Skip to content

Vercel Configuration Guide

DevOps AccountsOrganization Security

Authored by:

Auditware
Auditware
Auditware

This checklist is adapted from Auditware's W3OSC standards.

Team Settings

  • Team Settings >
    • Members >
      • Team Members > Review and remove any unnecessary or unrecognized
      • Pending Invitations > Review and remove any unnecessary or unrecognized
    • Access Groups > Review and remove any unnecessary or unrecognized
    • Webhooks > Review and remove any unnecessary or unrecognized
    • Security & Privacy >
      • Protected Git Scopes > Ensure Git scope is configured
      • Environment Variable Policies > Enforce Sensitive Environment Variables > Enabled
      • SAML Single Sign-On > Disabled
      • Two-Factor Authentication Enforcement > Enabled
      • IP Address Visibility >
        • IP addresses in Vercel Dashboard > Enabled
        • IP addresses in Log Drains > Enabled
    • Deployment Protection >
      • Projects > Ensure all are protected
      • Access > Review and remove any unnecessary or unrecognized
    • Environment Variables > Review and ensure all secrets are marked as Sensitive

Project Settings

  • Project Settings > Security >
    • Build Logs and Source Protection > Enabled
    • Git Fork Protection > Enabled
    • Secure Backend Access With OIDC Federation > Team

Help us improve!

Spotted an error or have ideas to enhance this content?

Your contributions are valuable to us. Learn more

✏️ Contribute today!