Collect if a GitLab project allows forking projects

This is part of GitLab's security recommendations. If we collect it we can expand our policy to check for it. cnquery> gitlab.group{*} gitlab.group: { name: "lunalectric" path: "lunalectric" description: "" projects: [ 0: gitlab.project name="Example Gitlab" visibility="private" ] id: 5409231 requireTwoFactorAuthentication: true visibility: "private" preventForkingOutsideGroup: false } ``` Signed-off-by: Tim Smith <[email protected]>
mondoohq · Sep 19, 2023 · 0742eb0 · 0742eb0
1 parent fc5c872
commit 0742eb0
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 0 deletions.
diff --git a/providers/gitlab/resources/gitlab.go b/providers/gitlab/resources/gitlab.go
@@ -34,6 +34,7 @@ func initGitlabGroup(runtime *plugin.Runtime, args map[string]*llx.RawData) (map
 	args["description"] = llx.StringData(grp.Description)
 	args["visibility"] = llx.StringData(string(grp.Visibility))
 	args["requireTwoFactorAuthentication"] = llx.BoolData(grp.RequireTwoFactorAuth)
+	args["preventForkingOutsideGroup"] = llx.BoolData(grp.PreventForkingOutsideGroup)
 
 	return args, nil, nil
 }

diff --git a/providers/gitlab/resources/gitlab.lr b/providers/gitlab/resources/gitlab.lr
@@ -18,6 +18,8 @@ gitlab.group @defaults("name") {
   visibility string
   // Require all users in this group to setup Two-factor authentication.
   requireTwoFactorAuthentication bool
+  // Don't allow forking projects outside this group
+  preventForkingOutsideGroup bool
   // List all projects that belong to the group
   projects() []gitlab.project
 }

diff --git a/providers/gitlab/resources/gitlab.lr.go b/providers/gitlab/resources/gitlab.lr.go
diff --git a/providers/gitlab/resources/gitlab.lr.manifest.yaml b/providers/gitlab/resources/gitlab.lr.manifest.yaml
@@ -8,6 +8,8 @@ resources:
       id: {}
       name: {}
       path: {}
+      preventForkingOutsideGroup:
+        min_mondoo_version: 9.0.0
       projects: {}
       requireTwoFactorAuthentication: {}
       visibility: {}