Add latest changes from gitlab-org/gitlab@master

2 files changed, 7 insertions, 1 deletions

diff --git a/doc/user/application_security/dependency_list/index.md b/doc/user/application_security/dependency_list/index.md
index 2828d487153..992f4137bb8 100644
--- a/doc/user/application_security/dependency_list/index.md
+++ b/doc/user/application_security/dependency_list/index.md
@@ -5,7 +5,7 @@
 The Dependency list allows you to see your project's dependencies, and key
 details about them, including their known vulnerabilities. To see it,
 navigate to **Security & Compliance > Dependency List** in your project's
-sidebar.
+sidebar. This information is sometimes referred to as a Software Bill of Materials or SBoM / BOM.
 
 ## Requirements
 
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index ea9c0b85bea..fad6d33dc7f 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -454,6 +454,12 @@ CI/CD configuration file to turn it on. Results are available in the SAST report
 
 GitLab currently includes [Gitleaks](https://github.com/zricethezav/gitleaks) and [TruffleHog](https://github.com/dxa4481/truffleHog) checks.
 
+NOTE: **Note:**
+The secrets analyzer will ignore "Password in URL" vulnerabilities if the password begins
+with a dollar sign (`$`) as this likely indicates the password being used is an environment
+variable. For example, `https://username:$password@example.com/path/to/repo` will not be
+detected, whereas `https://username:password@example.com/path/to/repo` would be detected.
+
 ## Security Dashboard
 
 The Security Dashboard is a good place to get an overview of all the security