diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-11 06:08:52 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-11 06:08:52 +0300 |
commit | 988f8190b39847793faba06375973f8d4a024426 (patch) | |
tree | bad08d45ee4c080e8631240e8083cd3cfeda088c /doc/user | |
parent | a18ca85c05efe431c3a1faf6c9f4257638b73493 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/application_security/index.md | 20 | ||||
-rw-r--r-- | doc/user/application_security/policies/scan-execution-policies.md | 10 | ||||
-rw-r--r-- | doc/user/project/merge_requests/reviews/index.md | 2 |
3 files changed, 21 insertions, 11 deletions
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index da1439ed13e..6441f74a41b 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -282,17 +282,25 @@ The merge request security widget displays only a subset of the vulnerabilities From the merge request security widget, select **Expand** to unfold the widget, displaying any new and no longer detected (removed) findings by scan type. -For each security report type, the widget displays the first 25 added and 25 fixed findings, sorted by severity. To see all -findings, select **View full report** to go directly to the **Security** tab in the latest branch pipeline. +For each security report type, the widget displays the first 25 added and 25 fixed findings, sorted by severity. +This is determined by comparing the security reports from the source branch and target branch pipelines. + +As an example, consider two pipelines with these scan results: + +- The source branch pipeline detects two vulnerabilities identified as `V1` and `V2`. +- The target branch pipeline detects two vulnerabilities identified as `V1` and `V3`. +- `V2` will show on the merge request widget as "added". +- `V3` will show on the merge request widget as "fixed". +- `V1` exists on both branches and is not shown on the merge request widget. + +To see all findings on the source branch of the merge request, select **View full report** to go directly to the **Security** tab in the latest source branch pipeline. ![Security scanning results in a merge request](img/mr_security_scanning_results_v14_3.png) ### Pipeline security tab -A pipeline's security tab lists all findings in the current branch. It includes findings introduced -by this branch and vulnerabilities already present in the base branch. These results likely do not -match the findings displayed in the Merge Request security widget, as those do not include the -existing vulnerabilities. For more information see +A pipeline's security tab lists all findings from the security reports in the pipeline's +job artifacts. For more information see [Vulnerabilities in a pipeline](vulnerability_report/pipeline.md). ### Security dashboard diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md index 58d9c0b44f1..92817b70b6c 100644 --- a/doc/user/application_security/policies/scan-execution-policies.md +++ b/doc/user/application_security/policies/scan-execution-policies.md @@ -351,11 +351,11 @@ enforced by the policy. #### `ci_configuration_path` object -| Field | Type | Description | -|-----------|---------------------|-------------| -| `project` | `string` | A project namespace path. | -| `file` | `string` | The file name of the CI/CD YAML file. | -| `ref` | `string` (optional) | The branch name, tag name, or commit SHA. | +| Field | Type | Required | Description | +|-----------|---------------------|----------|-------------| +| `project` | `string` | true | A project namespace path. | +| `file` | `string` | true | The file name of the CI/CD YAML file. | +| `ref` | `string` | false | The branch name, tag name, or commit SHA. If not specified, uses the default branch. | #### `scan` action type diff --git a/doc/user/project/merge_requests/reviews/index.md b/doc/user/project/merge_requests/reviews/index.md index 23b1207619e..78e4c19dd57 100644 --- a/doc/user/project/merge_requests/reviews/index.md +++ b/doc/user/project/merge_requests/reviews/index.md @@ -19,6 +19,7 @@ review merge requests in Visual Studio Code. <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> For an overview, see [Merge request review](https://www.youtube.com/watch?v=2MayfXKpU08&list=PLFGfElNsQthYDx0A_FaNNfUm9NHsK6zED&index=183). +<!-- Video published on 2023-04-29 --> ## GitLab Duo Suggested Reviewers **(ULTIMATE SAAS)** @@ -31,6 +32,7 @@ GitLab uses machine learning to suggest reviewers for your merge request. <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> For an overview, see [GitLab Duo Suggested Reviewers](https://www.youtube.com/embed/ivwZQgh4Rxw). +<!-- Video published on 2023-11-03 --> To suggest reviewers, GitLab uses: |