DOS6034

Project should not be a pull mirror

DOS6034

GitLab project Severitymedium builtIn

Description

Projects should have mirror = false unless intentionally configured as a downstream mirror of an upstream repository. Mirrored projects fetch from an external source on a schedule; if the mirror is misconfigured it can leak credentials or pull in unauthorised changes. Use exemptions for legitimate mirrors.

Learn More

Recommendation

1. Go to project Settings > Repository > Mirroring repositories. 
2. Remove unintended mirror configurations. 
3. If the mirror is legitimate, create a PolicyExemption with reason explaining the upstream source.

Policy Rule

{
  "target": "GLProject",
  "if": {
    "allOf": [
      {
        "resource": "GLProject",
        "property": "Mirror",
        "operator": "equals",
        "value": false
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS6033 DOS6035 »
Rule Details
  • Rule ID: DOS6034
  • Code: GL_Project_Mirror_Should_Be_Disabled
  • Platform: GitLab
  • Category: project
  • Severity: Severitymedium
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2