diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-13 12:10:21 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-13 12:10:21 +0300 |
commit | a4772171f93e06dcc4bbc78a3577b1faa7dd1f50 (patch) | |
tree | 33c6a1d0278581ff3140730b46f57df15b85cc85 /doc/topics | |
parent | a48b98b75db31df0c4feea4b4bb3e3afd7ce73cf (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/topics')
-rw-r--r-- | doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md | 2 | ||||
-rw-r--r-- | doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md | 2 | ||||
-rw-r--r-- | doc/topics/autodevops/index.md | 2 | ||||
-rw-r--r-- | doc/topics/autodevops/stages.md | 17 |
4 files changed, 9 insertions, 14 deletions
diff --git a/doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md b/doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md index b85b99d1874..a09de9b33c2 100644 --- a/doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md +++ b/doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md @@ -180,7 +180,7 @@ The jobs are separated into stages: - The `secret-detection` job checks for leaked secrets and is allowed to fail ([Auto Secret Detection](../stages.md#auto-secret-detection)) - The `license_scanning` job searches the application's dependencies to determine each of their licenses and is allowed to fail - ([Auto License Compliance](../stages.md#auto-license-compliance)) + ([Auto License Scanning](../stages.md#auto-license-scanning)) - **Review** - Pipelines on the default branch include this stage with a `dast_environment_deploy` job. To learn more, see [Dynamic Application Security Testing (DAST)](../../../user/application_security/dast/index.md). diff --git a/doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md b/doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md index f6a6c16e010..a615d4c5050 100644 --- a/doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md +++ b/doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md @@ -184,7 +184,7 @@ The jobs are separated into stages: - The `secret-detection` job checks for leaked secrets and is allowed to fail ([Auto Secret Detection](../stages.md#auto-secret-detection)) - The `license_scanning` job searches the application's dependencies to determine each of their licenses and is allowed to fail - ([Auto License Compliance](../stages.md#auto-license-compliance)) + ([Auto License Scanning](../stages.md#auto-license-scanning)) - **Review** - Pipelines on the default branch include this stage with a `dast_environment_deploy` job. For more information, see [Dynamic Application Security Testing (DAST)](../../../user/application_security/dast/index.md). diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index 10979f0bb21..df06d96bdc5 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -37,7 +37,7 @@ Auto DevOps supports development during each of the [DevOps stages](stages.md). | Test | [Auto Code Intelligence](stages.md#auto-code-intelligence) | | Test | [Auto Code Quality](stages.md#auto-code-quality) | | Test | [Auto Container Scanning](stages.md#auto-container-scanning) | -| Test | [Auto License Compliance](stages.md#auto-license-compliance) | +| Test | [Auto License Scanning](stages.md#auto-license-scanning) | | Deploy | [Auto Review Apps](stages.md#auto-review-apps) | | Deploy | [Auto Deploy](stages.md#auto-deploy) | | Secure | [Auto Dynamic Application Security Testing (DAST)](stages.md#auto-dast) | diff --git a/doc/topics/autodevops/stages.md b/doc/topics/autodevops/stages.md index 6be8a71cdbc..a9ea7a4208d 100644 --- a/doc/topics/autodevops/stages.md +++ b/doc/topics/autodevops/stages.md @@ -240,20 +240,15 @@ check out. The merge request widget displays any security warnings detected, For more information, see [Dependency Scanning](../../user/application_security/dependency_scanning/index.md). -## Auto License Compliance **(ULTIMATE)** +## Auto License Scanning **(ULTIMATE)** -> Introduced in GitLab 11.0. - -License Compliance uses the -[License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder) -to search the project dependencies for their license. The Auto License Compliance stage -is skipped on licenses other than [Ultimate](https://about.gitlab.com/pricing/). - -After creating the report, it's uploaded as an artifact which you can later download and -check out. The merge request displays any detected licenses. +License Scanning detects licenses in project dependencies using the +CycloneDX Software Bill of Materials (SBOM) file generated by Dependency +Scanning. License approval policies enforces approved licenses in a project. For more information, see -[License Compliance](../../user/compliance/license_compliance/index.md). +[License Scanning](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) and +[License Approval Policies](../../user/compliance/license_approval_policies.md). ## Auto Container Scanning |