Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2023-09-24 03:07:50 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2023-09-24 03:07:50 +0300
commit361fcafa7d395de570f90c9e0379fb18b8266dca (patch)
treeea823259fdccb7f67e5e7d862eaf77016a5819c6
parentc90ff9583ab8c882a42b6ce071d453f2b6d01a6b (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.checksum4
-rw-r--r--Gemfile.lock8
-rw-r--r--doc/user/application_security/policies/index.md3
-rw-r--r--doc/user/application_security/policies/scan-execution-policies.md2
5 files changed, 9 insertions, 10 deletions
diff --git a/Gemfile b/Gemfile
index c3244a6be98..ec3e8d3b000 100644
--- a/Gemfile
+++ b/Gemfile
@@ -417,7 +417,7 @@ group :development, :test do
gem 'gitlab-styles', '~> 10.1.0', require: false
gem 'haml_lint', '~> 0.40.0', require: false
- gem 'bundler-audit', '~> 0.7.0.1', require: false
+ gem 'bundler-audit', '~> 0.9.1', require: false
# Benchmarking & profiling
gem 'benchmark-ips', '~> 2.11.0', require: false
diff --git a/Gemfile.checksum b/Gemfile.checksum
index f1b56e635f6..0e3094d3570 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -64,7 +64,7 @@
{"name":"browser","version":"5.3.1","platform":"ruby","checksum":"62745301701ff2c6c5d32d077bb12532b20be261929dcb52c6781ed0d5658b3c"},
{"name":"builder","version":"3.2.4","platform":"ruby","checksum":"99caf08af60c8d7f3a6b004029c4c3c0bdaebced6c949165fe98f1db27fbbc10"},
{"name":"bullet","version":"7.0.2","platform":"ruby","checksum":"4b7986b366f694bb05d5c1b4ea8ba949a99224d4511bf02f0c3944112f719c81"},
-{"name":"bundler-audit","version":"0.7.0.1","platform":"ruby","checksum":"12d853cb0b92fa8868abbb539414d7a33da9e48b792e2ff28271d36c8ace8912"},
+{"name":"bundler-audit","version":"0.9.1","platform":"ruby","checksum":"bdc716fc21cd8652a6507b137e5bc51f5e0e4f6f106a114ab004c89d0200bd3d"},
{"name":"byebug","version":"11.1.3","platform":"ruby","checksum":"2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b"},
{"name":"capybara","version":"3.39.2","platform":"ruby","checksum":"d6f0ca5f30897e64789428d4b047a0df105815a302069913578ac35d5ca99884"},
{"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"},
@@ -633,7 +633,7 @@
{"name":"test-prof","version":"1.2.2","platform":"ruby","checksum":"528af83bcbd1778e1dc1adbbced359fdfe9e65409d10bdd0defddd964d214522"},
{"name":"test_file_finder","version":"0.1.4","platform":"ruby","checksum":"bc36d8339eac4fb9dc36514a7c5f4d389ac2fb6d010716fc715c5c8fbb98eacd"},
{"name":"text","version":"1.3.1","platform":"ruby","checksum":"2fbbbc82c1ce79c4195b13018a87cbb00d762bda39241bb3cdc32792759dd3f4"},
-{"name":"thor","version":"1.2.1","platform":"ruby","checksum":"b1752153dc9c6b8d3fcaa665e9e1a00a3e73f28da5e238b81c404502e539d446"},
+{"name":"thor","version":"1.2.2","platform":"ruby","checksum":"2f93c652828cba9fcf4f65f5dc8c306f1a7317e05aad5835a13740122c17f24c"},
{"name":"thread_safe","version":"0.3.6","platform":"java","checksum":"bb28394cd0924c068981adee71f36a81c85c92e7d74d3f62372bd51489a0e0c2"},
{"name":"thread_safe","version":"0.3.6","platform":"ruby","checksum":"9ed7072821b51c57e8d6b7011a8e282e25aeea3a4065eab326e43f66f063b05a"},
{"name":"thrift","version":"0.16.0","platform":"ruby","checksum":"d023286ea89e30444c9f1c28dd76107f87d8aaf85fe1742da1d8cd3b5417dcce"},
diff --git a/Gemfile.lock b/Gemfile.lock
index ab2b6c08ed7..d6911ef9114 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -319,9 +319,9 @@ GEM
bullet (7.0.2)
activesupport (>= 3.0.0)
uniform_notifier (~> 1.11)
- bundler-audit (0.7.0.1)
+ bundler-audit (0.9.1)
bundler (>= 1.2.0, < 3)
- thor (>= 0.18, < 2)
+ thor (~> 1.0)
byebug (11.1.3)
capybara (3.39.2)
addressable
@@ -1576,7 +1576,7 @@ GEM
test_file_finder (0.1.4)
faraday (~> 1.0)
text (1.3.1)
- thor (1.2.1)
+ thor (1.2.2)
thread_safe (0.3.6)
thrift (0.16.0)
tilt (2.0.11)
@@ -1749,7 +1749,7 @@ DEPENDENCIES
bootsnap (~> 1.16.0)
browser (~> 5.3.1)
bullet (~> 7.0.2)
- bundler-audit (~> 0.7.0.1)
+ bundler-audit (~> 0.9.1)
bundler-checksum (~> 0.1.0)!
