Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-gitlabcis for
openSUSE:Factory checked in at 2026-03-16 14:17:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-gitlabcis (Old)
and /work/SRC/openSUSE:Factory/.python-gitlabcis.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-gitlabcis"
Mon Mar 16 14:17:39 2026 rev:8 rq:1339216 version:1.17.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-gitlabcis/python-gitlabcis.changes
2026-01-27 16:15:30.642029460 +0100
+++
/work/SRC/openSUSE:Factory/.python-gitlabcis.new.8177/python-gitlabcis.changes
2026-03-16 14:21:00.290444201 +0100
@@ -1,0 +2,13 @@
+Mon Mar 16 06:17:17 UTC 2026 - Johannes Kastl
<[email protected]>
+
+- update to 1.17.1:
+ * Fix
+ - fix: Remove instance error statements (37e7d3a)
+- update to 1.17.0:
+ * Feature
+ - feat: Group support for artifacts checks (#125) (f1a5ed0)
+- update to 1.16.0:
+ * Feature
+ - feat: Support GitLab inputs (#133 (closed)) (0c4b790)
+
+-------------------------------------------------------------------
Old:
----
gitlabcis-1.15.22.tar.gz
New:
----
gitlabcis-1.17.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-gitlabcis.spec ++++++
--- /var/tmp/diff_new_pack.kUe7bN/_old 2026-03-16 14:21:00.750463329 +0100
+++ /var/tmp/diff_new_pack.kUe7bN/_new 2026-03-16 14:21:00.754463496 +0100
@@ -17,7 +17,7 @@
Name: python-gitlabcis
-Version: 1.15.22
+Version: 1.17.1
Release: 0
Summary: An automated tool that assesses the GitLab CIS benchmarks
against a project
License: MIT
++++++ gitlabcis-1.15.22.tar.gz -> gitlabcis-1.17.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/.gitlab/.gitlab-ci.yml
new/gitlabcis-1.17.1/.gitlab/.gitlab-ci.yml
--- old/gitlabcis-1.15.22/.gitlab/.gitlab-ci.yml 2026-01-26
20:46:16.000000000 +0100
+++ new/gitlabcis-1.17.1/.gitlab/.gitlab-ci.yml 2026-03-16 01:39:40.000000000
+0100
@@ -5,9 +5,21 @@
# -----------------------------------------------------------------------------
workflow:
+
auto_cancel:
on_job_failure: all
+ rules:
+ # Run merge request pipelines only (not branch pipelines)
+ - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+ when: always
+ # Run branch pipelines only for main branch
+ - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "main"'
+ when: always
+ # Run scheduled jobs
+ - if: '$CI_PIPELINE_SOURCE == "schedule"'
+ when: always
+
# -----------------------------------------------------------------------------
# Stages:
# -----------------------------------------------------------------------------
@@ -76,8 +88,11 @@
- git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME
# ensure that the angular commit msg type is followed
- git log --pretty=format:%s
$CI_MERGE_REQUEST_DIFF_BASE_SHA..$CI_COMMIT_SHA | commitlint --config
.commitlintrc
- only:
- - merge_requests
+ rules:
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ when: always
+ allow_failure: false
renovate:
stage: lint
@@ -86,8 +101,12 @@
- npm install -g renovate
- renovate-config-validator
rules:
- - changes:
- - renovate.json
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "renovate.json"
+ - ".tool-versions"
+ allow_failure: false
docs:
stage: lint
@@ -96,7 +115,12 @@
- npm install -g markdownlint-cli
- markdownlint **/*.md
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.md"
+ - "*.md"
+ allow_failure: false
codebase:flake8:
stage: lint
@@ -105,7 +129,13 @@
- make install
- venv/bin/tox -e flake8
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.py"
+ - "*.py"
+ - "pyproject.toml"
+ allow_failure: false
benchmarks:baseline:
stage: lint
@@ -114,7 +144,14 @@
- make install
- venv/bin/tox -e baseline
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.yml"
+ - "*.yml"
+ - "**/*.yaml"
+ - "*.yaml"
+ allow_failure: false
benchmarks:yamllint:
stage: lint
@@ -123,7 +160,14 @@
- make install
- venv/bin/tox -e yamllint
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.yml"
+ - "*.yml"
+ - "**/*.yaml"
+ - "*.yaml"
+ allow_failure: false
codebase:benchmarks:
stage: lint
@@ -132,7 +176,13 @@
- make install
- venv/bin/tox -e benchmarks
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.py"
+ - "*.py"
+ - "pyproject.toml"
+ allow_failure: false
# -----------------------------------------------------------------------------
# Build:
@@ -194,7 +244,13 @@
- make install
- venv/bin/tox -e py314
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.py"
+ - "*.py"
+ - "pyproject.toml"
+ allow_failure: false
python:3.13:
stage: compatibility
@@ -203,7 +259,13 @@
- make install
- venv/bin/tox -e py313
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.py"
+ - "*.py"
+ - "pyproject.toml"
+ allow_failure: false
python:3.12:
stage: compatibility
@@ -212,7 +274,13 @@
- make install
- venv/bin/tox -e py312
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.py"
+ - "*.py"
+ - "pyproject.toml"
+ allow_failure: false
python:3.11:
stage: compatibility
@@ -221,7 +289,13 @@
- make install
- venv/bin/tox -e py311
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.py"
+ - "*.py"
+ - "pyproject.toml"
+ allow_failure: false
python:3.10:
stage: compatibility
@@ -230,7 +304,13 @@
- make install
- venv/bin/tox -e py310
rules:
- - when: always
+ # Don't run on main pipelines:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ changes:
+ - "**/*.py"
+ - "*.py"
+ - "pyproject.toml"
+ allow_failure: false
# -----------------------------------------------------------------------------
# GitLab & Pypi release using python-semantic-release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/.gitlab/CODEOWNERS
new/gitlabcis-1.17.1/.gitlab/CODEOWNERS
--- old/gitlabcis-1.15.22/.gitlab/CODEOWNERS 2026-01-26 20:46:16.000000000
+0100
+++ new/gitlabcis-1.17.1/.gitlab/CODEOWNERS 2026-03-16 01:39:40.000000000
+0100
@@ -1,5 +1,5 @@
# Core:
-/ @smeadzinger @ayofan @nrosandich @nmcd @mjozenazemian @dmakovey @Joey_Khabie
+/ @ayofan @nrosandich @nmcd @mjozenazemian @dmakovey @Joey_Khabie
# Recommendations:
-/gitlabcis/recommendations @smeadzinger
+/gitlabcis/recommendations @ayofan @nrosandich @nmcd @mjozenazemian
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/.gitlab/duo/agent-config.yml
new/gitlabcis-1.17.1/.gitlab/duo/agent-config.yml
--- old/gitlabcis-1.15.22/.gitlab/duo/agent-config.yml 1970-01-01
01:00:00.000000000 +0100
+++ new/gitlabcis-1.17.1/.gitlab/duo/agent-config.yml 2026-03-16
01:39:40.000000000 +0100
@@ -0,0 +1,21 @@
+# GitLab Duo Agent Platform - Flow Execution Configuration
+# Docs: https://docs.gitlab.com/user/duo_agent_platform/flows/execution/
+
+# Docker image for flow execution in CI/CD.
+image: python:3.13-slim
+
+# Setup script runs before the flow executes.
+setup_script:
+ - apt-get update && apt-get install -y git make
+ - pip install --upgrade pip
+ - pip install ".[test,build]"
+
+# Cache pip downloads and the installed package across flow runs.
+cache:
+ key:
+ files:
+ - pyproject.toml
+ prefix: gitlabcis-deps
+ paths:
+ - .cache/pip
+ - venv/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/.markdownlintignore
new/gitlabcis-1.17.1/.markdownlintignore
--- old/gitlabcis-1.15.22/.markdownlintignore 2026-01-26 20:46:16.000000000
+0100
+++ new/gitlabcis-1.17.1/.markdownlintignore 2026-03-16 01:39:40.000000000
+0100
@@ -1,4 +1,5 @@
build
dist
venv
-CHANGELOG.md
\ No newline at end of file
+CHANGELOG.md
+AGENTS.md
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/AGENTS.md
new/gitlabcis-1.17.1/AGENTS.md
--- old/gitlabcis-1.15.22/AGENTS.md 1970-01-01 01:00:00.000000000 +0100
+++ new/gitlabcis-1.17.1/AGENTS.md 2026-03-16 01:39:40.000000000 +0100
@@ -0,0 +1,273 @@
+# AGENTS.md — Coding Agent Guidelines
+
+This file provides instructions and context for agentic coding assistants
working in this repository.
+
+---
+
+## Repository Overview
+
+`gitlabcis` is a Python CLI tool that audits GitLab projects/groups/instances
against CIS Benchmark security controls. It is structured as a Python package
with:
+- `gitlabcis/benchmarks/` — benchmark check implementations (one module per
CIS section)
+- `gitlabcis/cli/` — CLI entry point and argument parsing
+- `gitlabcis/recommendations/` — YAML files defining each benchmark check's
metadata
+- `gitlabcis/utils/` — shared utilities (CI config parsing, etc.)
+- `gitlabcis/tests/` — unit tests and input/CLI tests
+
+---
+
+## Environment Setup
+
+```sh
+make install # creates venv/, installs package with [test,build] extras,
sets up pre-commit hooks
+make clean # removes venv/, build artifacts, uninstalls package
+make build # clean + install + python -m build
+```
+
+Python version is pinned to **3.13** via `.tool-versions` (mise). The package
supports Python 3.10–3.14.
+
+---
+
+## Build, Lint, and Test Commands
+
+### Linting
+
+```sh
+venv/bin/tox -e flake8 # flake8 linting on gitlabcis/
+venv/bin/tox -e bandit # bandit security linting (excludes tests, .tox)
+venv/bin/tox -e yamllint # yamllint on gitlabcis/recommendations/
+```
+
+### Testing
+
+```sh
+# Run all tests (coverage):
+venv/bin/tox -e cover
+
+# Run only benchmark unit tests:
+venv/bin/tox -e benchmarks
+
+# Run only YAML recommendation baseline tests:
+venv/bin/tox -e baseline
+
+# Run all tox environments:
+venv/bin/tox
+```
+
+### Running a Single Test
+
+```sh
+# Single test file:
+venv/bin/pytest
gitlabcis/tests/unit/benchmarks/source_code_1/code_changes_1_1_test.py
+
+# Single test function:
+venv/bin/pytest
gitlabcis/tests/unit/benchmarks/source_code_1/code_changes_1_1_test.py::test_version_control
+
+# With verbose output:
+venv/bin/pytest -s -vv
gitlabcis/tests/unit/benchmarks/source_code_1/code_changes_1_1_test.py::test_version_control
+
+# Pass extra args through tox:
+venv/bin/tox -e benchmarks --
gitlabcis/tests/unit/benchmarks/source_code_1/code_changes_1_1_test.py::test_version_control
+```
+
+Note: test files use the `from conftest import run` import, so `pytest` must
be run from the repo root (not from inside `gitlabcis/`).
+
+### Pre-commit Hooks
+
+```sh
+pre-commit run --all-files # run all hooks: commitlint, markdownlint,
gitleaks, isort, black, flake8
+```
+
+---
+
+## Code Style Guidelines
+
+### Line Length
+
+**79 characters** (enforced by `black --line-length=79`). Use `# noqa: E501`
sparingly for unavoidable long lines.
+
+### Formatter
+
+`black` with `-S` flag (skip string normalization). **Single quotes are
predominant** — do not change quote style unless necessary.
+
+### Import Sorting
+
+`isort` (via pre-commit). Standard import order:
+1. Standard library
+2. Third-party libraries
+3. Local `gitlabcis` imports
+
+**Benchmark modules use deferred (inside-function) imports** — this is
intentional and must be preserved:
+
+```python
+def some_benchmark(glEntity, glObject, **kwargs):
+ from gitlab.exceptions import (GitlabAuthenticationError, GitlabGetError,
+ GitlabHttpError, GitlabListError)
+ from gitlabcis.utils import ci
+ ...
+```
+
+Only `cli/` and `utils/` modules use top-level imports.
+
+### File Headers
+
+Every Python source file begins with a 79-character separator comment:
+
+```python
+# -----------------------------------------------------------------------------
+```
+
+### Naming Conventions
+
+| Element | Convention | Example |
+|---|---|---|
+| Functions | `snake_case` | `sign_artifacts_in_build_pipeline` |
+| Classes | `PascalCase` | `GitlabCIS`, `CustomLogFilter` |
+| Local variables | `camelCase` | `glEntity`, `defaultBranch`,
`protectedBranches` |
+| Constants | `UPPER_SNAKE_CASE` | `MAX_WORKERS`, `OUTPUT_FORMATS`, `CHECK` |
+| Private helpers | `_snake_case` | `_checkCrosslinks`, `_staleBranches` |
+| Test files | `<module>_test.py` | `code_changes_1_1_test.py` (suffix, not
prefix) |
+
+### Comments
+
+Do **not** add comments unless they are truly necessary. Avoid inline
explanations.
+
+---
+
+## Benchmark Function Conventions
+
+Every function in `gitlabcis/benchmarks/` follows a strict pattern:
+
+### Signature
+
+```python
+def function_name(glEntity, glObject, **kwargs):
+ """
+ id: X.Y.Z
+ title: Human-readable title of the check
+ """
+```
+
+The docstring **must** contain `id:` and `title:` fields — this is validated
by tests in `tests/unit/benchmarks/function_test.py`.
+
+### Return Values
+
+All benchmark functions return a single-key dict:
+
+```python
+{True: 'Reason string'} # PASS
+{False: 'Reason string'} # FAIL
+{None: 'Reason string'} # SKIP (insufficient permissions, not applicable,
not implemented)
+```
+
+### Entity Type Dispatch
+
+```python
+if kwargs.get('isProject'):
+ # project-level logic
+elif kwargs.get('isGroup'):
+ return {None: 'Not yet implemented for groups'}
+elif kwargs.get('isInstance'):
+ return {None: 'Not applicable at instance level'}
+```
+
+### Error Handling Pattern
+
+```python
+except (GitlabHttpError, GitlabGetError, GitlabAuthenticationError) as e:
+ if e.response_code in [401, 403]:
+ return {None: 'Insufficient permissions'}
+ if e.response_code == 404:
+ return {None: 'Resource not found'}
+```
+
+Use `except AttributeError: return {None: 'Feature is not enabled'}` for
disabled features.
+
+Do **not** catch unhandled response codes — let them fall through (returns
`None` implicitly).
+
+---
+
+## Recommendation YAML Files
+
+Each benchmark check has a matching YAML file in
`gitlabcis/recommendations/<section>/`. Required keys (validated by
`tests/unit/yaml/`):
+
+```yaml
+id: X.Y.Z
+name: function_name_matching_benchmark_module
+title: Human-readable title
+profile: Level 1 or Level 2
+category: section name
+description: |
+ ...
+rationale: |
+ ...
+references: []
+```
+
+The `name:` field **must exactly match** the benchmark function name.
+
+---
+
+## Testing Conventions
+
+### Test Structure
+
+Tests live in `gitlabcis/tests/unit/benchmarks/<section>/` and are named
`<module>_test.py`.
