弱性に遡及して適用されますか？",[1186,1207],{},"\nはい。重大度オーバーライドポリシーが適用されると、次のデフォルトブランチパイプライン実行時に、ステータスが「Needs triage」または「Confirmed」の一致する脆弱性が1回につき最大1,000件処理されます。",[12,1210,1211,1214,1216],{},[42,1212,1213],{},"2つのポリシーが競合する重大度を設定した場合、どうなりますか？",[1186,1215],{},"\n手動オーバーライドは常に優先されます。ポリシーの競合については、最後に適用されたポリシーが優先されます。重複する条件を避けるため、定期的にポリシーを見直してください。",[12,1218,1219,1222,1224],{},[42,1220,1221],{},"開発者は重大度オーバーライドポリシーを回避できますか？",[1186,1223],{},"\nいいえ。ポリシーはアクセスが制限されたセキュリティポリシープロジェクトで管理されます。開発者はポリシーを変更したり無効にしたりできません。権限を持つユーザーは個々の脆弱性に手動オーバーライドを適用でき、これが優先されます。",[1226,1227,1228],"blockquote",{},[12,1229,1230,1231,1236,1237,1242],{},"脆弱性レポートに実際のリスクを反映させる準備はできていますか？",[26,1232,1235],{"href":1233,"rel":1234},"https://docs.gitlab.com/ja-jp/user/application_security/policies/vulnerability_management_policy/#severity-override-policies",[],"重大度オーバーライドポリシーのドキュメント","で詳細を確認するか、",[26,1238,1241],{"href":1239,"rel":1240},"https://about.gitlab.com/ja-jp/free-trial/",[],"GitLab Ultimateの無料トライアル","を開始して今すぐお試しください。",[1244,1245,1246],"style",{},"html pre.shiki code .shJU0, html code.shiki .shJU0{--shiki-default:#22863A}html pre.shiki code .sgsFI, html code.shiki .sgsFI{--shiki-default:#24292E}html pre.shiki code .sYBdl, html code.shiki .sYBdl{--shiki-default:#032F62}html pre.shiki code .sYu0t, html code.shiki .sYu0t{--shiki-default:#005CC5}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":84,"searchDepth":103,"depth":103,"links":1248},[1249,1250,1257,1260],{"id":21,"depth":103,"text":21},{"id":63,"depth":103,"text":63,"children":1251},[1252,1253,1254,1255,1256],{"id":70,"depth":119,"text":71},{"id":282,"depth":119,"text":283},{"id":472,"depth":119,"text":473},{"id":624,"depth":119,"text":625},{"id":781,"depth":119,"text":782},{"id":971,"depth":103,"text":971,"children":1258},[1259],{"id":1014,"depth":119,"text":1014},{"id":1179,"depth":103,"text":1179},"security","2026-05-13","デフォルトのCVSSスコアは実際のリスクを反映していません。GitLabの重大度オーバーライドポリシーを使用すると、CVE、CWE、ファイルパス、ディレクトリを条件として重大度を自動調整し、実際のリスクに即した脆弱性レポートを実現できます。","md",null,false,"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772630163/akp8ly2mrsfrhsb0liyb.png",{},true,"/ja-jp/blog/severity-override-vulnerability-management-policy",{"config":1272,"title":5,"description":1263,"ogImage":1273},{"noIndex":1266},"https://res.cloudinary.com/about-gitlab-com/image/upload/f_auto,q_auto,c_lfill/v1772630163/akp8ly2mrsfrhsb0liyb.webp","severity-override-vulnerability-management-policy","ja-jp/blog/severity-override-vulnerability-management-policy",[1261,1277],"tutorial","BlogPost","2026-05-14","TaGj8LSyVLyEq6-GlZZVL8F8JURJ2Zv3eb2llWkrjq8",{"logo":1282,"freeTrial":1287,"sales":1292,"login":1297,"items":1302,"search":1619,"minimal":1652,"duo":1669,"switchNav":1678,"pricingDeployment":1689},{"config":1283},{"href":1284,"dataGaName":1285,"dataGaLocation":1286},"/ja-jp/","gitlab logo","header",{"text":1288,"config":1289},"無料トライアルを開始",{"href":1290,"dataGaName":1291,"dataGaLocation":1286},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/ja-jp&glm_content=default-saas-trial/","free trial",{"text":1293,"config":1294},"お問い合わせはこちら",{"href":1295,"dataGaName":1296,"dataGaLocation":1286},"/ja-jp/sales/","sales",{"text":1298,"config":1299},"サインイン",{"href":1300,"dataGaName":1301,"dataGaLocation":1286},"https://gitlab.com/users/sign_in/","sign