update gitlab-bot-security documentation with focus on gitlab's ci_job_token's new abilities #34320
Replies: 2 comments
-
|
Hi there, You are seeing this message because someone - maybe you - has suggested that the documentation should be improved. The good news is that essentially all Renovate documentation is Open Source in this repository and can be improved by you too! If you have a suggestion for improvement, please consider opening a PR to improve the documentation, instead of just complaining about it (however subtlely or politely you intended it). Even if English isn't your first language or you're not sure what to write, take a shot at it and we will guide you during the PR review. Documentation updates can be done easily in your browser on GitHub.com and do not require you to clone any code. Thanks, the Renovate |
Beta Was this translation helpful? Give feedback.
-
|
There is another discussion which might be connected to my request here |
Beta Was this translation helpful? Give feedback.
-
Tell us more.
Hi Guys,
it seems like the documentation here is quite outdated since PAT and GAT is no more a new invention. Tbh version 8 is like a century ago :)
Furthermore with gitlab 17.2 CI_JOB_TOKEN is updated to be able to push into repositories (see here). Of course this needs to be enabled per project AND the scope 'api' seems not to be available but as of now it is available.
So my request would be to review renovate's documentation and update it accordingly - especially with the focus not to use any personal, project or group access tokens where the values can be leaked/exposed and need periodical rotation
Beta Was this translation helpful? Give feedback.
All reactions