renovate/renovate
1
0
Fork 0
mirror of https://github.com/renovatebot/renovate.git synced 2025-01-12 15:06:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

docs: Add update to gitlab-bot-security page (#15650)

Browse source
This commit is contained in:
Manuel 2022-05-19 15:07:06 +01:00 committed by GitHub
parent 768e178419
commit 4e0cb04800
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/usage/gitlab-bot-security.md
View file

@ -80,9 +80,14 @@ Bot services are better if they are provisioned with a "bot identity" so that us
Until the hosted app can be reactivated, we recommend users migrate to use self-hosted pipelines to run Renovate. Until the hosted app can be reactivated, we recommend users migrate to use self-hosted pipelines to run Renovate.
Please see the [renovate-bot/renovate-runner README on GitLab](https://gitlab.com/renovate-bot/renovate-runner/-/blob/HEAD/README.md) for instructions on how to set this up as easily as possible. Please see the [renovate-bot/renovate-runner README on GitLab](https://gitlab.com/renovate-bot/renovate-runner/-/blob/HEAD/README.md) for instructions on how to set this up as easily as possible.
## Status of the Renovate app for GitLab
We're trying to find a workable design for the GitLab app, so we can enable it safely again. We're trying to find a workable design for the GitLab app, so we can enable it safely again.
If you have any ideas, open a [discussion](https://github.com/renovatebot/renovate/discussions) and let us know! If you have any ideas, open a [discussion](https://github.com/renovatebot/renovate/discussions) and let us know!
GitLab introduced Group Access Tokens & API for paid & self-hosted instances, but a good permission setup/flow is still not possible.
Check out [GitLab issue #346298](https://gitlab.com/gitlab-org/gitlab/-/issues/346298).
## Acknowledgments ## Acknowledgments
Thank you to Nejc Habjan for bringing this security challenge to our attention, and also to his colleagues at Siemens for their help researching the risks. Thank you to Nejc Habjan for bringing this security challenge to our attention, and also to his colleagues at Siemens for their help researching the risks.