in",[1303,1332,1434,1439,1543,1599],{"text":1304,"config":1305,"menu":1307},"プラットフォーム",{"dataNavLevelOne":1306},"platform",{"type":1308,"columns":1309},"cards",[1310,1316,1324],{"title":1304,"description":1311,"link":1312},"DevSecOpsに特化したインテリジェントオーケストレーションプラットフォーム",{"text":1313,"config":1314},"プラットフォームの詳細はこちら",{"href":1315,"dataGaName":1306,"dataGaLocation":1286},"/ja-jp/platform/",{"title":1317,"description":1318,"link":1319},"GitLab Duo Agent Platform","ソフトウェアライフサイクル全体を支えるエージェント型AI",{"text":1320,"config":1321},"GitLab Duoのご紹介",{"href":1322,"dataGaName":1323,"dataGaLocation":1286},"/ja-jp/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":1325,"description":1326,"link":1327},"GitLabが選ばれる理由","エンタープライズがGitLabを選ぶ主な理由をご覧ください",{"text":1328,"config":1329},"詳細はこちら",{"href":1330,"dataGaName":1331,"dataGaLocation":1286},"/ja-jp/why-gitlab/","why gitlab",{"text":1333,"left":1269,"config":1334,"menu":1336},"製品",{"dataNavLevelOne":1335},"solutions",{"type":1337,"link":1338,"columns":1342,"feature":1413},"lists",{"text":1339,"config":1340},"すべてのソリューションを表示",{"href":1341,"dataGaName":1335,"dataGaLocation":1286},"/ja-jp/solutions/",[1343,1368,1391],{"title":1344,"description":1345,"link":1346,"items":1351},"自動化","CI/CDと自動化でデプロイを加速",{"config":1347},{"icon":1348,"href":1349,"dataGaName":1350,"dataGaLocation":1286},"AutomatedCodeAlt","/ja-jp/solutions/delivery-automation/","automated software delivery",[1352,1356,1359,1364],{"text":1353,"config":1354},"CI/CD",{"href":1355,"dataGaLocation":1286,"dataGaName":1353},"/ja-jp/solutions/continuous-integration/",{"text":1317,"config":1357},{"href":1322,"dataGaLocation":1286,"dataGaName":1358},"gitlab duo agent platform - product menu",{"text":1360,"config":1361},"ソースコード管理",{"href":1362,"dataGaLocation":1286,"dataGaName":1363},"/ja-jp/solutions/source-code-management/","Source Code Management",{"text":1365,"config":1366},"自動化されたソフトウェアデリバリー",{"href":1349,"dataGaLocation":1286,"dataGaName":1367},"Automated software delivery",{"title":1369,"description":1370,"link":1371,"items":1376},"セキュリティ","セキュリティを犠牲にすることなくコード作成を高速化",{"config":1372},{"href":1373,"dataGaName":1374,"dataGaLocation":1286,"icon":1375},"/ja-jp/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[1377,1381,1386],{"text":1378,"config":1379},"アプリケーションセキュリティテスト",{"href":1373,"dataGaName":1380,"dataGaLocation":1286},"Application security testing",{"text":1382,"config":1383},"ソフトウェアサプライチェーンセキュリティ",{"href":1384,"dataGaLocation":1286,"dataGaName":1385},"/ja-jp/solutions/supply-chain/","Software supply chain security",{"text":1387,"config":1388},"ソフトウェアコンプライアンス",{"href":1389,"dataGaName":1390,"dataGaLocation":1286},"/ja-jp/solutions/software-compliance/","software compliance",{"title":1392,"link":1393,"items":1398},"測定",{"config":1394},{"icon":1395,"href":1396,"dataGaName":1397,"dataGaLocation":1286},"DigitalTransformation","/ja-jp/solutions/visibility-measurement/","visibility and measurement",[1399,1403,1408],{"text":1400,"config":1401},"可視性と測定",{"href":1396,"dataGaLocation":1286,"dataGaName":1402},"Visibility and Measurement",{"text":1404,"config":1405},"バリューストリーム管理",{"href":1406,"dataGaLocation":1286,"dataGaName":1407},"/ja-jp/solutions/value-stream-management/","Value Stream Management",{"text":1409,"config":1410},"分析とインサイト",{"href":1411,"dataGaLocation":1286,"dataGaName":1412},"/ja-jp/solutions/analytics-and-insights/","Analytics