Merge branch 'mc/documentation/remote-includes-security' into 'master'

Document concerns when including remote CI configs See merge request gitlab-org/gitlab!72789

Merge branch 'mc/documentation/remote-includes-security' into 'master'
Document concerns when including remote CI configs See merge request gitlab-org/gitlab!72789
b5a483a1 · Marcel Amirault · 7109a820 · a9917c4c · b5a483a1
Commit b5a483a1 authored Oct 22, 2021 by Marcel Amirault
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

doc/ci/yaml/index.md doc/ci/yaml/index.md +5 -0

No files found.
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -598,6 +598,11 @@ include:
 All [nested includes](#nested-includes) execute without context as a public user,
 so you can only `include` public projects or templates.

+NOTE:
+Be careful when including a remote CI/CD configuration file. No pipelines or notifications
+trigger when external CI/CD configuration files change. From a security perspective,
+this is similar to pulling a third party dependency.
+
 #### `include:template`

 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/53445) in GitLab 11.7.