capybara (~> 3.39, >= 3.39.2)
capybara-screenshot (~> 1.0.26)
diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md
index 84c28d4008c..e3bea7bd6ca 100644
--- a/doc/user/application_security/policies/index.md
+++ b/doc/user/application_security/policies/index.md
@@ -148,8 +148,7 @@ The workaround is to amend your group or instance push rules to allow branches f
- Scan result policies created at the group or sub-group level can take some time to apply to all the merge requests in the group.
- Scheduled scan execution policies run with a minimum 15 minute cadence. Learn more [about the schedule rule type](../policies/scan-execution-policies.md#schedule-rule-type).
- When scheduling pipelines, keep in mind that CRON scheduling is based on UTC on GitLab SaaS and is based on your server time for self managed instances. When testing new policies, it may appear pipelines are not running properly when in fact they are scheduled in your server's timezone.
-- When enforcing scan execution policies, security policies creates a bot in the target project that will trigger scheduled pipelines to ensure enforcement. If the bot is
-deleted or missing, the target project's pipeline will not be executed. To recreate a security policy bot user unlink and link the security policy project again.
+- When enforcing scan execution policies, security policies use a bot in the target project that will trigger scheduled pipelines to ensure enforcement. When the bot is missing, it will be automatically created, and the following scheduled scan will use it.
- You should not link a security policy project to a development project and to the group or sub-group the development project belongs to at the same time. Linking this way will result in approval rules from the Scan Result Policy not being applied to merge requests in the development project.
- When creating a Scan Result Policy, neither the array `severity_levels` nor the array `vulnerability_states` in the [scan_finding rule](../policies/scan-result-policies.md#scan_finding-rule-type) can be left empty; for a working rule, at least one entry must exist.
- When configuring pipeline and scan result policies, it's important to remember that security scans performed in manual jobs aren't verified to determine whether MR approval is required. When you run a manual job with security scans, it won't ensure approval even if vulnerabilities are introduced.
diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md
index ac15dfc0a47..b55aa136177 100644
--- a/doc/user/application_security/policies/scan-execution-policies.md
+++ b/doc/user/application_security/policies/scan-execution-policies.md
@@ -141,7 +141,7 @@ This rule schedules a scan pipeline, enforcing the defined actions on the schedu
Scheduled scan pipelines are triggered by a security policy bot user that is a guest member of the project with elevated permissions for users of type `security_policy_bot` so it may carry out this task. Security policy bot users are automatically created when the security policy project is linked, and removed when the security policy project is unlinked.
-If the project does not have a security policy bot user, the scheduled scan pipeline will not be triggered. To recreate a security policy bot user unlink and link the security policy project again.
+If the project does not have a security policy bot user, the bot will be automatically created, and the following scheduled scan pipeline will use it.
GitLab supports the following types of CRON syntax for the `cadence` field:
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-14 00:51:05 +0300