Merge branch 'mc/doc/document-codeclimate-security-best-practice-docs' into 'master'

Document Code Quality potential security flaw Closes #37980 See merge request gitlab-org/gitlab-ce!31197
author: Evan Read <eread@gitlab.com> 2019-07-29 23:57:57 +0000
committer: Evan Read <eread@gitlab.com> 2019-07-29 23:57:57 +0000
commit: 92d112a52978736df7a4c63ca9dc953e565f3aa0 (patch)
tree: 164c2cfd7e8d96277ed97be29f901e38b01043e6 /doc/ci
parent: bef4a0bbb43be595708ca901c2b76a08999d0ff7 (diff)
parent: defe2eaa80ae1635747acaa875579267bc43a316 (diff)
download: gitlab-ce-92d112a52978736df7a4c63ca9dc953e565f3aa0.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/ci/examples/code_quality.md b/doc/ci/examples/code_quality.md
index 43f773dab7c..e63470ec9d9 100644
--- a/doc/ci/examples/code_quality.md
+++ b/doc/ci/examples/code_quality.md
@@ -34,6 +34,12 @@ For [GitLab Starter][ee] users, this information will be automatically
 extracted and shown right in the merge request widget.
 [Learn more on Code Quality in merge requests](../../user/project/merge_requests/code_quality.md).
 
+CAUTION: **Caution:**
+On self-managed instances, if a malicious actor compromises the Code Quality job
+definition they will be able to execute privileged docker commands on the Runner
+host. Having proper access control policies mitigates this attack vector by
+allowing access only to trusted actors.
+
 ## Previous job definitions
 
 CAUTION: **Caution:**
author	Evan Read <eread@gitlab.com>	2019-07-29 23:57:57 +0000
committer	Evan Read <eread@gitlab.com>	2019-07-29 23:57:57 +0000
commit	92d112a52978736df7a4c63ca9dc953e565f3aa0 (patch)
tree	164c2cfd7e8d96277ed97be29f901e38b01043e6 /doc/ci
parent	bef4a0bbb43be595708ca901c2b76a08999d0ff7 (diff)
parent	defe2eaa80ae1635747acaa875579267bc43a316 (diff)
download	gitlab-ce-92d112a52978736df7a4c63ca9dc953e565f3aa0.tar.gz