Commit e4c7ab4f authored by Evan Read's avatar Evan Read

Merge branch 'patch-39' into 'master'

Update index.md

See merge request gitlab-org/gitlab!18630
parents 38a30ba4 66ae655b
...@@ -151,13 +151,13 @@ parent project. This means you cannot completely trust the pipeline result, ...@@ -151,13 +151,13 @@ parent project. This means you cannot completely trust the pipeline result,
because, technically, external contributors can disguise their pipeline results because, technically, external contributors can disguise their pipeline results
by tweaking their GitLab Runner in the forked project. by tweaking their GitLab Runner in the forked project.
There are multiple reasons about why GitLab doesn't allow those pipelines to be There are multiple reasons why GitLab doesn't allow those pipelines to be
created in the parent project, but one of the biggest reasons is security concern. created in the parent project, but one of the biggest reasons is security concern.
External users could steal secret variables from the parent project by modifying External users could steal secret variables from the parent project by modifying
`.gitlab-ci.yml`, which could be some sort of credentials. This should not happen. `.gitlab-ci.yml`, which could be some sort of credentials. This should not happen.
We're discussing a secure solution of running pipelines for merge requests We're discussing a secure solution of running pipelines for merge requests
that submitted from forked projects, that are submitted from forked projects,
see [the issue about the permission extension](https://gitlab.com/gitlab-org/gitlab-foss/issues/23902). see [the issue about the permission extension](https://gitlab.com/gitlab-org/gitlab-foss/issues/23902).
## Additional predefined variables ## Additional predefined variables
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment