Commit ac577f01 authored by Nick Gaskill's avatar Nick Gaskill

Merge branch 'ddesanto-update-docs-to-not-reference-airgapped' into 'master'

Remove air-gapped as name for offline mode

See merge request gitlab-org/gitlab!28345
parents 86590f1e 53a4244e
......@@ -209,13 +209,14 @@ If you want to whitelist specific vulnerabilities, you'll need to:
in the [whitelist example file](https://github.com/arminc/clair-scanner/blob/v12/example-whitelist.yaml).
1. Add the `clair-whitelist.yml` file to the Git repository of your project.
### Running Container Scanning in an offline, air-gapped installation
### Running Container Scanning in an offline environment deployment
Container Scanning can be executed on an offline air-gapped GitLab Ultimate installation using the following process:
Container Scanning can be executed on an offline GitLab Ultimate installation by using the following process:
1. Host the following Docker images on a [local Docker container registry](../../packages/container_registry/index.md):
- [arminc/clair-db vulnerabilities database](https://hub.docker.com/r/arminc/clair-db)
- GitLab klar analyzer: `registry.gitlab.com/gitlab-org/security-products/analyzers/klar`
1. [Override the container scanning template](#overriding-the-container-scanning-template) in your `.gitlab-ci.yml` file to refer to the Docker images hosted on your local Docker container registry:
```yaml
......
......@@ -442,9 +442,9 @@ dast:
The DAST job does not require the project's repository to be present when running, so by default
[`GIT_STRATEGY`](../../../ci/yaml/README.md#git-strategy) is set to `none`.
## Running DAST in an offline air-gapped installation
## Running DAST in an offline environment deployment
DAST can be executed on an offline air-gapped GitLab Ultimate installation using the following process:
DAST can be executed on an offline GitLab Ultimate installation by using the following process:
1. Host the DAST image `registry.gitlab.com/gitlab-org/security-products/dast:latest` in your local
Docker container registry.
......
......@@ -2,17 +2,26 @@
type: reference, howto
---
# Air-gapped (or offline) environment deployments
# Offline environment deployments
It is possible to run most of the GitLab security scanners when not
connected to the internet.
This document describes how to operate Secure scanners in an air-gapped or offline envionment. These instructions also apply to
self-managed installations that are secured, have security policies (e.g., firewall policies), or otherwise restricted from
accessing the full internet. These instructions are designed for physically disconnected networks,
but can also be followed in these other use cases.
This document describes how to operate Secure Categories (that is, scanner types) in an offline environment. These instructions also apply to
self-managed installations that are secured, have security policies (for example, firewall policies), or are otherwise restricted from
accessing the full internet. GitLab refers to these deployments as _offline environment deployments_.
Other common names include:
## Air-gapped (or offline) environments
- Air-gapped environments
- Limited connectivity environments
- Local area network (LAN) environments
- Intranet environments
These environments have physical barriers or security policies (for example, firewalls) that prevent
or limit internet access. These instructions are designed for physically disconnected networks, but
can also be followed in these other use cases.
## Offline environments
In this situation, the GitLab instance can be one or more servers and services that can communicate
on a local network, but with no or very restricted access to the internet. Assume anything within
......@@ -64,6 +73,6 @@ hosted within your network.
Each individual scanner may be slightly different than the steps described
above. You can find more info at each of the pages below:
- [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-air-gapped-installation)
- [SAST offline directions](../sast/index.md#gitlab-sast-in-an-offline-air-gapped-installation)
- [DAST offline directions](../dast/index.md#running-dast-in-an-offline-air-gapped-installation)
- [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-environment-deployment)
- [SAST offline directions](../sast/index.md#gitlab-sast-in-an-offline-environment-deployment)
- [DAST offline directions](../dast/index.md#running-dast-in-an-offline-environment-deployment)
......@@ -491,7 +491,7 @@ Once a vulnerability is found, you can interact with it. Read more on how to
For more information about the vulnerabilities database update, check the
[maintenance table](../index.md#maintenance-and-update-of-the-vulnerabilities-database).
## GitLab SAST in an offline air-gapped installation
## GitLab SAST in an offline environment deployment
For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
to external resources via the internet, some adjustments are required for the SAST job to
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment