diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-24 06:09:32 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-24 06:09:32 +0300 |
commit | 3f29b140ab13fd23ed35e759fd2bb6f41ba788ac (patch) | |
tree | 14038bc12e68f9d39d0893db406d8b4fcbe78dd0 /doc/user | |
parent | 3b0fd281ca3a8b1d88f3bbfc00a4d3e56a1c3870 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/application_security/api_fuzzing/index.md | 7 | ||||
-rw-r--r-- | doc/user/application_security/dast/browser_based.md | 11 | ||||
-rw-r--r-- | doc/user/packages/composer_repository/index.md | 2 | ||||
-rw-r--r-- | doc/user/packages/conan_repository/index.md | 2 | ||||
-rw-r--r-- | doc/user/packages/maven_repository/index.md | 2 | ||||
-rw-r--r-- | doc/user/packages/npm_registry/index.md | 6 | ||||
-rw-r--r-- | doc/user/packages/nuget_repository/index.md | 2 | ||||
-rw-r--r-- | doc/user/packages/rubygems_registry/index.md | 2 | ||||
-rw-r--r-- | doc/user/packages/yarn_repository/index.md | 8 |
9 files changed, 21 insertions, 21 deletions
diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md index cab8c926def..3005e220f8b 100644 --- a/doc/user/application_security/api_fuzzing/index.md +++ b/doc/user/application_security/api_fuzzing/index.md @@ -24,13 +24,6 @@ Web API fuzzing runs in the `fuzz` stage of the CI/CD pipeline. To ensure API fu latest code, your CI/CD pipeline should deploy changes to a test environment in one of the stages preceding the `fuzz` stage. -Note the following changes have been made to the API fuzzing template: - -- In GitLab 14.0 and later, you must define a `fuzz` stage in your `.gitlab-ci.yml` file. -- In GitLab 13.12 and earlier, the API fuzzing template defines `build`, `test`, `deploy`, and - `fuzz` stages. The `fuzz` stage runs last by default. The predefined stages were deprecated, and removed from the `API-Fuzzing.latest.gitlab-ci.yml` template. We plan to remove them in a future GitLab - version. - If your pipeline is configured to deploy to the same web server on each run, running a pipeline while another is still running could cause a race condition in which one pipeline overwrites the code from another. The API to scan should be excluded from changes for the duration diff --git a/doc/user/application_security/dast/browser_based.md b/doc/user/application_security/dast/browser_based.md index c0d71a95f91..70c331f8840 100644 --- a/doc/user/application_security/dast/browser_based.md +++ b/doc/user/application_security/dast/browser_based.md @@ -302,8 +302,14 @@ The browser-based analyzer does not have an equivalent for proxy-based checks th ## Managing scan time -It is expected that running the browser-based crawler results in better coverage for many web applications, when compared to the standard GitLab DAST solution. -This can come at a cost of increased scan time. +Running the browser-based crawler results in better coverage for many web applications when compared to the proxy-based scanner, and this increased coverage can come at a cost of increased scan time. + +Scan time is affected by: + +- The response time of the target site +- The number of browsers concurrently running scans +- The number and complexity of pages that are crawled +- The number and complexity of security checks that are run You can manage the trade-off between coverage and scan time with the following measures: @@ -315,6 +321,7 @@ You can manage the trade-off between coverage and scan time with the following m - Prevent pages from being crawled using the [variable](#available-cicd-variables) `DAST_EXCLUDE_URLS`. - Prevent elements being selected using the [variable](#available-cicd-variables) `DAST_BROWSER_EXCLUDED_ELEMENTS`. Use with caution, as defining this variable causes an extra lookup for each page crawled. - If the target application has minimal or fast rendering, consider reducing the [variable](#available-cicd-variables) `DAST_BROWSER_DOM_READY_AFTER_TIMEOUT` to a smaller value. The default is `500ms`. +- Selectively include only specific security checks. Use this, for example, to target a vulnerability type, such as cross-site scripting. Consider using the [variable](#available-cicd-variables) `DAST_EXCLUDE_RULES` to exclude security checks your team is not concerned about or `DAST_BROWSER_INCLUDE_ONLY_RULES` to run only security checks