diff options
author | Mark Florian <553096-markrian@users.noreply.gitlab.com> | 2019-08-15 09:15:15 +0300 |
---|---|---|
committer | Evan Read <eread@gitlab.com> | 2019-08-15 09:15:15 +0300 |
commit | 00c08cc5d413f9de6000fbe010a5c6eb1bdaa93a (patch) | |
tree | 287aec9080ea2d3f7a842b6f4c7ffd28f789c0be /doc/user/application_security/dependency_list/index.md | |
parent | ee9f0bb7a534ed2a7d805e934e0df8219a645660 (diff) |
Update/expand docs for the Dependency List
These changes align the docs with the features introduced in [1].
See also the [issue tracking the documentation changes][2].
[1]: https://gitlab.com/gitlab-org/gitlab-ee/issues/10077
[2]: https://gitlab.com/gitlab-org/gitlab-ee/issues/12986
Diffstat (limited to 'doc/user/application_security/dependency_list/index.md')
-rw-r--r-- | doc/user/application_security/dependency_list/index.md | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/doc/user/application_security/dependency_list/index.md b/doc/user/application_security/dependency_list/index.md new file mode 100644 index 00000000000..38c38bbd8a9 --- /dev/null +++ b/doc/user/application_security/dependency_list/index.md @@ -0,0 +1,49 @@ +# Dependency List **(ULTIMATE)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/10075) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0. + +The Dependency list allows you to see your project's dependencies, and key +details about them, including their known vulnerabilities. To see it, +navigate to **Security & Compliance > Dependency List** in your project's +sidebar. + +## Requirements + +1. The [Dependency Scanning](../dependency_scanning/index.md) CI job must be + configured for your project. +1. Your project uses at least one of the + [languages and package managers](../dependency_scanning/index.md#supported-languages-and-package-managers) + supported by Gemnasium. + +## Viewing dependencies + +![Dependency List](img/dependency_list_v12_2.png) + +Dependencies are displayed with the following information: + +| Field | Description | +| --------- | ----------- | +| Status | Displays whether or not the dependency has any known vulnerabilities | +| Component | The dependency's name | +| Version | The exact locked version of the dependency your project uses | +| Packager | The packager used to install the depedency | +| Location | A link to the packager-specific lockfile in your project that declared the dependency | + +Dependencies shown are initially sorted by their names. They can also be sorted +by the packager they were installed by, or by the severity of their known +vulnerabilities. + +There is a second list under the `Vulnerable components` tab displaying only +those dependencies with known vulnerabilities. If there are none, this tab is +disabled. + +### Vulnerabilities + +If a dependency has known vulnerabilities, they can be viewed by clicking on the +`Status` cell of that dependency. The severity and description of each +vulnerability will then be displayed below it. + +## Downloading the Dependency List + +Your project's full list of dependencies and their details can be downloaded in +`JSON` format by clicking on the download button. |