Make the security/license scans available for "offline" GitLab installations
Problem to solve
Currently the security/license features are not available for "offline" GitLab installations
Further details
Some customers have to GitLab in a closed network due to security requirement. Such instances do not have internet access at all. They are still interested to run the GitLab security features to scan and report any vulnerabilities in the source code but they could not use the current GitLab offerings due to being unable to connect regsitry.gitlab.com or other services on gitlab.
There are a few blockers to remove before this approach could be effective:
- access to external Docker images, available on Docker Hub
- access to external Docker images, available on GitLab.com Container Registry
- access to Gemnasium services, hosted by GitLab
- keep vulnerability databases up to date
Proposal
Package everything in a separate ball and install on top of current GitLab installation?
What does success look like, and how can we measure that?
Customer who runs GitLab in closed network can use security features.
Links / references
N/A
Edited by Fabio Busatto