Commit 92d112a5 authored by Evan Read's avatar Evan Read

Merge branch 'mc/doc/document-codeclimate-security-best-practice-docs' into 'master'

Document Code Quality potential security flaw

Closes #37980

See merge request gitlab-org/gitlab-ce!31197
parents bef4a0bb defe2eaa
...@@ -34,6 +34,12 @@ For [GitLab Starter][ee] users, this information will be automatically ...@@ -34,6 +34,12 @@ For [GitLab Starter][ee] users, this information will be automatically
extracted and shown right in the merge request widget. extracted and shown right in the merge request widget.
[Learn more on Code Quality in merge requests](../../user/project/merge_requests/code_quality.md). [Learn more on Code Quality in merge requests](../../user/project/merge_requests/code_quality.md).
CAUTION: **Caution:**
On self-managed instances, if a malicious actor compromises the Code Quality job
definition they will be able to execute privileged docker commands on the Runner
host. Having proper access control policies mitigates this attack vector by
allowing access only to trusted actors.
## Previous job definitions ## Previous job definitions
CAUTION: **Caution:** CAUTION: **Caution:**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment