Air-gapped vulnerability analysis and license management for on-prem instances
&1359 (closed)]
[Moved toDescription
GitLab integrates a lot of security scans that aim to find vulnerabilities on your software. These scans are performed during the CI/CD pipeline, and they are requiring the runner to be able to reach the internet for a few reasons:
- access to external Docker images, available on Docker Hub
- access to external Docker images, available on GitLab.com Container Registry
- access to Gemnasium services, hosted by GitLab
- keep vulnerability databases up to date
This works very well on GitLab.com, but not on on-prem installations that don't have access to the internet, or where the access is really limited to a specific set of hosts. In this case the security checks cannot be done.
This applies also to GitLab license management feature.
See also https://gitlab.com/gitlab-org/gitlab-ee/issues/6603.
Proposal
Allow mirroring or downloading of all the needed information for an offline use. Data will be replicated and kept in sync on a separate server, internal to the same network where the runners are, and will provide all the information needed.