your team is concerned about. ## Timeouts diff --git a/doc/user/packages/composer_repository/index.md b/doc/user/packages/composer_repository/index.md index c116a43293b..ffa8a8a71c5 100644 --- a/doc/user/packages/composer_repository/index.md +++ b/doc/user/packages/composer_repository/index.md @@ -40,7 +40,7 @@ Prerequisites: error (`Validation failed: Version is invalid`) occurs when you publish. - A valid `composer.json` file at the project root directory. - The Packages feature is enabled in a GitLab repository. -- The project ID, which is on the project's home page. +- The project ID, which is displayed on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). - One of the following token types: - A [personal access token](../../../user/profile/personal_access_tokens.md) with the scope set to `api`. - A [deploy token](../../project/deploy_tokens/index.md) diff --git a/doc/user/packages/conan_repository/index.md b/doc/user/packages/conan_repository/index.md index 72f36ca4e80..f3d89051efa 100644 --- a/doc/user/packages/conan_repository/index.md +++ b/doc/user/packages/conan_repository/index.md @@ -185,7 +185,7 @@ Prerequisites: - A local [Conan package](https://docs.conan.io/en/latest/creating_packages/getting_started.html) must exist. - For an instance remote, the package must meet the [naming convention](#package-recipe-naming-convention-for-instance-remotes). -- You must have the project ID, which is on the project's homepage. +- You must have the project ID, which is displayed on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). To publish the package, use the `conan upload` command: diff --git a/doc/user/packages/maven_repository/index.md b/doc/user/packages/maven_repository/index.md index bd5311276c6..419e9c81666 100644 --- a/doc/user/packages/maven_repository/index.md +++ b/doc/user/packages/maven_repository/index.md @@ -289,7 +289,7 @@ For the instance-level endpoint, ensure the relevant section of your `pom.xml` i | Endpoint | Endpoint URL for `pom.xml` | Additional information | |----------|--------------------------------------------------------------------------|------------------------| -| Project | `https://gitlab.example.com/api/v4/projects/<project_id>/packages/maven` | Replace `gitlab.example.com` with your domain name. Replace `<project_id>` with your project ID, found on your project's homepage. | +| Project | `https://gitlab.example.com/api/v4/projects/<project_id>/packages/maven` | Replace `gitlab.example.com` with your domain name. Replace `<project_id>` with your project ID, found on your [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). | | Group | `https://gitlab.example.com/api/v4/groups/<group_id>/-/packages/maven` | Replace `gitlab.example.com` with your domain name. Replace `<group_id>` with your group ID, found on your group's homepage. | | Instance | `https://gitlab.example.com/api/v4/packages/maven` | Replace `gitlab.example.com` with your domain name. | diff --git a/doc/user/packages/npm_registry/index.md b/doc/user/packages/npm_registry/index.md index 7a94db939cc..b229721feab 100644 --- a/doc/user/packages/npm_registry/index.md +++ b/doc/user/packages/npm_registry/index.md @@ -66,7 +66,7 @@ Create or edit the `.npmrc` file in the same directory as your `package.json`. I - Replace `@scope` with the [root level group](#naming-convention) of the project you're publishing to the package to. - Replace `your_domain_name` with your domain name, for example, `gitlab.com`. -- Replace `your_project_id` is your project ID, found on the project's home page. +- Replace `your_project_id` is your project ID, found on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). - `"${NPM_TOKEN}"` is associated with the token you created later in the process. WARNING: @@ -158,7 +158,7 @@ In these examples: - Replace `your_domain_name` with your domain name, for example, `gitlab.com`. - Replace `your_group_id` with your group ID, found on the group's home page. -- Replace `your_project_id` is your project ID, found on the project's home page. +- Replace `your_project_id` is your project ID, found on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). - Replace `your_token` with a deploy token, group access token, project access token, or personal access token. NOTE: @@ -224,7 +224,7 @@ To install a package from the instance level, the package must have been publish - Replace `@scope` with the [root level group](#naming-convention) of the project you're installing to the package from. - Replace `your_domain_name` with your domain name, for example, `gitlab.com`. - - Replace `your_project_id` is your project ID, found on the project's home page. + - Replace `your_project_id` is your project ID, found on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). 