Add note for offline package managers

81d5bd38 · Russell Dickenson · Nick Gaskill · 8466ccb9 · 81d5bd38
Commit 81d5bd38 authored Aug 04, 2020 by Russell Dickenson Committed by Nick Gaskill Aug 04, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

doc/user/application_security/sast/index.md doc/user/application_security/sast/index.md +8 -0

No files found.
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -507,6 +507,7 @@ To use SAST in an offline environment, you need:
 - To keep Docker-In-Docker disabled (default).
 - A GitLab Runner with the [`docker` or `kubernetes` executor](#requirements).
 - A Docker Container Registry with locally available copies of SAST [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images.
+- Configure certificate checking of packages (optional).

 NOTE: **Note:**
 GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy),
@@ -563,6 +564,13 @@ variables:
 The SAST job should now use local copies of the SAST analyzers to scan your code and generate
 security reports without requiring internet access.

+### Configure certificate checking of packages
+
+If a SAST job invokes a package manager, you must configure its certificate verification. In an
+offline environment, certificate verification with an external source isn't possible. Either use a
+self-signed certificate or disable certificate verification. Refer to the package manager's
+documentation for instructions.
+
 ## Troubleshooting

 ### `Error response from daemon: error processing tar file: docker-tar: relocation error`