+
+The `run()` helper from `conftest.py` is used to assert outcomes:
+
+```python
+from conftest import run
+from gitlabcis.benchmarks.source_code_1 import code_changes_1_1
+
+def test_some_function(glEntity, glObject):
+ test = code_changes_1_1.some_function
+
+ glEntity.some_attr = True
+ run(glEntity, glObject, test, True, **{'isProject': True})
+
+ glEntity.some_attr = False
+ run(glEntity, glObject, test, False, **{'isProject': True})
+
+ for kwargs in [{'isGroup': True}, {'isInstance': True}]:
+ run(glEntity, glObject, test, None, **kwargs)
+```
+
+### Available Fixtures (from `conftest.py`)
+
+```python
+glEntity # Mock() — represents a GitLab project/group/instance
+glObject # Mock() — represents the top-level gitlab.Gitlab client
+unauthorised # Mock(side_effect=GitlabGetError(response_code=401))
+gqlClient # patches gql.Client
+```
+
+### Mocking Pattern
+
+Use `from unittest.mock import Mock, patch`. For external API calls, set
attributes or side effects directly on `glEntity`:
+
+```python
+glEntity.some_method.return_value = [Mock()]
+glEntity.some_method.side_effect = GitlabHttpError('msg', response_code=403)
+```
+
+For utility functions, use `@patch('gitlabcis.utils.ci.searchConfig')`.
+
+---
+
+## Commit Message Convention
+
+Enforced by `commitlint` (Angular convention, max 72 char header):
+
+```
+<type>(<optional scope>): <subject in sentence-case or lower-case>
+```
+
+Allowed types: `build`, `chore`, `ci`, `docs`, `feat`, `fix`, `perf`,
`refactor`, `style`, `test`
+
+---
+
+## Bandit / Security Notes
+
+- `# nosec B506` is used for YAML loading with `GitLabYamlLoader` (a safe
custom loader)
+- Do not introduce `yaml.load()` without a safe loader
+- Do not log or expose secrets or tokens
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/CHANGELOG.md
new/gitlabcis-1.17.1/CHANGELOG.md
--- old/gitlabcis-1.15.22/CHANGELOG.md 2026-01-26 20:46:33.000000000 +0100
+++ new/gitlabcis-1.17.1/CHANGELOG.md 2026-03-16 01:39:57.000000000 +0100
@@ -1,5 +1,23 @@
# CHANGELOG
+## v1.17.1 (2026-03-16)
+
+### Fix
+
+* fix: Remove instance error statements
([`37e7d3a`](https://gitlab.com/gitlab-security-oss/cis/gitlabcis/-/commit/37e7d3aaa8cdb830bf0f254753404b76f826190d))
+
+## v1.17.0 (2026-03-15)
+
+### Feature
+
+* feat: Group support for artifacts checks (#125)
([`f1a5ed0`](https://gitlab.com/gitlab-security-oss/cis/gitlabcis/-/commit/f1a5ed001fd45c77073a3a08ded8d28626077b49))
+
+## v1.16.0 (2026-02-02)
+
+### Feature
+
+* feat: Support GitLab inputs (#133)
([`0c4b790`](https://gitlab.com/gitlab-security-oss/cis/gitlabcis/-/commit/0c4b790e19bbe8c3fffe0a3612fe7b90dfdb15ce))
+
## v1.15.22 (2026-01-26)
### Fix
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/PKG-INFO
new/gitlabcis-1.17.1/PKG-INFO
--- old/gitlabcis-1.15.22/PKG-INFO 2026-01-26 20:46:42.582966300 +0100
+++ new/gitlabcis-1.17.1/PKG-INFO 2026-03-16 01:40:06.635062000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: gitlabcis
-Version: 1.15.22
+Version: 1.17.1
Summary: An automated tool that assesses the GitLab CIS benchmarks against a
project.
Author-email: Nate Rosandich <[email protected]>, Neil McDonald
<[email protected]>, Mitra JozeNazemian
<[email protected]>
License: MIT License
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/docs/limitations.md
new/gitlabcis-1.17.1/docs/limitations.md
--- old/gitlabcis-1.15.22/docs/limitations.md 2026-01-26 20:46:16.000000000
+0100
+++ new/gitlabcis-1.17.1/docs/limitations.md 2026-03-16 01:39:40.000000000
+0100
@@ -79,13 +79,15 @@
| 3.1.7 | pin_dependency_version | `SKIP` by default as we cannot automate
this |
| 3.1.8 | packages_over_60_days_old | `SKIP` by default as we cannot automate
this |
| 3.2.4 | package_ownership_change | `SKIP` by default as we cannot ascertain
the relevant information programmatically. |
-| 4.1.1 | sign_artifacts_in_build_pipeline | `PASS` if every file in
artifacts.zip has a corresponding .sig file, indicating that the artifacts are
signed |
+| 4.1.1 | sign_artifacts_in_build_pipeline | `PASS` if every file in
artifacts.zip has a corresponding .sig file, indicating that the artifacts are
signed. `SKIP` for `Group` input types as there is no group-level pipeline
artifact API. |
| 4.1.2 | encrypt_artifacts_before_distribution | `SKIP` by default as we
cannot automate this |
| 4.1.3 | only_authorized_platforms_can_decrypt_artifacts | `SKIP` by default
as we cannot automate this |
| 4.2.1 | limit_certifying_artifacts | `SKIP` by default as we cannot automate
this |
| 4.2.2 | limit_artifact_uploaders | `PASS` if the number of members with
