Gerrit is a source-control gatekeeper. If its auth, permissions, or submit rules are weak, an attacker can land unauthorized changes directly into protected branches.
¶ 1) Lock identity and authentication paths
Gerrit supports several auth backends and should be tied to centralized identity.
Required controls:
- use OIDC, LDAP, or another centralized IdP instead of ad hoc local accounts
- enforce MFA at the IdP for project owners and Gerrit administrators
- keep
Administrators group minimal and audit membership regularly
¶ 2) Enforce submit and branch protection rules
Security in Gerrit is policy-as-code through label and submit requirements.
Hardening baseline:
- require
Code-Review and CI Verified votes before submit
- block direct pushes to protected branches for non-automation identities
- enforce signed push or signed commit policy for sensitive repositories
¶ 3) Secure transport and SSH/API surface
Gerrit typically exposes SSH for Git operations and HTTP(S) for UI/API.
Network controls:
- enforce HTTPS for web/API and disable plaintext HTTP externally
- restrict SSH access to trusted networks or VPN where possible
- rotate SSH host keys and replication keys through a documented schedule
¶ 4) Protect site data, indexes, and credentials
Gerrit site paths contain repos, config, and operational state.
Data controls:
- run Gerrit under a dedicated unprivileged service account
- restrict file permissions on
$site_path/etc and replication credentials
- back up DB plus site data (
etc, git, indexes where required) together
¶ 5) Upgrade and incident response discipline
Because Gerrit sits in the merge path, outages and compromises are high-impact.
Operational policy:
- follow Gerrit release/security notices and patch on staged cadence
- test restore and reindex workflows before production incidents
- maintain emergency procedure to revoke compromised accounts and API keys
- Gerrit documentation: https://gerrit-review.googlesource.com/Documentation/
- Gerrit project site: https://www.gerritcodereview.com/
- Gerrit source repository: https://gerrit-review.googlesource.com/
Any questions?
Feel free to contact us. Find all contact information on our contact page.