diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-24 03:07:50 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-24 03:07:50 +0300 |
commit | 361fcafa7d395de570f90c9e0379fb18b8266dca (patch) | |
tree | ea823259fdccb7f67e5e7d862eaf77016a5819c6 | |
parent | c90ff9583ab8c882a42b6ce071d453f2b6d01a6b (diff) |
Add latest changes from gitlab-org/gitlab@master
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.checksum | 4 | ||||
-rw-r--r-- | Gemfile.lock | 8 | ||||
-rw-r--r-- | doc/user/application_security/policies/index.md | 3 | ||||
-rw-r--r-- | doc/user/application_security/policies/scan-execution-policies.md | 2 |
5 files changed, 9 insertions, 10 deletions
@@ -417,7 +417,7 @@ group :development, :test do gem 'gitlab-styles', '~> 10.1.0', require: false gem 'haml_lint', '~> 0.40.0', require: false - gem 'bundler-audit', '~> 0.7.0.1', require: false + gem 'bundler-audit', '~> 0.9.1', require: false # Benchmarking & profiling gem 'benchmark-ips', '~> 2.11.0', require: false diff --git a/Gemfile.checksum b/Gemfile.checksum index f1b56e635f6..0e3094d3570 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -64,7 +64,7 @@ {"name":"browser","version":"5.3.1","platform":"ruby","checksum":"62745301701ff2c6c5d32d077bb12532b20be261929dcb52c6781ed0d5658b3c"}, {"name":"builder","version":"3.2.4","platform":"ruby","checksum":"99caf08af60c8d7f3a6b004029c4c3c0bdaebced6c949165fe98f1db27fbbc10"}, {"name":"bullet","version":"7.0.2","platform":"ruby","checksum":"4b7986b366f694bb05d5c1b4ea8ba949a99224d4511bf02f0c3944112f719c81"}, -{"name":"bundler-audit","version":"0.7.0.1","platform":"ruby","checksum":"12d853cb0b92fa8868abbb539414d7a33da9e48b792e2ff28271d36c8ace8912"}, +{"name":"bundler-audit","version":"0.9.1","platform":"ruby","checksum":"bdc716fc21cd8652a6507b137e5bc51f5e0e4f6f106a114ab004c89d0200bd3d"}, {"name":"byebug","version":"11.1.3","platform":"ruby","checksum":"2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b"}, {"name":"capybara","version":"3.39.2","platform":"ruby","checksum":"d6f0ca5f30897e64789428d4b047a0df105815a302069913578ac35d5ca99884"}, {"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"}, @@ -633,7 +633,7 @@ {"name":"test-prof","version":"1.2.2","platform":"ruby","checksum":"528af83bcbd1778e1dc1adbbced359fdfe9e65409d10bdd0defddd964d214522"}, {"name":"test_file_finder","version":"0.1.4","platform":"ruby","checksum":"bc36d8339eac4fb9dc36514a7c5f4d389ac2fb6d010716fc715c5c8fbb98eacd"}, {"name":"text","version":"1.3.1","platform":"ruby","checksum":"2fbbbc82c1ce79c4195b13018a87cbb00d762bda39241bb3cdc32792759dd3f4"}, -{"name":"thor","version":"1.2.1","platform":"ruby","checksum":"b1752153dc9c6b8d3fcaa665e9e1a00a3e73f28da5e238b81c404502e539d446"}, +{"name":"thor","version":"1.2.2","platform":"ruby","checksum":"2f93c652828cba9fcf4f65f5dc8c306f1a7317e05aad5835a13740122c17f24c"}, {"name":"thread_safe","version":"0.3.6","platform":"java","checksum":"bb28394cd0924c068981adee71f36a81c85c92e7d74d3f62372bd51489a0e0c2"}, {"name":"thread_safe","version":"0.3.6","platform":"ruby","checksum":"9ed7072821b51c57e8d6b7011a8e282e25aeea3a4065eab326e43f66f063b05a"}, {"name":"thrift","version":"0.16.0","platform":"ruby","checksum":"d023286ea89e30444c9f1c28dd76107f87d8aaf85fe1742da1d8cd3b5417dcce"}, diff --git a/Gemfile.lock b/Gemfile.lock index ab2b6c08ed7..d6911ef9114 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -319,9 +319,9 @@ GEM bullet (7.0.2) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) - bundler-audit (0.7.0.1) + bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) - thor (>= 0.18, < 2) + thor (~> 1.0) byebug (11.1.3) capybara (3.39.2) addressable @@ -1576,7 +1576,7 @@ GEM test_file_finder (0.1.4) faraday (~> 1.0) text (1.3.1) - thor (1.2.1) + thor (1.2.2) thread_safe (0.3.6) thrift (0.16.0) tilt (2.0.11) @@ -1749,7 +1749,7 @@ DEPENDENCIES bootsnap (~> 1.16.0) browser (~> 5.3.1) bullet (~> 7.0.2) - bundler-audit (~> 0.7.0.1) + bundler-audit (~> 0.9.1) bundler-checksum (~> 0.1.0)! capybara (~> 3.39, >= 3.39.2) capybara-screenshot (~> 1.0.26) diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md index 84c28d4008c..e3bea7bd6ca 100644 --- a/doc/user/application_security/policies/index.md +++ b/doc/user/application_security/policies/index.md @@ -148,8 +148,7 @@ The workaround is to amend your group or instance push rules to allow branches f - Scan result policies created at the group or sub-group level can take some time to apply to all the merge requests in the group. - Scheduled scan execution policies run with a minimum 15 minute cadence. Learn more [about the schedule rule type](../policies/scan-execution-policies.md#schedule-rule-type). - When scheduling pipelines, keep in mind that CRON scheduling is based on UTC on GitLab SaaS and is based on your server time for self managed instances. When testing new policies, it may appear pipelines are not running properly when in fact they are scheduled in your server's timezone. -- When enforcing scan execution policies, security policies creates a bot in the target project that will trigger scheduled pipelines to ensure enforcement. If the bot is -deleted or missing, the target project's pipeline will not be executed. To recreate a security policy bot user unlink and link the security policy project again. +- When enforcing scan execution policies, security policies use a bot in the target project that will trigger scheduled pipelines to ensure enforcement. When the bot is missing, it will be automatically created, and the following scheduled scan will use it. - You should not link a security policy project to a development project and to the group or sub-group the development project belongs to at the same time. Linking this way will result in approval rules from the Scan Result Policy not being applied to merge requests in the development project. - When creating a Scan Result Policy, neither the array `severity_levels` nor the array `vulnerability_states` in the [scan_finding rule](../policies/scan-result-policies.md#scan_finding-rule-type) can be left empty; for a working rule, at least one entry must exist. - When configuring pipeline and scan result policies, it's important to remember that security scans performed in manual jobs aren't verified to determine whether MR approval is required. When you run a manual job with security scans, it won't ensure approval even if vulnerabilities are introduced. diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md index ac15dfc0a47..b55aa136177 100644 --- a/doc/user/application_security/policies/scan-execution-policies.md +++ b/doc/user/application_security/policies/scan-execution-policies.md @@ -141,7 +141,7 @@ This rule schedules a scan pipeline, enforcing the defined actions on the schedu Scheduled scan pipelines are triggered by a security policy bot user that is a guest member of the project with elevated permissions for users of type `security_policy_bot` so it may carry out this task. Security policy bot users are automatically created when the security policy project is linked, and removed when the security policy project is unlinked. -If the project does not have a security policy bot user, the scheduled scan pipeline will not be triggered. To recreate a security policy bot user unlink and link the security policy project again. +If the project does not have a security policy bot user, the bot will be automatically created, and the following scheduled scan pipeline will use it. GitLab supports the following types of CRON syntax for the `cadence` field: |