maintainer role or higher is below 20% or fewer than three. |
| 4.2.4 | external_auth_server | `SKIP` by default as we cannot automate this |
| 4.2.6 | minimum_package_registry_admins | `PASS` if the number of members
with reporter role or higher is below 40% or fewer than three. |
+| 4.3.1 | validate_signed_artifacts_on_upload | `SKIP` for `Group` input types
as commit signing status cannot be queried at the group level. |
+| 4.3.2 | all_artifact_versions_signed | `SKIP` for `Group` input types as
commit signing status cannot be queried at the group level. |
| 4.3.3 | audit_package_registry_config | `SKIP` by default as we cannot
automate this |
| 4.4.1 | artifact_origin_info | `SKIP` by default as we cannot automate this |
| 5.1.1 | separate_deployment_config | `PASS` if ci config yml file is
available and not in the root directory of this project |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/gitlabcis/__init__.py
new/gitlabcis-1.17.1/gitlabcis/__init__.py
--- old/gitlabcis-1.15.22/gitlabcis/__init__.py 2026-01-26 20:46:33.000000000
+0100
+++ new/gitlabcis-1.17.1/gitlabcis/__init__.py 2026-03-16 01:39:57.000000000
+0100
@@ -9,4 +9,4 @@
# -------------------------------------------------------------------------
__author__ = '[email protected]'
-__version__ = '1.15.22' # noqa: E999
+__version__ = '1.17.1' # noqa: E999
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/benchmarks/artifacts_4/access_to_artifacts_4_2.py
new/gitlabcis-1.17.1/gitlabcis/benchmarks/artifacts_4/access_to_artifacts_4_2.py
---
old/gitlabcis-1.15.22/gitlabcis/benchmarks/artifacts_4/access_to_artifacts_4_2.py
2026-01-26 20:46:16.000000000 +0100
+++
new/gitlabcis-1.17.1/gitlabcis/benchmarks/artifacts_4/access_to_artifacts_4_2.py
2026-03-16 01:39:40.000000000 +0100
@@ -24,7 +24,7 @@
from gitlab.exceptions import (GitlabAuthenticationError, GitlabGetError,
GitlabHttpError)
- if kwargs.get('isProject'):
+ if kwargs.get('isProject') or kwargs.get('isGroup'):
try:
members = glEntity.members.list(all=True)
maintainer_and_above = sum(
@@ -55,9 +55,6 @@
elif kwargs.get('isInstance'):
return {None: 'Not applicable at instance level'}
- elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for groups'}
-
# -------------------------------------------------------------------------
@@ -135,7 +132,7 @@
from gitlab.exceptions import (GitlabAuthenticationError, GitlabGetError,
GitlabHttpError)
- if kwargs.get('isProject'):
+ if kwargs.get('isProject') or kwargs.get('isGroup'):
try:
members = glEntity.members.list(all=True)
reporter_and_above = sum(
@@ -164,6 +161,3 @@
elif kwargs.get('isInstance'):
return {None: 'Not applicable at instance level'}
-
- elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for groups'}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py
new/gitlabcis-1.17.1/gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py
---
old/gitlabcis-1.15.22/gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py
2026-01-26 20:46:16.000000000 +0100
+++
new/gitlabcis-1.17.1/gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py
2026-03-16 01:39:40.000000000 +0100
@@ -96,12 +96,9 @@
GitlabHttpError, GitlabListError)
try:
- if kwargs.get('isProject'):
+ if kwargs.get('isProject') or kwargs.get('isGroup'):
webhooks = glEntity.hooks.list(get_all=True)
- elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for groups'}
-
elif kwargs.get('isInstance'):
webhooks = glObject.hooks.list(get_all=True)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py
new/gitlabcis-1.17.1/gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py
---
old/gitlabcis-1.15.22/gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py
2026-01-26 20:46:16.000000000 +0100
+++
new/gitlabcis-1.17.1/gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py
2026-03-16 01:39:40.000000000 +0100
@@ -95,7 +95,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
@@ -174,7 +174,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/benchmarks/source_code_1/code_risks_1_5.py
new/gitlabcis-1.17.1/gitlabcis/benchmarks/source_code_1/code_risks_1_5.py
--- old/gitlabcis-1.15.22/gitlabcis/benchmarks/source_code_1/code_risks_1_5.py
2026-01-26 20:46:16.000000000 +0100
+++ new/gitlabcis-1.17.1/gitlabcis/benchmarks/source_code_1/code_risks_1_5.py
2026-03-16 01:39:40.000000000 +0100
@@ -74,7 +74,7 @@
return {None: 'This check requires validation'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
@@ -165,7 +165,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
