renovate/renovate
1
0
Fork 0
mirror of https://github.com/renovatebot/renovate.git synced 2025-01-12 15:06:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

docs: Add update to gitlab-bot-security page (#15650)

Browse source
This commit is contained in:
Manuel 2022-05-19 15:07:06 +01:00 committed by GitHub
parent 768e178419
commit 4e0cb04800
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/usage/gitlab-bot-security.md
View file

@ -80,9 +80,14 @@ Bot services are better if they are provisioned with a "bot identity" so that us
Until the hosted app can be reactivated, we recommend users migrate to use self-hosted pipelines to run Renovate.
Please see the [renovate-bot/renovate-runner README on GitLab](https://gitlab.com/renovate-bot/renovate-runner/-/blob/HEAD/README.md) for instructions on how to set this up as easily as possible.
## Status of the Renovate app for GitLab
We're trying to find a workable design for the GitLab app, so we can enable it safely again.
If you have any ideas, open a [discussion](https://github.com/renovatebot/renovate/discussions) and let us know!
GitLab introduced Group Access Tokens & API for paid & self-hosted instances, but a good permission setup/flow is still not possible.
Check out [GitLab issue #346298](https://gitlab.com/gitlab-org/gitlab/-/issues/346298).
## Acknowledgments
Thank you to Nejc Habjan for bringing this security challenge to our attention, and also to his colleagues at Siemens for their help researching the risks.