Add latest changes from gitlab-org/gitlab@14-0-stable-ee

17 files changed, 194 insertions, 134 deletions

diff --git a/doc/user/admin_area/analytics/usage_trends.md b/doc/user/admin_area/analytics/usage_trends.md
index 49c81b1a965..9c09b62f8af 100644
--- a/doc/user/admin_area/analytics/usage_trends.md
+++ b/doc/user/admin_area/analytics/usage_trends.md
@@ -17,7 +17,10 @@ This feature might not be available to you. Check the **version history** note a
 
 Usage Trends gives you an overview of how much data your instance contains, and how quickly this volume is changing over time.
 
-To see Usage Trends, go to **Admin Area > Analytics > Usage Trends**.
+To see Usage Trends:
+
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Analytics > Usage Trends**.
 
 ## Total counts
 
diff --git a/doc/user/admin_area/settings/email.md b/doc/user/admin_area/settings/email.md
index 5deb71698ff..e637408328d 100644
--- a/doc/user/admin_area/settings/email.md
+++ b/doc/user/admin_area/settings/email.md
@@ -20,8 +20,9 @@ The logo in the header of some emails can be customized, see the [logo customiza
 The additional text appears at the bottom of any email and can be used for
 legal/auditing/compliance reasons.
 
-1. Go to **Admin Area > Settings > Preferences** (`/admin/application_settings/preferences`).
-1. Expand the **Email** section.
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Preferences** (`/admin/application_settings/preferences`).
+1. Expand **Email**.
 1. Enter your text in the **Additional text** field.
 1. Click **Save**.
 
@@ -34,8 +35,9 @@ This configuration option sets the email hostname for [private commit emails](..
 
 In order to change this option:
 
-1. Go to **Admin Area > Settings > Preferences** (`/admin/application_settings/preferences`).
-1. Expand the **Email** section.
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Preferences** (`/admin/application_settings/preferences`).
+1. Expand **Email**.
 1. Enter the desired hostname in the **Custom hostname (for private commit emails)** field.
 1. Select **Save changes**.
 
diff --git a/doc/user/admin_area/settings/img/file_template_admin_area.png b/doc/user/admin_area/settings/img/file_template_admin_area.png
deleted file mode 100644
index 269d997e1d9..00000000000
--- a/doc/user/admin_area/settings/img/file_template_admin_area.png
+++ /dev/null
diff --git a/doc/user/admin_area/settings/img/file_template_admin_area_v14_0.png b/doc/user/admin_area/settings/img/file_template_admin_area_v14_0.png
new file mode 100644
index 00000000000..33fce8a2b77
--- /dev/null
+++ b/doc/user/admin_area/settings/img/file_template_admin_area_v14_0.png
diff --git a/doc/user/admin_area/settings/instance_template_repository.md b/doc/user/admin_area/settings/instance_template_repository.md
index c8a4c2866ca..8a796435ef8 100644
--- a/doc/user/admin_area/settings/instance_template_repository.md
+++ b/doc/user/admin_area/settings/instance_template_repository.md
@@ -23,7 +23,7 @@ To select a project to serve as the custom template repository:
 1. In the left sidebar, select **Settings > Templates**.
 1. Select the project:
 
-   ![File templates in the Admin Area](img/file_template_admin_area.png)
+   ![File templates in the Admin Area](img/file_template_admin_area_v14_0.png)
 
 1. Add custom templates to the selected repository.
 
diff --git a/doc/user/admin_area/settings/rate_limit_on_issues_creation.md b/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
index 3acfb636a13..ef2b8ad80cd 100644
--- a/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
+++ b/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
@@ -10,7 +10,13 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28129) in GitLab 12.10.
 
 This setting allows you to rate limit the requests to the issue creation endpoint.
-You can change its value in **Admin Area > Settings > Network > Issues Rate Limits**.
+To can change its value:
+
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Network**.
+1. Expand **Issues Rate Limits**.
+1. Under **Max requests per minute per user**, enter the new value.
+1. Select **Save changes**.
 
 For example, if you set a limit of 300, requests using the
 [Projects::IssuesController#create](https://gitlab.com/gitlab-org/gitlab/raw/master/app/controllers/projects/issues_controller.rb)
diff --git a/doc/user/admin_area/settings/rate_limit_on_notes_creation.md b/doc/user/admin_area/settings/rate_limit_on_notes_creation.md
index 67a97d26b34..193f39542cf 100644
--- a/doc/user/admin_area/settings/rate_limit_on_notes_creation.md
+++ b/doc/user/admin_area/settings/rate_limit_on_notes_creation.md
@@ -13,9 +13,11 @@ This setting allows you to rate limit the requests to the note creation endpoint
 
 To change the note creation rate limit:
 
-1. Go to **Admin Area > Settings > Network**.
-1. Expand the **Notes Rate Limits** section.
-1. Enter the new value.
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Network**.
+1. Expand **Notes Rate Limits**.
+1. Under **Max requests per minute per user**, enter the new value.
+1. Optional. Under **List of users to be excluded from the limit**, list users to be excluded fromt the limit.
 1. Select **Save changes**.
 