@@ -243,7 +243,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
@@ -322,7 +322,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
@@ -402,7 +402,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
@@ -481,7 +481,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
@@ -559,4 +559,4 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/benchmarks/source_code_1/contribution_access_1_3.py
new/gitlabcis-1.17.1/gitlabcis/benchmarks/source_code_1/contribution_access_1_3.py
---
old/gitlabcis-1.15.22/gitlabcis/benchmarks/source_code_1/contribution_access_1_3.py
2026-01-26 20:46:16.000000000 +0100
+++
new/gitlabcis-1.17.1/gitlabcis/benchmarks/source_code_1/contribution_access_1_3.py
2026-03-16 01:39:40.000000000 +0100
@@ -221,7 +221,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
except (GitlabHttpError, GitlabGetError, GitlabAuthenticationError) as e:
if e.response_code in [401, 403]:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/benchmarks/source_code_1/repository_management_1_2.py
new/gitlabcis-1.17.1/gitlabcis/benchmarks/source_code_1/repository_management_1_2.py
---
old/gitlabcis-1.15.22/gitlabcis/benchmarks/source_code_1/repository_management_1_2.py
2026-01-26 20:46:16.000000000 +0100
+++
new/gitlabcis-1.17.1/gitlabcis/benchmarks/source_code_1/repository_management_1_2.py
2026-03-16 01:39:40.000000000 +0100
@@ -33,7 +33,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
except (GitlabHttpError, GitlabGetError, GitlabAuthenticationError) as e:
if e.response_code in [401, 403]:
@@ -135,7 +135,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
except (GitlabHttpError, GitlabGetError, GitlabAuthenticationError,
GitlabListError) as e:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/benchmarks/source_code_1/third_party_1_4.py
new/gitlabcis-1.17.1/gitlabcis/benchmarks/source_code_1/third_party_1_4.py
--- old/gitlabcis-1.15.22/gitlabcis/benchmarks/source_code_1/third_party_1_4.py
2026-01-26 20:46:16.000000000 +0100
+++ new/gitlabcis-1.17.1/gitlabcis/benchmarks/source_code_1/third_party_1_4.py
2026-03-16 01:39:40.000000000 +0100
@@ -88,7 +88,7 @@
return {None: 'Not applicable at instance level'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
# -------------------------------------------------------------------------
@@ -116,7 +116,7 @@
return {None: 'This check requires validation'}
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
except (GitlabHttpError, GitlabGetError, GitlabAuthenticationError,
GitlabListError) as e:
@@ -163,7 +163,7 @@
return verify_hooks(glObject.hooks.list(get_all=True))
elif kwargs.get('isGroup'):
- return {None: 'Not yet implemented for instances or groups'}
+ return {None: 'Not yet implemented for groups'}
except (GitlabHttpError, GitlabGetError, GitlabAuthenticationError,
GitlabListError) as e:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/tests/unit/benchmarks/artifacts_4/access_to_artifacts_4_2_test.py
new/gitlabcis-1.17.1/gitlabcis/tests/unit/benchmarks/artifacts_4/access_to_artifacts_4_2_test.py
---
old/gitlabcis-1.15.22/gitlabcis/tests/unit/benchmarks/artifacts_4/access_to_artifacts_4_2_test.py
2026-01-26 20:46:16.000000000 +0100
+++
new/gitlabcis-1.17.1/gitlabcis/tests/unit/benchmarks/artifacts_4/access_to_artifacts_4_2_test.py
2026-03-16 01:39:40.000000000 +0100
@@ -24,35 +24,35 @@
test = access_to_artifacts_4_2.limit_artifact_uploaders
- kwargs = {'isProject': True}
- glEntity.members.list.return_value = [
- Mock(access_level=40),
- Mock(access_level=30),
- Mock(access_level=20),
- Mock(access_level=10),
- Mock(access_level=10)
- ]
- run(glEntity, glObject, test, True, **kwargs)
-
- glEntity.members.list.return_value = [
- Mock(access_level=40),
- Mock(access_level=40),
- Mock(access_level=40),
- Mock(access_level=30),
- Mock(access_level=20)
- ]
- run(glEntity, glObject, test, False, **kwargs)
+ for kwargs in [{'isProject': True}, {'isGroup': True}]:
- glEntity.members.list.side_effect = GitlabHttpError(response_code=403)
- run(glEntity, glObject, test, None, **kwargs)
+ glEntity.members.list.side_effect = None
+ glEntity.members.list.return_value = [
+ Mock(access_level=40),
+ Mock(access_level=30),
+ Mock(access_level=20),
+ Mock(access_level=10),
+ Mock(access_level=10)
+ ]
+ run(glEntity, glObject, test, True, **kwargs)
+
+ glEntity.members.list.return_value = [
+ Mock(access_level=40),
+ Mock(access_level=40),
+ Mock(access_level=40),
+ Mock(access_level=30),
+ Mock(access_level=20)
+ ]
+ run(glEntity, glObject, test, False, **kwargs)
- glEntity.members.list.side_effect = GitlabHttpError(response_code=418)