and insights",{"title":1414,"type":1337,"items":1415},"GitLabが活躍する場所",[1416,1422,1428],{"text":1417,"config":1418},"大企業",{"icon":1419,"href":1420,"dataGaLocation":1286,"dataGaName":1421},"Building","/ja-jp/enterprise/","enterprise",{"text":1423,"config":1424},"スモールビジネス",{"icon":1425,"href":1426,"dataGaLocation":1286,"dataGaName":1427},"Work","/ja-jp/small-business/","small business",{"text":1429,"config":1430},"公共部門",{"icon":1431,"href":1432,"dataGaLocation":1286,"dataGaName":1433},"Organization","/ja-jp/solutions/public-sector/","public sector",{"text":1435,"config":1436},"価格",{"href":1437,"dataGaName":1438,"dataGaLocation":1286,"dataNavLevelOne":1438},"/ja-jp/pricing/","pricing",{"text":1440,"config":1441,"menu":1443},"関連リソース",{"dataNavLevelOne":1442},"resources",{"type":1337,"link":1444,"columns":1448,"feature":1532},{"text":1445,"config":1446},"すべてのリソースを表示",{"href":1447,"dataGaName":1442,"dataGaLocation":1286},"/ja-jp/resources/",[1449,1482,1504],{"title":1450,"items":1451},"はじめに",[1452,1457,1462,1467,1472,1477],{"text":1453,"config":1454},"インストール",{"href":1455,"dataGaName":1456,"dataGaLocation":1286},"/ja-jp/install/","install",{"text":1458,"config":1459},"クイックスタートガイド",{"href":1460,"dataGaName":1461,"dataGaLocation":1286},"/ja-jp/get-started/","quick setup checklists",{"text":1463,"config":1464},"学ぶ",{"href":1465,"dataGaLocation":1286,"dataGaName":1466},"https://university.gitlab.com/","learn",{"text":1468,"config":1469},"製品ドキュメント",{"href":1470,"dataGaName":1471,"dataGaLocation":1286},"https://docs.gitlab.com/","product documentation",{"text":1473,"config":1474},"ベストプラクティスビデオ",{"href":1475,"dataGaName":1476,"dataGaLocation":1286},"/ja-jp/getting-started-videos/","best practice videos",{"text":1478,"config":1479},"インテグレーション",{"href":1480,"dataGaName":1481,"dataGaLocation":1286},"/ja-jp/integrations/","integrations",{"title":1483,"items":1484},"検索する",[1485,1490,1495,1499],{"text":1486,"config":1487},"お客様成功事例",{"href":1488,"dataGaName":1489,"dataGaLocation":1286},"/ja-jp/customers/","customer success stories",{"text":1491,"config":1492},"ブログ",{"href":1493,"dataGaName":1494,"dataGaLocation":1286},"/ja-jp/blog/","blog",{"text":1496,"config":1497},"The Source",{"href":1498,"dataGaName":1494,"dataGaLocation":1286},"/ja-jp/the-source/",{"text":1500,"config":1501},"リモート",{"href":1502,"dataGaName":1503,"dataGaLocation":1286},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":1505,"items":1506},"つなげる",[1507,1512,1517,1522,1527],{"text":1508,"config":1509},"GitLabサービス",{"href":1510,"dataGaName":1511,"dataGaLocation":1286},"/ja-jp/services/","services",{"text":1513,"config":1514},"コミュニティ",{"href":1515,"dataGaName":1516,"dataGaLocation":1286},"/community/","community",{"text":1518,"config":1519},"フォーラム",{"href":1520,"dataGaName":1521,"dataGaLocation":1286},"https://forum.gitlab.com/","forum",{"text":1523,"config":1524},"イベント",{"href":1525,"dataGaName":1526,"dataGaLocation":1286},"/events/","events",{"text":1528,"config":1529},"パートナー",{"href":1530,"dataGaName":1531,"dataGaLocation":1286},"/ja-jp/partners/","partners",{"config":1533,"title":1536,"text":1537,"link":1538},{"background":1534,"textColor":1535},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","GitLabの最新情報","最新の機能と改善点に関する情報をお届けします。",{"text":1539,"config":1540},"最新情報を読む",{"href":1541,"dataGaName":1542,"dataGaLocation":1286},"/ja-jp/whats-new/","whats