 This limit is:
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index 8e83ade5608..323a064c3e4 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -11,10 +11,11 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 WARNING:
 Versions of GitLab prior to 14.0 used Clair as the default container scanning engine. GitLab 14.0
-replaces Clair with Trivy and removes Clair from the product. If you run container scanning with the
-default settings, GitLab switches you seamlessly and automatically to Trivy in GitLab 14.0. However,
-if you customized the variables in your container scanning job, you should review the
-[migration guide](#migrating-from-clair-to-trivy) and make any necessary updates.
+removes Clair from the product and replaces it with two new scanners. If you
+run container scanning with the default settings, GitLab switches you seamlessly and automatically
+to Trivy in GitLab 14.0. However, if you customized the variables in your container scanning job,
+you should review the [migration guide](#change-scanners)
+and make any necessary updates.
 
 Your application's Docker image may itself be based on Docker images that contain known
 vulnerabilities. By including an extra job in your pipeline that scans for those vulnerabilities and
@@ -23,6 +24,7 @@ displays them in a merge request, you can use GitLab to audit your Docker-based
 GitLab provides integration with open-source tools for vulnerability static analysis in containers:
 
 - [Trivy](https://github.com/aquasecurity/trivy)
+- [Grype](https://github.com/anchore/grype)
 
 To integrate GitLab with security scanners other than those listed here, see
 [Security scanner integration](../../../development/integrations/secure.md).
@@ -79,8 +81,10 @@ Other changes:
 - GitLab 13.9 [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/322656) integration with
   [Trivy](https://github.com/aquasecurity/trivy) by upgrading `CS_MAJOR_VERSION` from `3` to `4`.
 - GitLab 14.0 [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61850)
-  integration with [Trivy](https://github.com/aquasecurity/trivy)
-  as the default for container scanning.
+  an integration with [Trivy](https://github.com/aquasecurity/trivy)
+  as the default for container scanning, and also [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326279)
+  an integration with [Grype](https://github.com/anchore/grype)
+  as an alternative scanner.
 
 To include the `Container-Scanning.gitlab-ci.yml` template (GitLab 11.9 and later), add the
 following to your `.gitlab-ci.yml` file:
@@ -151,7 +155,7 @@ You can [configure](#customizing-the-container-scanning-settings) analyzers by u
 | `ADDITIONAL_CA_CERT_BUNDLE`    | `""`          | Bundle of CA certs that you want to trust. See [Using a custom SSL CA certificate authority](#using-a-custom-ssl-ca-certificate-authority) for more details. | All |
 | `CI_APPLICATION_REPOSITORY`    | `$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG` | Docker repository URL for the image to be scanned. | All |
 | `CI_APPLICATION_TAG`           | `$CI_COMMIT_SHA` | Docker repository tag for the image to be scanned. | All |
-| `CS_ANALYZER_IMAGE`            | `$SECURE_ANALYZERS_PREFIX/$CS_PROJECT:$CS_MAJOR_VERSION`           | Docker image of the analyzer. | All |
+| `CS_ANALYZER_IMAGE`            | `registry.gitlab.com/security-products/container-scanning:4` | Docker image of the analyzer. | All |
 | `CS_DOCKER_INSECURE`           | `"false"`     | Allow access to secure Docker registries using HTTPS without validating the certificates. | All |
 | `CS_REGISTRY_INSECURE`         | `"false"`     | Allow access to insecure registries (HTTP only). Should only be set to `true` when testing the image locally. | Trivy. The registry must listen on port `80/tcp`. |
 | `CS_SEVERITY_THRESHOLD`        | `UNKNOWN`     | Severity level threshold. The scanner outputs vulnerabilities with severity level higher than or equal to this threshold. Supported levels are Unknown, Low, Medium, High, and Critical. | Trivy |
@@ -165,6 +169,7 @@ You can [configure](#customizing-the-container-scanning-settings) analyzers by u
 
 Support depends on the scanner:
 
+- [Grype](https://github.com/anchore/grype#grype)
 - [Trivy](https://aquasecurity.github.io/trivy/latest/vuln-detection/os/) (Default).
 
 ### Overriding the container scanning template
@@ -189,7 +194,18 @@ GitLab 13.0 and later doesn't support [`only` and `except`](../../../ci/yaml/REA
 When overriding the template, you must use [`rules`](../../../ci/yaml/README.md#rules)
 instead.
 
-### Migrating from Clair to Trivy
+### Change scanners
+
+The container-scanning analyzer can use different scanners, depending on the value of the
+`CS_ANALYZER_IMAGE` configuration variable.
+
+The following options are available:
+
+| Scanner name | `CS_ANALYZER_IMAGE` |
+| ------------ | ------------------- |
+| Default ([Trivy](https://github.com/aquasecurity/trivy)) | `registry.gitlab.com/security-products/container-scanning:4` |
+| [Grype](https://github.com/anchore/grype)                | `registry.gitlab.com/security-products/container-scanning/grype:4` |
+| Trivy                                                    | `registry.gitlab.com/security-products/container-scanning/trivy:4` |
 
 If you're migrating from a GitLab 13.x release to a GitLab 14.x release and have customized the
 `container_scanning` job or its CI variables, you might need to perform these migration steps in
@@ -214,17 +230,16 @@ your CI file:
    complete list of supported variables, see [available variables](#available-cicd-variables).
 
