Add a global Offline variable for Security Products
Problem to solve
We have multiple variables to ensure our analyzers can work in Offline environments (ex: BUNDLER_AUDIT_UPDATE_DISABLED
for Dependency Scanning), it gets tedious to understand what needs to be configured exactly to have our Security Products running in Offline environments.
As a Developer, I want minimal efforts like using a single variable, so I can use GitLab in my offline environment.
Intended users
Further details
https://docs.gitlab.com/ee/topics/airgap details how to get started, but it seems to be only the tip of the iceberg to have something up-and-running in this situation. Users have to figure out many variables for the various analyzers they might use.
Proposal
Ideally, we should disable all remote connections by default, so users don't have to configure our analyzers for Offline mode.
If we can't do this, then we should at least introduce a global var like SECURE_ANALYZERS_OFFLINE
, which should configure all the analyzers accordingly at once. We'll need to identify first all the parameters we have to set (like BUNDLER_AUDIT_UPDATE_DISABLED
).
Permissions and Security
N/A
Documentation
Update https://docs.gitlab.com/ee/topics/airgap
Availability & Testing
E2E test with this var, making sure we're not hitting anything outside of the local network.
What does success look like, and how can we measure that?
- Number of instances using this parameter (yet, hard to monitor)
What is the type of buyer?
Is this a cross-stage feature?
No