summaryrefslogtreecommitdiff
path: root/doc/ci
diff options
context:
space:
mode:
authorMatija Čupić <matteeyah@gmail.com>2019-07-26 19:54:00 +0200
committerMatija Čupić <matteeyah@gmail.com>2019-07-29 12:19:53 +0200
commitdefe2eaa80ae1635747acaa875579267bc43a316 (patch)
tree4a73b0f0ae6c9f8c5a598065f4f3492180a0a27f /doc/ci
parent51a54cfc76de1c482e246619f0ae75d1ee419a72 (diff)
downloadgitlab-ce-defe2eaa80ae1635747acaa875579267bc43a316.tar.gz
Document Code Quality potential security flawmc/doc/document-codeclimate-security-best-practice-docs
Diffstat (limited to 'doc/ci')
-rw-r--r--doc/ci/examples/code_quality.md6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/ci/examples/code_quality.md b/doc/ci/examples/code_quality.md
index 43f773dab7c..e63470ec9d9 100644
--- a/doc/ci/examples/code_quality.md
+++ b/doc/ci/examples/code_quality.md
@@ -34,6 +34,12 @@ For [GitLab Starter][ee] users, this information will be automatically
extracted and shown right in the merge request widget.
[Learn more on Code Quality in merge requests](../../user/project/merge_requests/code_quality.md).
+CAUTION: **Caution:**
+On self-managed instances, if a malicious actor compromises the Code Quality job
+definition they will be able to execute privileged docker commands on the Runner
+host. Having proper access control policies mitigates this attack vector by
+allowing access only to trusted actors.
+
## Previous job definitions
CAUTION: **Caution:**