new",{"text":1544,"config":1545,"menu":1547},"企業情報",{"dataNavLevelOne":1546},"company",{"type":1337,"columns":1548},[1549],{"items":1550},[1551,1556,1562,1564,1569,1574,1579,1584,1589,1594],{"text":1552,"config":1553},"GitLabについて",{"href":1554,"dataGaName":1555,"dataGaLocation":1286},"/ja-jp/company/","about",{"text":1557,"config":1558,"footerGa":1561},"採用情報",{"href":1559,"dataGaName":1560,"dataGaLocation":1286},"/jobs/","jobs",{"dataGaName":1560},{"text":1523,"config":1563},{"href":1525,"dataGaName":1526,"dataGaLocation":1286},{"text":1565,"config":1566},"経営陣",{"href":1567,"dataGaName":1568,"dataGaLocation":1286},"/company/team/e-group/","leadership",{"text":1570,"config":1571},"ハンドブック",{"href":1572,"dataGaName":1573,"dataGaLocation":1286},"https://handbook.gitlab.com/","handbook",{"text":1575,"config":1576},"投資家向け情報",{"href":1577,"dataGaName":1578,"dataGaLocation":1286},"https://ir.gitlab.com/","investor relations",{"text":1580,"config":1581},"トラストセンター",{"href":1582,"dataGaName":1583,"dataGaLocation":1286},"/ja-jp/security/","trust center",{"text":1585,"config":1586},"AI Transparency Center",{"href":1587,"dataGaName":1588,"dataGaLocation":1286},"/ja-jp/ai-transparency-center/","ai transparency center",{"text":1590,"config":1591},"ニュースレター",{"href":1592,"dataGaName":1593,"dataGaLocation":1286},"/company/contact/#contact-forms","newsletter",{"text":1595,"config":1596},"プレス",{"href":1597,"dataGaName":1598,"dataGaLocation":1286},"/press/","press",{"text":1600,"config":1601,"menu":1602},"お問い合わせ",{"dataNavLevelOne":1546},{"type":1337,"columns":1603},[1604],{"items":1605},[1606,1609,1614],{"text":1293,"config":1607},{"href":1295,"dataGaName":1608,"dataGaLocation":1286},"talk to sales",{"text":1610,"config":1611},"サポートを受ける",{"href":1612,"dataGaName":1613,"dataGaLocation":1286},"https://support.gitlab.com","support portal",{"text":1615,"config":1616},"カスタマーポータル",{"href":1617,"dataGaName":1618,"dataGaLocation":1286},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":1620,"login":1621,"suggestions":1628},"閉じる",{"text":1622,"link":1623},"リポジトリとプロジェクトを検索するには、次にログインします",{"text":1624,"config":1625},"GitLab.com",{"href":1300,"dataGaName":1626,"dataGaLocation":1627},"search login","search",{"text":1629,"default":1630},"提案",[1631,1633,1638,1640,1644,1648],{"text":1317,"config":1632},{"href":1322,"dataGaName":1317,"dataGaLocation":1627},{"text":1634,"config":1635},"コード提案（AI）",{"href":1636,"dataGaName":1637,"dataGaLocation":1627},"/ja-jp/solutions/code-suggestions/","Code Suggestions (AI)",{"text":1353,"config":1639},{"href":1355,"dataGaName":1353,"dataGaLocation":1627},{"text":1641,"config":1642},"GitLab on AWS",{"href":1643,"dataGaName":1641,"dataGaLocation":1627},"/ja-jp/partners/technology-partners/aws/",{"text":1645,"config":1646},"GitLab on Google Cloud",{"href":1647,"dataGaName":1645,"dataGaLocation":1627},"/ja-jp/partners/technology-partners/google-cloud-platform/",{"text":1649,"config":1650},"GitLabを選ぶ理由",{"href":1330,"dataGaName":1651,"dataGaLocation":1627},"Why