Improve documentation for `spp_repository_pipeline_access` project setting
The following discussions from !165626 (merged) should be addressed:
-
@rdickenson started a discussion: Use the `content` type in a policy to reference CI/CD configuration stored in a security policy project. This allows you to use the same CI/CD configuration among multiple policies, reducing the overhead of maintaining these configurations. For example, if you have a custom secret detection CI/CD configuration you want to enforce in policy A and policy B, you can reference the same configuration in both policies but it's stored as a single YAML file. Prerequisites: - Users triggering pipelines run in those projects on which a policy containing the `content` type is enforced must have at minimum read-only access to the project containing the CI/CD configuration. In GitLab 17.4 and later, you can grant the required read-only access by enabling the project setting **Scan execution policies**. Enabling this option allows the user who triggered the pipeline access to **only** the read the CI/CD configuration enforced by the scan execution policy.@mcavoj This suggestion does not comply with the docs standards, but I think it helps explain the feature and the required permissions a little more. As I'm now on PTO please ask Ryan Lehmann for assistance from here.
@rlehmann1 By our docs standards, this would be written as two topics - concept and task. Here we've combined them into one. It's not ideal but we can polish this in a follow-up MR.
-
@rdickenson started a discussion: sppRepositoryPipelineAccessLabel: s__( 'ProjectSettings|Grant access to the CI/CD files named in security policies.', ), sppRepositoryPipelineAccessHelpText: s__( 'ProjectSettings|Allow users and tokens read-only access to fetch security policy configurations in this project to enforce policies. %{linkStart}Learn more%{linkEnd}.',suggestion: @mcavoj Like my docs suggestion, please consider this a draft.
@rlehmann1 You may prefer to leave this just as it is, with is OK with me.
👍