1. Install the package diff --git a/doc/user/packages/nuget_repository/index.md b/doc/user/packages/nuget_repository/index.md index 76a97834a73..6df4f5b80c4 100644 --- a/doc/user/packages/nuget_repository/index.md +++ b/doc/user/packages/nuget_repository/index.md @@ -61,7 +61,7 @@ Prerequisites: both. - A name for your source. - Depending on the [endpoint level](#use-the-gitlab-endpoint-for-nuget-packages) you use, either: - - Your project ID, which is found on your project's home page. + - Your project ID, which is found on your [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). - Your group ID, which is found on your group's home page. You can now add a new source to NuGet with: diff --git a/doc/user/packages/rubygems_registry/index.md b/doc/user/packages/rubygems_registry/index.md index f9017d9b5a7..cb522fee2b4 100644 --- a/doc/user/packages/rubygems_registry/index.md +++ b/doc/user/packages/rubygems_registry/index.md @@ -71,7 +71,7 @@ https://gitlab.example.com/api/v4/projects/<project_id>/packages/rubygems: '<you ``` - `<your token>` must be the token value of either your personal access token or deploy token. -- Your project ID is on your project's home page. +- Your project ID is displayed on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). ### Authenticate with a CI job token diff --git a/doc/user/packages/yarn_repository/index.md b/doc/user/packages/yarn_repository/index.md index 99f456bc1cb..6ef206c1a60 100644 --- a/doc/user/packages/yarn_repository/index.md +++ b/doc/user/packages/yarn_repository/index.md @@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w You can publish packages with [Yarn 1 (Classic)](https://classic.yarnpkg.com) and [Yarn 2+](https://yarnpkg.com). To find the Yarn version used in the deployment container, run `yarn --version` in the `script` block of the CI -script job block that is responsible for calling `yarn publish`**`. The Yarn version is shown in the pipeline output. +script job block that is responsible for calling `yarn publish`. The Yarn version is shown in the pipeline output. Learn how to build a [Yarn](../workflows/build_packages.md#yarn) package. @@ -48,7 +48,7 @@ In this configuration: - Replace `<my-org>` with your organization scope, exclude the `@` symbol. - Replace `<your_domain>` with your domain name. -- Replace `<your_project_id>` with your project's ID, which you can find on the project's home page. +- Replace `<your_project_id>` with your project's ID, which you can find on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). - Replace `<your_token>` with a deployment token, group access token, project access token, or personal access token. Scoped registry does not work in Yarn Classic in `package.json` file, based on @@ -251,7 +251,7 @@ Use these steps for each project in the `.yarnrc.yml` file: - Replace `<my-org>` with the root level group of the project you're installing to the package from excluding the `@` symbol. - Replace `<your_domain_name>` with your domain name, for example, `gitlab.com`. -- Replace `<your_project_id>` with your project ID, found on the project's home page. +- Replace `<your_project_id>` with your project ID, found on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). #### Set the registry (project level) @@ -266,7 +266,7 @@ npmRegistries: - Replace `<your_domain_name>` with your domain name, for example, `gitlab.com`. - Replace `<your_token>` with a deployment token (recommended), group access token, project access token, or personal access token. -- Replace `<your_project_id>` with your project ID, found on the project's home page. +- Replace `<your_project_id>` with your project ID, found on the [project overview page](../../project/working_with_projects.md#access-the-project-overview-page-by-using-the-project-id). ### Install the package |