Update SD docs to clarify Reporter+ rule is required for group access token
What does this MR do and why?
This merge request updates Pipeline SD documentation to clarify that using a group access token whether you're using:
-
SECRET_DETECTION_RULESET_GIT_REFERENCE
CI variable to disable/override a rule from the default ruleset (with a remote ruleset). - Or passthroughs' auth setting to replace or extend the default ruleset (with a remote ruleset).
Requires the group access token used to have at least the Reporter
or higher role when the project is private.
This is because Guest
role is only able to pull project code
when the project is public:
On self-managed GitLab instances, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). External users must be given explicit access (at least the Reporter role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available.
MR acceptance checklist
I have evaluated this MR against the MR acceptance checklist.