- assert test(glEntity, glObject, **kwargs) is None
-
- kwarg = [{'isGroup': True}, {'isInstance': True}]
- for kwargs in kwarg:
+ glEntity.members.list.side_effect = GitlabHttpError(response_code=403)
run(glEntity, glObject, test, None, **kwargs)
+ glEntity.members.list.side_effect = GitlabHttpError(response_code=418)
+ assert test(glEntity, glObject, **kwargs) is None
+
+ run(glEntity, glObject, test, None, **{'isInstance': True})
+
# -----------------------------------------------------------------------------
@@ -111,31 +111,31 @@
test = access_to_artifacts_4_2.minimum_package_registry_admins
- kwargs = {'isProject': True}
- glEntity.members.list.return_value = [
- Mock(access_level=40),
- Mock(access_level=10),
- Mock(access_level=10),
- Mock(access_level=10),
- Mock(access_level=10)
- ]
- run(glEntity, glObject, test, True, **kwargs)
-
- glEntity.members.list.return_value = [
- Mock(access_level=40),
- Mock(access_level=40),
- Mock(access_level=40),
- Mock(access_level=40),
- Mock(access_level=20)
- ]
- run(glEntity, glObject, test, False, **kwargs)
+ for kwargs in [{'isProject': True}, {'isGroup': True}]:
- glEntity.members.list.side_effect = GitlabHttpError(response_code=403)
- run(glEntity, glObject, test, None, **kwargs)
+ glEntity.members.list.side_effect = None
+ glEntity.members.list.return_value = [
+ Mock(access_level=40),
+ Mock(access_level=10),
+ Mock(access_level=10),
+ Mock(access_level=10),
+ Mock(access_level=10)
+ ]
+ run(glEntity, glObject, test, True, **kwargs)
+
+ glEntity.members.list.return_value = [
+ Mock(access_level=40),
+ Mock(access_level=40),
+ Mock(access_level=40),
+ Mock(access_level=40),
+ Mock(access_level=20)
+ ]
+ run(glEntity, glObject, test, False, **kwargs)
- glEntity.members.list.side_effect = GitlabHttpError(response_code=418)
- assert test(glEntity, glObject, **kwargs) is None
-
- kwarg = [{'isGroup': True}, {'isInstance': True}]
- for kwargs in kwarg:
+ glEntity.members.list.side_effect = GitlabHttpError(response_code=403)
run(glEntity, glObject, test, None, **kwargs)
+
+ glEntity.members.list.side_effect = GitlabHttpError(response_code=418)
+ assert test(glEntity, glObject, **kwargs) is None
+
+ run(glEntity, glObject, test, None, **{'isInstance': True})
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/tests/unit/benchmarks/artifacts_4/package_registries_4_3_test.py
new/gitlabcis-1.17.1/gitlabcis/tests/unit/benchmarks/artifacts_4/package_registries_4_3_test.py
---
old/gitlabcis-1.15.22/gitlabcis/tests/unit/benchmarks/artifacts_4/package_registries_4_3_test.py
2026-01-26 20:46:16.000000000 +0100
+++
new/gitlabcis-1.17.1/gitlabcis/tests/unit/benchmarks/artifacts_4/package_registries_4_3_test.py
2026-03-16 01:39:40.000000000 +0100
@@ -83,9 +83,9 @@
test = package_registries_4_3.secure_repo_webhooks
- kwarg = [{'isProject': True}, {'isInstance': True}]
-
- for kwargs in kwarg:
+ for kwargs in [
+ {'isProject': True}, {'isGroup': True}, {'isInstance': True}
+ ]:
secHookSSLVerify = Mock(
url='https://example.com', enable_ssl_verification=True)
@@ -96,32 +96,25 @@
unsecureHook = Mock(
url='http://example.com', enable_ssl_verification=False)
- print(kwargs)
+ glEntity.hooks.list.side_effect = None
+ glObject.hooks.list.side_effect = None
+
glEntity.hooks.list.return_value = []
glObject.hooks.list.return_value = []
run(glEntity, glObject, test, True, **kwargs)
- glEntity.hooks.list.return_value = [
- secHookSSLVerify]
- glObject.hooks.list.return_value = [
- secHookSSLVerify]
+ glEntity.hooks.list.return_value = [secHookSSLVerify]
+ glObject.hooks.list.return_value = [secHookSSLVerify]
run(glEntity, glObject, test, True, **kwargs)
- glEntity.hooks.list.return_value = [
- secHookNoSSLVerify]
- glObject.hooks.list.return_value = [
- secHookNoSSLVerify]
+ glEntity.hooks.list.return_value = [secHookNoSSLVerify]
+ glObject.hooks.list.return_value = [secHookNoSSLVerify]
run(glEntity, glObject, test, False, **kwargs)
- glEntity.hooks.list.return_value = [
- unsecureHook]
- glObject.hooks.list.return_value = [
- unsecureHook]
+ glEntity.hooks.list.return_value = [unsecureHook]
+ glObject.hooks.list.return_value = [unsecureHook]
run(glEntity, glObject, test, False, **kwargs)
- kwarg = [{'isProject': True}, {'isInstance': True}]
-
- for kwargs in kwarg:
glEntity.hooks.list.side_effect = GitlabHttpError(response_code=403)
glObject.hooks.list.side_effect = GitlabHttpError(response_code=403)
run(glEntity, glObject, test, None, **kwargs)
@@ -129,5 +122,3 @@
glEntity.hooks.list.side_effect = GitlabHttpError(response_code=418)
