1 files changed, 10 insertions, 2 deletions

diff --git a/doc/user/project/integrations/harbor.md b/doc/user/project/integrations/harbor.md
index da35f0dc226..535703ff59e 100644
--- a/doc/user/project/integrations/harbor.md
+++ b/doc/user/project/integrations/harbor.md
@@ -25,7 +25,7 @@ In the Harbor instance, ensure that:
 
 GitLab supports integrating Harbor projects at the group or project level. Complete these steps in GitLab:
 
-1. On the top bar, select **Menu > Projects** and find your project.
+1. On the top bar, select **Main menu > Projects** and find your project.
 1. On the left sidebar, select **Settings > Integrations**.
 1. Select **Harbor**.
 1. Turn on the **Active** toggle under **Enable Integration**.
@@ -42,7 +42,9 @@ After the Harbor integration is activated:
 - The global variables `$HARBOR_USERNAME`, `$HARBOR_HOST`, `$HARBOR_OCI`, `$HARBOR_PASSWORD`, `$HARBOR_URL`, and `$HARBOR_PROJECT` are created for CI/CD use.
 - The project-level integration settings override the group-level integration settings.
 
-## Secure your requests to the Harbor APIs
+## Security considerations
+
+### Secure your requests to the Harbor APIs
 
 For each API request through the Harbor integration, the credentials for your connection to the Harbor API use
 the `username:password` combination. The following are suggestions for safe use:
@@ -51,6 +53,12 @@ the `username:password` combination. The following are suggestions for safe use:
 - Follow the principle of least privilege (for access on Harbor) with your credentials.
 - Have a rotation policy on your credentials.
 
+### CI/CD variable security
+
+Malicious code pushed to your `.gitlab-ci.yml` file could compromise your variables, including
+`$HARBOR_PASSWORD`, and send them to a third-party server. For more details, see
+[CI/CD variable security](../../../ci/variables/index.md#cicd-variable-security).
+
 ## Examples of Harbor variables in CI/CD
 
 ### Push a Docker image with kaniko