Merge branch 'mc/doc/document-codeclimate-security-best-practice-docs' into 'master'

Document Code Quality potential security flaw Closes #37980 See merge request gitlab-org/gitlab-ce!31197

Merge branch 'mc/doc/document-codeclimate-security-best-practice-docs' into 'master'
Document Code Quality potential security flaw Closes #37980 See merge request gitlab-org/gitlab-ce!31197
92d112a5 · Evan Read · bef4a0bb · defe2eaa · 92d112a5
Commit 92d112a5 authored Jul 29, 2019 by Evan Read
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

doc/ci/examples/code_quality.md doc/ci/examples/code_quality.md +6 -0

No files found.
--- a/doc/ci/examples/code_quality.md
+++ b/doc/ci/examples/code_quality.md
@@ -34,6 +34,12 @@ For [GitLab Starter][ee] users, this information will be automatically
 extracted and shown right in the merge request widget.
 [Learn more on Code Quality in merge requests](../../user/project/merge_requests/code_quality.md).

+CAUTION: **Caution:**
+On self-managed instances, if a malicious actor compromises the Code Quality job
+definition they will be able to execute privileged docker commands on the Runner
+host. Having proper access control policies mitigates this attack vector by
+allowing access only to trusted actors.
+
 ## Previous job definitions

 CAUTION: **Caution:**