Add GitLab doc for cnspec (#35)

* Add GitHub doc for cnspec * Sidebar and copy pasta * Add cnspec docs on GitLab scanning and querying
mondoohq · Mar 11, 2024 · b2b5d74 · b2b5d74
1 parent 159dece
commit b2b5d74
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 4 deletions.
diff --git a/docs/cnspec/saas/github.md b/docs/cnspec/saas/github.md
@@ -25,7 +25,7 @@ To scan GitHub organizations and repos, cnspec needs access. You give cnspec the
 
 cnspec needs a personal access token to scan a GitHub organization, public repo, or private repo. The token's level of access determines how much information cnspec can retrieve.
 
-To learn how to create a personal access token, read [Creating a personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) in the GitHub documentation.
+To learn how to create a personal access token, read [Managing your personal access tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) in the GitHub documentation.
 
 ### Configure a GITHUB_TOKEN environment variable
 

diff --git a/docs/cnspec/saas/gitlab.md b/docs/cnspec/saas/gitlab.md
@@ -0,0 +1,76 @@
+---
+title: Assess the configuration of GitLab organizations and repositories with cnspec
+sidebar_label: GitLab
+sidebar_position: 3
+displayed_sidebar: cnspec
+description: Secure and enforce policy for GitLab
+image: /img/featured_img/mondoo-feature.jpg
+---
+
+Rely on cnspec to ensure your GitLab groups and projects follow recommended security and operational best practices.
+
+## Give cnspec access using a GitLab personal access token
+
+To scan GitLab groups and projects, cnspec needs access. You give cnspec the access it needs through the GitLab API. First, you create GitLab personal access token. Then you provide that token with cnspec commands. The token's level of access determines how much information cnspec can retrieve.
+
+To learn how to create a personal access token, read [Personal access tokens](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) in the GitLab documentation.
+
+## Scan GitLab groups and projects
+
+To scan the configuration of a GitLab group, run this command:
+
+```bash
+cnspec scan gitlab --group <GROUP_NAME> --token <YOUR_TOKEN>
+```
+
+To scan all the groups you have access to, run this command:
+
+```bash
+cnspec scan gitlab --discover projects --token <YOUR_TOKEN>
+```
+
+To scan a project, run this command:
+
+```bash
+cnspec scan gitlab --group <GROUP_NAME> --project <PROJECT_NAME> --token <YOUR_TOKEN>
+```
+
+To scan all projects in a group, run this command:
+
+```bash
+cnspec scan gitlab --group <GROUP_NAME> --discover projects --token <YOUR_TOKEN>
+```
+
+To scan all Terraform files in all the projects discovered in all the groups you have access to, run this command:
+
+```bash
+cnspec scan gitlab --discover terraform --token <YOUR_TOKEN>
+```
+
+## Example checks
+
+Run `cnspec shell --token <YOUR_TOKEN>` to open the cnspec interactive shell. From there you can make checks like the examples below.
+
+Ensure group email notifications are disabled for a GitLab group:
+
+```coffee
+cnspec> gitlab.group.emailsDisabled
+[failed] gitlab.group.emailsDisabled
+  expected: == true
+  actual:   false
+```
+
+Ensure the GitLab group is private:
+
+```coffee
+cnspec> gitlab.group.visibility=="private"
+[ok] value: "private"
+```
+
+## Learn more
+
+- To learn about all the GitLab resources and properties, read the [Mondoo GitLab Resource Pack Reference](/mql/resources/gitlab-pack/).
+
+- To learn how to write checks, read [Write Effective MQL](/mql/mql.write).
+
+---
diff --git a/docs/cnspec/saas/google_workspace.md b/docs/cnspec/saas/google_workspace.md
@@ -1,7 +1,7 @@
 ---
 title: Assess Google Workspace Security with cnspec
 sidebar_label: Google Workspace
-sidebar_position: 3
+sidebar_position: 4
 displayed_sidebar: cnspec
 description: Set up cnspec to perform security scans of Google Workspace
 ---

diff --git a/docs/cnspec/saas/ms365.md b/docs/cnspec/saas/ms365.md
@@ -2,7 +2,7 @@
 title: Assess Microsoft 365 Security with cnspec
 sidebar_label: Microsoft 365
 displayed_sidebar: cnspec
-sidebar_position: 4
+sidebar_position: 5
 description: Use cnspec to assess Microsoft 365 for security misconfigurations
 image: /img/featured_img/mondoo-365.jpg
 ---

diff --git a/docs/cnspec/saas/slack.md b/docs/cnspec/saas/slack.md
@@ -1,7 +1,7 @@
 ---
 title: Asses Slack Security with cnspec
 sidebar_label: Slack
-sidebar_position: 6
+sidebar_position: 7
 displayed_sidebar: cnspec
 description: Secure and enforce policy for your Slack workspaces
 image: /img/featured_img/mondoo-feature.jpg