GitLab?",{"freeTrial":1653,"mobileIcon":1657,"desktopIcon":1662,"secondaryButton":1665},{"text":1288,"config":1654},{"href":1655,"dataGaName":1291,"dataGaLocation":1656},"https://gitlab.com/-/trials/new/","nav",{"altText":1658,"config":1659},"GitLabアイコン",{"src":1660,"dataGaName":1661,"dataGaLocation":1656},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":1658,"config":1663},{"src":1664,"dataGaName":1661,"dataGaLocation":1656},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":1450,"config":1666},{"href":1667,"dataGaName":1668,"dataGaLocation":1656},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/ja-jp/get-started/","get started",{"freeTrial":1670,"mobileIcon":1674,"desktopIcon":1676},{"text":1671,"config":1672},"GitLab Duoの詳細について",{"href":1322,"dataGaName":1673,"dataGaLocation":1656},"gitlab duo",{"altText":1658,"config":1675},{"src":1660,"dataGaName":1661,"dataGaLocation":1656},{"altText":1658,"config":1677},{"src":1664,"dataGaName":1661,"dataGaLocation":1656},{"button":1679,"mobileIcon":1684,"desktopIcon":1686},{"text":1680,"config":1681},"/switch",{"href":1682,"dataGaName":1683,"dataGaLocation":1656},"#contact","switch",{"altText":1658,"config":1685},{"src":1660,"dataGaName":1661,"dataGaLocation":1656},{"altText":1658,"config":1687},{"src":1688,"dataGaName":1661,"dataGaLocation":1656},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":1690,"mobileIcon":1695,"desktopIcon":1697},{"text":1691,"config":1692},"料金ページに戻る",{"href":1437,"dataGaName":1693,"dataGaLocation":1656,"icon":1694},"back to pricing","GoBack",{"altText":1658,"config":1696},{"src":1660,"dataGaName":1661,"dataGaLocation":1656},{"altText":1658,"config":1698},{"src":1664,"dataGaName":1661,"dataGaLocation":1656},{"title":1700,"button":1701,"config":1706},"エージェント型AIがソフトウェアデリバリーをどのように変革するかをご覧ください",{"text":1702,"config":1703},"6月18日のGitLab Transcend日本開催版に申し込む",{"href":1704,"dataGaName":1705,"dataGaLocation":1286},"/ja-jp/events/transcend/virtual/","transcend event",{"layout":1707,"disabled":1266},"release",{"data":1709},{"text":1710,"source":1711,"edit":1717,"contribute":1722,"config":1727,"items":1732,"minimal":1940},"GitはSoftware Freedom Conservancyの商標です。当社は「GitLab」をライセンスに基づいて使用しています",{"text":1712,"config":1713},"ページのソースを表示",{"href":1714,"dataGaName":1715,"dataGaLocation":1716},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":1718,"config":1719},"このページを編集",{"href":1720,"dataGaName":1721,"dataGaLocation":1716},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":1723,"config":1724},"ご協力をお願いします",{"href":1725,"dataGaName":1726,"dataGaLocation":1716},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":1728,"facebook":1729,"youtube":1730,"linkedin":1731},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[1733,1778,1831,1875,1907],{"title":1435,"links":1734,"subMenu":1749},[1735,1739,1744],{"text":1736,"config":1737},"プランの表示",{"href":1437,"dataGaName":1738,"dataGaLocation":1716},"view plans",{"text":1740,"config":1741},"Premiumを選ぶ理由",{"href":1742,"dataGaName":1743,"dataGaLocation":1716},"/ja-jp/pricing/premium/","why premium",{"text":1745,"config":1746},"Ultimateを選ぶ理由",{"href":1747,"dataGaName":1748,"dataGaLocation":1716},"/ja-jp/pricing/ultimate/","why ultimate",[1750],{"title":1600,"links":1751},[1752,1754,1756,1758,1763,1768,1773],{"text":1600,"config":1753},{"href":1295,"dataGaName":1296,"dataGaLocation":1716},{"text":1610,"config":1755},{"href":1612,"dataGaName":1613,"dataGaLocation":1716},{"text":1615,"config":1757},{"href":1617,"dataGaName":1618,"dataGaLocation":1716},{"text":1759,"config":1760},"ステータス",{"href":1761,"dataGaName":1762,"dataGaLocation":1716},"https://status.gitlab.com/","status",{"text":1764,"config":1765},"利用規約",{"href":1766,"dataGaName":1767,"dataGaLocation":1716},"/terms/","terms