summaryrefslogtreecommitdiff
path: root/doc/user/application_security/offline_deployments/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/application_security/offline_deployments/index.md')
-rw-r--r--doc/user/application_security/offline_deployments/index.md28
1 files changed, 26 insertions, 2 deletions
diff --git a/doc/user/application_security/offline_deployments/index.md b/doc/user/application_security/offline_deployments/index.md
index 3a7c0148388..35582aa20ed 100644
--- a/doc/user/application_security/offline_deployments/index.md
+++ b/doc/user/application_security/offline_deployments/index.md
@@ -66,8 +66,7 @@ external links exposed in the UI. These links might not be accessible within an
### Automatic remediation for vulnerabilities
-The [automatic remediation for vulnerabilities](../index.md#solutions-for-vulnerabilities-auto-remediation) feature
-(auto-remediation) is available for offline Dependency Scanning and Container Scanning, but may not work
+The [automatic remediation for vulnerabilities](../index.md#automatic-remediation-for-vulnerabilities) feature is available for offline Dependency Scanning and Container Scanning, but may not work
depending on your instance's configuration. We can only suggest solutions, which are generally more
current versions that have been patched, when we are able to access up-to-date registry services
hosting the latest versions of that dependency or image.
@@ -214,3 +213,28 @@ do
ssh $GITLAB_HOST "sudo docker push ${registry}/analyzers/${i}:2"
done
```
+
+### Using GitLab Secure with AutoDevOps in an offline environment
+
+You can use GitLab AutoDevOps for Secure scans in an offline environment. However, you must first do
+these steps:
+
+1. Load the container images into the local registry. GitLab Secure leverages analyzer container
+ images to do the various scans. These images must be available as part of running AutoDevOps.
+ Before running AutoDevOps, follow the [above steps](#using-the-official-gitlab-template)
+ to load those container images into the local container registry.
+
+1. Set the pipeline variable to ensure that AutoDevOps looks in the right place for those images.
+ The AutoDevOps templates leverage the `SECURE_ANALYZERS_PREFIX` variable to identify the location
+ of analyzer images. This variable is discussed above in [Using the secure bundle created](#using-the-secure-bundle-created).
+ Ensure that you set this variable to the correct value for where you loaded the analyzer images.
+ You could consider doing this with a pipeline variable or by [modifying](../../../topics/autodevops/customize.md#customizing-gitlab-ciyml)
+ the `.gitlab-ci.yml` file directly.
+
+Once these steps are complete, GitLab has local copies of the Secure analyzers and is set up to use
+them instead of an Internet-hosted container image. This allows you to run Secure in AutoDevOps in
+an offline environment.
+
+Note that these steps are specific to GitLab Secure with AutoDevOps. Using other stages with
+AutoDevOps may require other steps covered in the
+[Auto DevOps documentation](../../../topics/autodevops/).
View Lorry Controller Status