From b2b5d7445c4fc9dba012087fbb85bcdeb337e252 Mon Sep 17 00:00:00 2001 From: Letha Date: Mon, 11 Mar 2024 13:38:00 -0700 Subject: [PATCH] Add GitLab doc for cnspec (#35) * Add GitHub doc for cnspec * Sidebar and copy pasta * Add cnspec docs on GitLab scanning and querying --- docs/cnspec/saas/github.md | 2 +- docs/cnspec/saas/gitlab.md | 76 ++++++++++++++++++++++++++++ docs/cnspec/saas/google_workspace.md | 2 +- docs/cnspec/saas/ms365.md | 2 +- docs/cnspec/saas/slack.md | 2 +- 5 files changed, 80 insertions(+), 4 deletions(-) create mode 100644 docs/cnspec/saas/gitlab.md diff --git a/docs/cnspec/saas/github.md b/docs/cnspec/saas/github.md index ce2dbb83..bb9f676a 100644 --- a/docs/cnspec/saas/github.md +++ b/docs/cnspec/saas/github.md @@ -25,7 +25,7 @@ To scan GitHub organizations and repos, cnspec needs access. You give cnspec the cnspec needs a personal access token to scan a GitHub organization, public repo, or private repo. The token's level of access determines how much information cnspec can retrieve. -To learn how to create a personal access token, read [Creating a personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) in the GitHub documentation. +To learn how to create a personal access token, read [Managing your personal access tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) in the GitHub documentation. ### Configure a GITHUB_TOKEN environment variable diff --git a/docs/cnspec/saas/gitlab.md b/docs/cnspec/saas/gitlab.md new file mode 100644 index 00000000..e1afd06e --- /dev/null +++ b/docs/cnspec/saas/gitlab.md @@ -0,0 +1,76 @@ +--- +title: Assess the configuration of GitLab organizations and repositories with cnspec +sidebar_label: GitLab +sidebar_position: 3 +displayed_sidebar: cnspec +description: Secure and enforce policy for GitLab +image: /img/featured_img/mondoo-feature.jpg +--- + +Rely on cnspec to ensure your GitLab groups and projects follow recommended security and operational best practices. + +## Give cnspec access using a GitLab personal access token + +To scan GitLab groups and projects, cnspec needs access. You give cnspec the access it needs through the GitLab API. First, you create GitLab personal access token. Then you provide that token with cnspec commands. The token's level of access determines how much information cnspec can retrieve. + +To learn how to create a personal access token, read [Personal access tokens](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) in the GitLab documentation. + +## Scan GitLab groups and projects + +To scan the configuration of a GitLab group, run this command: + +```bash +cnspec scan gitlab --group --token +``` + +To scan all the groups you have access to, run this command: + +```bash +cnspec scan gitlab --discover projects --token +``` + +To scan a project, run this command: + +```bash +cnspec scan gitlab --group --project --token +``` + +To scan all projects in a group, run this command: + +```bash +cnspec scan gitlab --group --discover projects --token +``` + +To scan all Terraform files in all the projects discovered in all the groups you have access to, run this command: + +```bash +cnspec scan gitlab --discover terraform --token +``` + +## Example checks + +Run `cnspec shell --token ` to open the cnspec interactive shell. From there you can make checks like the examples below. + +Ensure group email notifications are disabled for a GitLab group: + +```coffee +cnspec> gitlab.group.emailsDisabled +[failed] gitlab.group.emailsDisabled + expected: == true + actual: false +``` + +Ensure the GitLab group is private: + +```coffee +cnspec> gitlab.group.visibility=="private" +[ok] value: "private" +``` + +## Learn more + +- To learn about all the GitLab resources and properties, read the [Mondoo GitLab Resource Pack Reference](/mql/resources/gitlab-pack/). + +- To learn how to write checks, read [Write Effective MQL](/mql/mql.write). + +--- diff --git a/docs/cnspec/saas/google_workspace.md b/docs/cnspec/saas/google_workspace.md index 4244a72a..da0c3931 100644 --- a/docs/cnspec/saas/google_workspace.md +++ b/docs/cnspec/saas/google_workspace.md @@ -1,7 +1,7 @@ --- title: Assess Google Workspace Security with cnspec sidebar_label: Google Workspace -sidebar_position: 3 +sidebar_position: 4 displayed_sidebar: cnspec description: Set up cnspec to perform security scans of Google Workspace --- diff --git a/docs/cnspec/saas/ms365.md b/docs/cnspec/saas/ms365.md index b6a4aee3..9ec88a48 100644 --- a/docs/cnspec/saas/ms365.md +++ b/docs/cnspec/saas/ms365.md @@ -2,7 +2,7 @@ title: Assess Microsoft 365 Security with cnspec sidebar_label: Microsoft 365 displayed_sidebar: cnspec -sidebar_position: 4 +sidebar_position: 5 description: Use cnspec to assess Microsoft 365 for security misconfigurations image: /img/featured_img/mondoo-365.jpg --- diff --git a/docs/cnspec/saas/slack.md b/docs/cnspec/saas/slack.md index 08310352..110cbe71 100644 --- a/docs/cnspec/saas/slack.md +++ b/docs/cnspec/saas/slack.md @@ -1,7 +1,7 @@ --- title: Asses Slack Security with cnspec sidebar_label: Slack -sidebar_position: 6 +sidebar_position: 7 displayed_sidebar: cnspec description: Secure and enforce policy for your Slack workspaces image: /img/featured_img/mondoo-feature.jpg