of use",{"text":1769,"config":1770},"プライバシーに関する声明",{"href":1771,"dataGaName":1772,"dataGaLocation":1716},"/ja-jp/privacy/","privacy statement",{"text":1774,"config":1775},"Cookie 優先設定",{"dataGaName":1776,"dataGaLocation":1716,"id":1777,"isOneTrustButton":1269},"cookie preferences","ot-sdk-btn",{"title":1333,"links":1779,"subMenu":1788},[1780,1784],{"text":1781,"config":1782},"DevSecOpsプラットフォーム",{"href":1315,"dataGaName":1783,"dataGaLocation":1716},"devsecops platform",{"text":1785,"config":1786},"AI支援開発",{"href":1322,"dataGaName":1787,"dataGaLocation":1716},"ai-assisted development",[1789],{"title":1790,"links":1791},"トピック",[1792,1796,1801,1806,1811,1816,1821,1826],{"text":1353,"config":1793},{"href":1794,"dataGaName":1795,"dataGaLocation":1716},"/ja-jp/topics/ci-cd/","cicd",{"text":1797,"config":1798},"GitOps",{"href":1799,"dataGaName":1800,"dataGaLocation":1716},"/ja-jp/topics/gitops/","gitops",{"text":1802,"config":1803},"DevOps",{"href":1804,"dataGaName":1805,"dataGaLocation":1716},"/ja-jp/topics/devops/","devops",{"text":1807,"config":1808},"バージョン管理",{"href":1809,"dataGaName":1810,"dataGaLocation":1716},"/ja-jp/topics/version-control/","version control",{"text":1812,"config":1813},"DevSecOps",{"href":1814,"dataGaName":1815,"dataGaLocation":1716},"/ja-jp/topics/devsecops/","devsecops",{"text":1817,"config":1818},"クラウドネイティブ",{"href":1819,"dataGaName":1820,"dataGaLocation":1716},"/ja-jp/topics/cloud-native/","cloud native",{"text":1822,"config":1823},"コーディングのためのAI",{"href":1824,"dataGaName":1825,"dataGaLocation":1716},"/ja-jp/topics/devops/ai-for-coding/","ai for coding",{"text":1827,"config":1828},"エージェント型AI",{"href":1829,"dataGaName":1830,"dataGaLocation":1716},"/ja-jp/topics/agentic-ai/","agentic ai",{"title":1832,"links":1833},"ソリューション",[1834,1837,1839,1844,1848,1851,1854,1857,1860,1862,1865,1870],{"text":1378,"config":1835},{"href":1373,"dataGaName":1836,"dataGaLocation":1716},"Application Security Testing",{"text":1365,"config":1838},{"href":1349,"dataGaName":1350,"dataGaLocation":1716},{"text":1840,"config":1841},"アジャイル開発",{"href":1842,"dataGaName":1843,"dataGaLocation":1716},"/ja-jp/solutions/agile-delivery/","agile delivery",{"text":1845,"config":1846},"SCM",{"href":1362,"dataGaName":1847,"dataGaLocation":1716},"source code management",{"text":1353,"config":1849},{"href":1355,"dataGaName":1850,"dataGaLocation":1716},"continuous integration & delivery",{"text":1404,"config":1852},{"href":1406,"dataGaName":1853,"dataGaLocation":1716},"value stream management",{"text":1797,"config":1855},{"href":1856,"dataGaName":1800,"dataGaLocation":1716},"/ja-jp/solutions/gitops/",{"text":1858,"config":1859},"エンタープライズ",{"href":1420,"dataGaName":1421,"dataGaLocation":1716},{"text":1423,"config":1861},{"href":1426,"dataGaName":1427,"dataGaLocation":1716},{"text":1863,"config":1864},"公共機関",{"href":1432,"dataGaName":1433,"dataGaLocation":1716},{"text":1866,"config":1867},"教育",{"href":1868,"dataGaName":1869,"dataGaLocation":1716},"/ja-jp/solutions/education/","education",{"text":1871,"config":1872},"金融サービス",{"href":1873,"dataGaName":1874,"dataGaLocation":1716},"/ja-jp/solutions/finance/","financial