docs: add security-by-design docs #9770
Conversation
248e516 to
c8f5a71
Compare
|
Nice summary, thank you for the coherent explanation! |
b47d833 to
3d14618
Compare
| @@ -0,0 +1,77 @@ | |||
| --- | |||
| slug: /features/security | |||
There was a problem hiding this comment.
I have replaced the current Features/Secrets page with a revised Features/Security page that discusses the sandboxing feature + the original Secrets page content. A redirection is also in place for the old URL.
@jpadams @kpenfound please review
| Dagger supports the use of HTTP and SSH protocols for accessing directories, files, and Dagger modules in remote repositories. This feature is compatible with all major Git hosting platforms such as GitHub, GitLab, BitBucket, Azure DevOps, Codeberg, and Sourcehut. Dagger supports authentication via both HTTPS (using Git credential managers) and SSH (using a unified authentication approach). | ||
|
|
||
| <Tabs> | ||
| <TabItem value="Remote directories and files"> |
There was a problem hiding this comment.
@grouville note these two tabs are because the formats are not the same for modules vs files/directories. Maybe they can be unified?
There was a problem hiding this comment.
It will be yes, I'll converge those on the PR that unifies the logic
I made some changes to accomodate this:
|
|
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 7 days. |
30a4dbf to
039abaf
Compare
c349cea to
b733452
Compare
The current example with `dag.Git()` does not take into account the fact that SSH refs trigger the security-by-design model of Dagger. This commit adds alternative examples Signed-off-by: Guillaume de Rouville <guillaume@dagger.io>
Add a security-by-design docs to explain the best practices / patterns with Dagger Signed-off-by: Guillaume de Rouville <guillaume@dagger.io>
Signed-off-by: Guillaume de Rouville <guillaume@dagger.io>
Signed-off-by: Vikram Vaswani <vikram@dagger.io>
Signed-off-by: Vikram Vaswani <vikram@dagger.io>
b733452 to
760ae84
Compare
Closes #9723
Users have been confused by https://docs.dagger.io/cookbook/#clone-a-remote-git-repository-into-a-container-by-branch-tag-or-commit. The source of the confusion seems to be deeper than just the reproduction of the cookbook.
Basically, we lack an understanding of the security-by-design model in our docs.
This PR updates the cookbook example to differentiate the HTTP(S) and SSH based refs and also introduces a
security-modelpage. This page is currently not linked to any other page in our docs as I don't really know where it would fit @vikram-dagger