gitlab-ce defaults tracking

Description

Installing gitlab-ce defaults raises a couple of errors on run.

Firstly, using the default self-signed certificate, gitlabcis will refuse to connect.

stdout

xakep@work:~/Desktop/repos/cis-benchmark-scanner [test/ce-defaults] $ gitlabcis https://host/root/example
Error: Unable to connect to GitLab instance: [https://host/root/example](https://host/root/example)

With debug:

Message: 'Starting new HTTPS connection (1): host:443'
Arguments: (1, 'host', 443)
Error: Unable to connect to GitLab instance: https://host/root/example
2025-03-11 13:20:47,349 - root - DEBUG - Connection Error: HTTPSConnectionPool(host='host', port=443): Max retries exceeded with url: /api/v4/user (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1129)')))

We could add ssl_verify=True to the authenticate() method, but we'll also need to do so, for gql and then suppress the warnings:

stdout

gitlabcis https://host/root/example    
/Users/xakep/.pyenv/versions/3.9.18/lib/python3.9/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host 'host'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings

Command

gitlabcis https://gitlab-ce-host

gitlabcis Version

gitlabcis version: 1.11.2

GitLab Server Version

GitLab Community Edition v17.9.1

Logs / Screenshots

cc: @nmcd

Edited Mar 11, 2025 by Neil McDonald