services",{"title":1876,"links":1877},"リソース",[1878,1880,1882,1884,1888,1890,1893,1895,1897,1899,1901,1903,1905],{"text":1453,"config":1879},{"href":1455,"dataGaName":1456,"dataGaLocation":1716},{"text":1458,"config":1881},{"href":1460,"dataGaName":1461,"dataGaLocation":1716},{"text":1463,"config":1883},{"href":1465,"dataGaName":1466,"dataGaLocation":1716},{"text":1468,"config":1885},{"href":1886,"dataGaName":1887,"dataGaLocation":1716},"https://docs.gitlab.com/ja-jp/","docs",{"text":1491,"config":1889},{"href":1493,"dataGaName":1494,"dataGaLocation":1716},{"text":1891,"config":1892},"新着情報",{"href":1541,"dataGaName":1542,"dataGaLocation":1716},{"text":1486,"config":1894},{"href":1488,"dataGaName":1489,"dataGaLocation":1716},{"text":1500,"config":1896},{"href":1502,"dataGaName":1503,"dataGaLocation":1716},{"text":1508,"config":1898},{"href":1510,"dataGaName":1511,"dataGaLocation":1716},{"text":1513,"config":1900},{"href":1515,"dataGaName":1516,"dataGaLocation":1716},{"text":1518,"config":1902},{"href":1520,"dataGaName":1521,"dataGaLocation":1716},{"text":1523,"config":1904},{"href":1525,"dataGaName":1526,"dataGaLocation":1716},{"text":1528,"config":1906},{"href":1530,"dataGaName":1531,"dataGaLocation":1716},{"title":1908,"links":1909},"会社情報",[1910,1912,1914,1916,1918,1920,1924,1929,1931,1933,1935],{"text":1552,"config":1911},{"href":1554,"dataGaName":1546,"dataGaLocation":1716},{"text":1557,"config":1913},{"href":1559,"dataGaName":1560,"dataGaLocation":1716},{"text":1565,"config":1915},{"href":1567,"dataGaName":1568,"dataGaLocation":1716},{"text":1570,"config":1917},{"href":1572,"dataGaName":1573,"dataGaLocation":1716},{"text":1575,"config":1919},{"href":1577,"dataGaName":1578,"dataGaLocation":1716},{"text":1921,"config":1922},"Sustainability",{"href":1923,"dataGaName":1921,"dataGaLocation":1716},"/sustainability/",{"text":1925,"config":1926},"ダイバーシティ、インクルージョン、ビロンギング（DIB）",{"href":1927,"dataGaName":1928,"dataGaLocation":1716},"/ja-jp/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":1580,"config":1930},{"href":1582,"dataGaName":1583,"dataGaLocation":1716},{"text":1590,"config":1932},{"href":1592,"dataGaName":1593,"dataGaLocation":1716},{"text":1595,"config":1934},{"href":1597,"dataGaName":1598,"dataGaLocation":1716},{"text":1936,"config":1937},"現代奴隷制の透明性に関する声明",{"href":1938,"dataGaName":1939,"dataGaLocation":1716},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":1941},[1942,1944,1947],{"text":1764,"config":1943},{"href":1766,"dataGaName":1767,"dataGaLocation":1716},{"text":1945,"config":1946},"Cookieの設定",{"dataGaName":1776,"dataGaLocation":1716,"id":1777,"isOneTrustButton":1269},{"text":1769,"config":1948},{"href":1771,"dataGaName":1772,"dataGaLocation":1716},[1950],{"id":1951,"title":7,"body":1265,"config":1952,"content":1954,"description":1265,"extension":1958,"meta":1959,"navigation":1269,"path":1960,"seo":1961,"stem":1962,"__hash__":1963},"blogAuthors/en-us/blog/authors/grant-hickman.yml",{"template":1953},"BlogAuthor",{"name":7,"config":1955},{"headshot":1956,"ctfId":1957},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749682570/Blog/Author%20Headshots/g.png","ghickman","yml",{},"/en-us/blog/authors/grant-hickman",{},"en-us/blog/authors/grant-hickman","3OY7ZjUzeOb_im7m1kimID61q_0OEhuzipAc3AHq2WM",[1965,1973,1980],{"title":1966,"description":1967,"heroImage":1968,"category":1261,"date":1969,"authors":1970,"slug":1972,"externalUrl":1265},"数分でコードベース全体のセキュリティスキャンを完全カバー","GitLab 19.0のセキュリティ設定プロファイルを活用すると、SAST・依存関係スキャン・シークレット検出を数千のプロジェクトに一括適用できます。