Risk Level: medium
Spectral Rule ID: GLPL002
To make sure that this token doesn't leak:
- Masks the job token in job logs.
- Grants permissions to the job token only when the job is running.
You should also configure your runners to be secure. Avoid:
- Using Docker's privileged mode if the machines are re-used.
- Using the shell executor when jobs run on the same machine.
If you have an insecure GitLab Runner configuration, you increase the risk that someone tries to steal tokens from other jobs.
Updated 3 months ago