@@ -52,3 +52,17 @@ Depending on your GitLab Edition, you may consider using GitLab [compliance fram
## Is there any vulnerability scanner to run against the GitLab/_to-be-continuous_ templates?
The GitLab pipeline code is written in YAML - general-purpose markup language - which allows to mix shell scripts, configuration, etc. No tool exists to do vulnerability scans against the YAML GitLab pipeline configuration. Please refer our [Security](https://to-be-continuous.gitlab.io/doc/secu) page for vulnerability scanning of the default images used by the _to-be-continuous_
## The `gitlab-sync` is failing to copy TBC to my own GitLab server
* if you're having authorization errors from the API: have you checked that the [group access token](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html) you've generated for the destination API was created from the right root group (`to-be-continuous` by default), with sufficient scopes `api,read_registry,write_registry,read_repository,write_repository` and with `Owner` role?
* if you're having Git errors: make sure all the _Pre-defined push rules_ in the root group are disabled (`Settings > Repository > Pre-defined push rules`).
## What is the tracking image for? As a gitlab.com user, am I being spied on?
Short answer: no you can relax, your usage is not tracked.
The tracking image is a general mechanism supported by _to-be-continuous_ to allow companies to track TBC usage **on their self-managed GitLab instances**.
It is disabled (by configuration) on gitlab.com, and may be enabled on self-managed instances, for instance to measure CI/CD and DevOps good practices adoption.
[More information in our documentation](./self-managed/advanced.md#setup-tracking).