YAMLファイルを編集せずにスキャナーカバレッジを迅速に確立し、セキュリティの抜け漏れをなくします。","https://res.cloudinary.com/about-gitlab-com/image/upload/v1779189265/iqzyhhiwagxzwywvjzow.png","2026-05-26",[1971],"Michael Omokoh","security-configuration-profiles",{"title":1974,"description":1975,"heroImage":1968,"category":1261,"date":1969,"authors":1976,"slug":1979,"externalUrl":1265},"SBOMベースの依存関係スキャンでサプライチェーンリスクを軽減","GitLab 19.0でSBOMベースの依存関係スキャンが一般提供開始。プロジェクト内の直接・推移的依存関係を網羅的に一覧化し、脆弱なパッケージがプロジェクトに混入した経路を追跡します。コードが実際に使用している脆弱性を優先的に特定・修正できます。",[1977,1978],"Mark Settle","Joel Patterson","sbom-based-dependency-scanning",{"title":1981,"description":1982,"heroImage":1968,"category":1261,"date":1983,"authors":1984,"slug":1986,"externalUrl":1265},"GitLab Secrets ManagerでCI/CD認証情報を管理","CI/CD変数への認証情報の保存をやめましょう。GitLab Secrets Managerでは、各シークレットを環境またはブランチにスコープし、コードと同じアクセス制御で管理できます。GitLab 19.0でパブリックベータ版を提供開始。","2026-05-21",[1985,1977],"Joe Randazzo","secrets-manager-in-public-beta",{"promotions":1988},[1989,2003,2015,2026],{"id":1990,"categories":1991,"header":1993,"text":1994,"button":1995,"image":2000},"ai-modernization",[1992],"ai","AIの真価、組織全体で発揮できていますか？","所要時間は5分以内です",{"text":1996,"config":1997},"AI成熟度スコアを確認する",{"href":1998,"dataGaName":1999,"dataGaLocation":1494},"/ja-jp/assessments/ai-modernization-assessment/","modernization assessment",{"config":2001},{"src":2002},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":2004,"categories":2005,"header":2007,"text":1994,"button":2008,"image":2012},"devops-modernization",[2006,1815],"product","単にツールを管理するだけでなく、イノベーションを提供していますか？",{"text":2009,"config":2010},"DevOps成熟度スコアを確認しましょう",{"href":2011,"dataGaName":1999,"dataGaLocation":1494},"/ja-jp/assessments/devops-modernization-assessment/",{"config":2013},{"src":2014},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":2016,"categories":2017,"header":2018,"text":1994,"button":2019,"image":2023},"security-modernization",[1261],"スピードのためにセキュリティを犠牲にしていませんか？",{"text":2020,"config":2021},"セキュリティ成熟度スコアを確認しましょう",{"href":2022,"dataGaName":1999,"dataGaLocation":1494},"/ja-jp/assessments/security-modernization-assessment/",{"config":2024},{"src":2025},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":2027,"paths":2028,"header":2031,"text":2032,"button":2033,"image":2038},"github-azure-migration",[2029,2030],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","チームはGitHubのAzure移行に対応できていますか？","GitHubはすでにAzureを基盤として再構築を進めています。それがあなたのチームにとって何を意味するのか、ご確認ください。",{"text":2034,"config":2035},"GitLabとGitHubの比較を見る",{"href":2036,"dataGaName":2037,"dataGaLocation":1494},"/ja-jp/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":2039},{"src":2014},{"header":2041,"blurb":2042,"button":2043,"secondaryButton":2047},"今すぐ開発をスピードアップ","DevSecOpsに特化したインテリジェントオーケストレーションプラットフォームで実現できることをご確認ください。\n",{"text":1288,"config":2044},{"href":2045,"dataGaName":1291,"dataGaLocation":2046},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/ja-jp/","feature",{"text":1600,"config":2048},{"href":1295,"dataGaName":1296,"dataGaLocation":2046},1781392698693]