Make clear in Secure (top level) what categories are available for limited or no connectivity instances and where to get more details / documents
Problem to solve
Some users need to run instances in intermittent, limited, or no connectivity (air-gapped) environments.
Should there be a higher than each scanner specific level area to cross link and summarize what we mean by air-gap?
We should make clear in each of these instances what Secure features will work and which will not work. In addition we should be very clear on how users can get the possible features to work (technical requirements, technical recommendations, settings, setup, etc.)
Intended users
- Maintainer / Sidney (Systems Administrator)
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/
Further details
Proposal
Terms which might be used:
- Limited connectivity
- Restricted connectivity
- Intermittent connectivity
- Offline instance
- Air-gapped or air gapped instance
In many of the cases above we would like to let you know how you can use secure scans in the cases above where users have restricted internet access (due to firewall configuration, limited bandwidth, or other situations).
Define technical recommendations and Requirements:
- You will need to have a less or unrestricted internet connection in order to download patches / updates. These go beyond just getting the lastest version of GitLab but include getting the latest docker images which contain our security scanners. This might be occasionally enabling internet connections (issues / concerns with certificates), or bringing the files to the instance (via file share or physical media. warning: these files can be very large (double digit GB).).
- Security scans require runners, we don't recommend runners are on the same system as the repo so you will need at least 2 systems connected on a local network.
Permissions and Security
Not applicable
Documentation
Where specifically should we put this?
Testing
Can we actually test this? How? We are going to need help.
What does success look like, and how can we measure that?
A user with limited or no connectivity will know what their options are in regards to Secure features, and how to get them if they can meet the technical requirements within their environments policies.
What is the type of buyer?
Some users don't have consistent high bandwidth connectivity.