glObject.hooks.list.side_effect = GitlabHttpError(response_code=418)
assert test(glEntity, glObject, **kwargs) is None
-
- run(glEntity, glObject, test, None, **{'isGroup': True})
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlabcis-1.15.22/gitlabcis/tests/unit/utils/ci_test.py
new/gitlabcis-1.17.1/gitlabcis/tests/unit/utils/ci_test.py
--- old/gitlabcis-1.15.22/gitlabcis/tests/unit/utils/ci_test.py 2026-01-26
20:46:16.000000000 +0100
+++ new/gitlabcis-1.17.1/gitlabcis/tests/unit/utils/ci_test.py 2026-03-16
01:39:40.000000000 +0100
@@ -6,7 +6,7 @@
from gitlab.exceptions import GitlabAuthenticationError, GitlabGetError
from gitlab.v4.objects.files import ProjectFile
-from gitlabcis.utils.ci import getConfig, searchConfig
+from gitlabcis.utils.ci import getConfig, safeLoad, searchConfig
# -----------------------------------------------------------------------------
@@ -154,3 +154,56 @@
response_code=418)
result = getConfig(glEntity, glObject)
assert result == {None: 'Insufficient permissions'}
+
+
+def test_safeLoad():
+ result = safeLoad("""
+stages:
+ - stage1
+job:
+ stage: stage1
+ script:
+ - exit 0""")
+ assert result["job"]["stage"] == "stage1"
+ assert result["job"]["script"][0] == "exit 0"
+
+
+def test_safeLoad_inputs():
+ result = safeLoad("""
+spec:
+ inputs:
+ example:
+ default: foo
+ options:
+ - foo
+ - bar
+---
+stages:
+ - stage1
+job:
+ stage: stage1
+ script:
+ - exit 0""")
+ assert result["job"]["stage"] == "stage1"
+ assert result["job"]["script"][0] == "exit 0"
+
+
+def test_safeLoad_invalid():
+ result = safeLoad("""
+spec:
+ inputs:
+ example:
+ default: foo
+ options:
+ - foo
+ - bar
+---
+stages:
+ - stage1
+job:
+ stage: stage1
+ script:
+ - exit 0
+---
+foo: bar""")
+ assert result == {None: 'Could not load CI config file'}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/gitlabcis/utils/ci.py
new/gitlabcis-1.17.1/gitlabcis/utils/ci.py
--- old/gitlabcis-1.15.22/gitlabcis/utils/ci.py 2026-01-26 20:46:16.000000000
+0100
+++ new/gitlabcis-1.17.1/gitlabcis/utils/ci.py 2026-03-16 01:39:40.000000000
+0100
@@ -158,8 +158,16 @@
# We exclude Bandit's yaml load, as we _are_ using the SafeLoader
# but we're monkey patching it to allow !reference tags.
# (nosec B506)
- return yaml.load(ciConfigObject, Loader=GitLabYamlLoader) # nosec B506
+ yamlDocs = list(yaml.load_all(ciConfigObject,
Loader=GitLabYamlLoader)) # noqa: E501, nosec B506
+ if len(yamlDocs) == 1:
+ return yamlDocs[0]
+ # This .gitlab-ci.yml probably uses inputs
+ # https://docs.gitlab.com/ci/inputs/
+ elif len(yamlDocs) == 2:
+ return yamlDocs[1]
+ else:
+ raise yaml.constructor.ConstructorError
except yaml.constructor.ConstructorError:
logging.error('Failed to load the CI config file')
return {None: 'Could not load CI config file'}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/gitlabcis.egg-info/PKG-INFO
new/gitlabcis-1.17.1/gitlabcis.egg-info/PKG-INFO
--- old/gitlabcis-1.15.22/gitlabcis.egg-info/PKG-INFO 2026-01-26
20:46:42.000000000 +0100
+++ new/gitlabcis-1.17.1/gitlabcis.egg-info/PKG-INFO 2026-03-16
01:40:06.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: gitlabcis
-Version: 1.15.22
+Version: 1.17.1
Summary: An automated tool that assesses the GitLab CIS benchmarks against a
project.
Author-email: Nate Rosandich <[email protected]>, Neil McDonald
<[email protected]>, Mitra JozeNazemian
<[email protected]>
License: MIT License
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/gitlabcis.egg-info/SOURCES.txt
new/gitlabcis-1.17.1/gitlabcis.egg-info/SOURCES.txt
--- old/gitlabcis-1.15.22/gitlabcis.egg-info/SOURCES.txt 2026-01-26
20:46:42.000000000 +0100
+++ new/gitlabcis-1.17.1/gitlabcis.egg-info/SOURCES.txt 2026-03-16
01:40:06.000000000 +0100
@@ -6,6 +6,7 @@
.pypirc
.tool-versions
.yamllint.yml
+AGENTS.md
CHANGELOG.md
CONTRIBUTING.md
LICENSE
@@ -17,6 +18,7 @@
renovate.json
.gitlab/.gitlab-ci.yml
.gitlab/CODEOWNERS
+.gitlab/duo/agent-config.yml
.gitlab/issue_templates/bug.md
.gitlab/issue_templates/feature.md
.gitlab/issue_templates/vuln.md
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlabcis-1.15.22/pyproject.toml
new/gitlabcis-1.17.1/pyproject.toml
--- old/gitlabcis-1.15.22/pyproject.toml 2026-01-26 20:46:33.000000000
+0100
+++ new/gitlabcis-1.17.1/pyproject.toml 2026-03-16 01:39:57.000000000 +0100
@@ -12,7 +12,7 @@
[project]
name = "gitlabcis"
-version = "1.15.22"
+version = "1.17.1"
requires-python = ">=3.10"
description = "An automated tool that assesses the GitLab CIS benchmarks
against a project."
authors = [