 1. Make any [necessary customizations](#customizing-the-container-scanning-settings)
-   to the `Trivy` scanner. We recommend that you minimize such customizations, as they might require
+   to the chosen scanner. We recommend that you minimize such customizations, as they might require
    changes in future GitLab major releases.
 
 1. Trigger a new run of a pipeline that includes the `container_scanning` job. Inspect the job
    output and ensure that the log messages do not mention Clair.
 
-**Troubleshooting**
-
+NOTE:
 Prior to the GitLab 14.0 release, any variable defined under the scope `container_scanning` is not
-considered for the Trivy scanner. Verify that all variables for Trivy are
-either defined as a global variable, or under `container_scanning`.
+considered for scanners other than Clair. In GitLab 14.0 and later, all variables can be defined
+either as a global variable or under `container_scanning`.
 
 ### Using a custom SSL CA certificate authority
 
@@ -362,14 +377,17 @@ Support for custom certificate authorities was introduced in the following versi
 | Scanner | Version |
 | -------- | ------- |
 | `Trivy` | [4.0.0](https://gitlab.com/gitlab-org/security-products/analyzers/container-scanning/-/releases/4.0.0) |
+| `Grype` | [4.3.0](https://gitlab.com/gitlab-org/security-products/analyzers/container-scanning/-/releases/4.3.0) |
 
 #### Make GitLab container scanning analyzer images available inside your Docker registry
 
-For container scanning, import the following default images from `registry.gitlab.com` into your
+For container scanning, import the following images from `registry.gitlab.com` into your
 [local Docker container registry](../../packages/container_registry/index.md):
 
 ```plaintext
-registry.gitlab.com/security-products/container-scanning
+registry.gitlab.com/security-products/container-scanning:4
+registry.gitlab.com/security-products/container-scanning/grype:4
+registry.gitlab.com/security-products/container-scanning/trivy:4
 ```
 
 The process for importing Docker images into a local offline Docker registry depends on
@@ -410,13 +428,13 @@ following `.gitlab-yml.ci` example as a template.
 ```yaml
 variables:
   SOURCE_IMAGE: registry.gitlab.com/security-products/container-scanning:4
-  TARGET_IMAGE: $CI_REGISTRY/$CI_PROJECT_PATH/gitlab-container-scanning
+  TARGET_IMAGE: $CI_REGISTRY/namespace/gitlab-container-scanning
 
 image: docker:stable
 
 update-scanner-image:
   services:
-    - docker:19-dind
+    - docker:dind
   script:
     - docker pull $SOURCE_IMAGE
     - docker tag $SOURCE_IMAGE $TARGET_IMAGE
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index c11e367a688..e80807b31bf 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -510,8 +510,8 @@ Some analyzers can be customized with CI/CD variables.
 | `SBT_PATH`                  | SpotBugs   | Path to the `sbt` executable.                                                                                                                                                                                                      |
 | `FAIL_NEVER`                | SpotBugs   | Set to `1` to ignore compilation failure.                                                                                                                                                                                          |
 | `SAST_GOSEC_CONFIG`         | Gosec      | **{warning}** **[Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/328301)** in GitLab 14.0 - use custom rulesets instead. Path to configuration for Gosec (optional).                                                                                                                                                                                        |
-| `PHPCS_SECURITY_AUDIT_PHP_EXTENSIONS` | phpcs-security-audit | Comma separated list of additional PHP Extensions.                                                                                                                                                             |
-| `SAST_DISABLE_BABEL`        | NodeJsScan | Disable Babel processing for the NodeJsScan scanner. Set to `true` to disable Babel processing. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/33065) in GitLab 13.2.                                                  
+| `PHPCS_SECURITY_AUDIT_PHP_EXTENSIONS` | phpcs-security-audit | Comma separated list of additional PHP Extensions.                                                                                                                                                             |                                                 
+| `SAST_DISABLE_BABEL`        | NodeJsScan | **{warning}** **[Removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64025)** in GitLab 13.5 |               
 | `SAST_SEMGREP_METRICS` | Semgrep | Set to `"false"` to disable sending anonymized scan metrics to [r2c](https://r2c.dev/). Default: `true`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/330565) in GitLab 14.0.      |
 
 #### Custom CI/CD variables
diff --git a/doc/user/gitlab_com/index.md b/doc/user/gitlab_com/index.md
index 223d3363186..f371de30b88 100644
--- a/doc/user/gitlab_com/index.md
+++ b/doc/user/gitlab_com/index.md
@@ -11,15 +11,15 @@ This page contains information about the settings that are used on
 
 ## SSH host keys fingerprints
 
-Below are the fingerprints for GitLab.com's SSH host keys. The first time you connect
-to a GitLab.com repository, one of these keys is displayed in the output.
+Below are the fingerprints for GitLab.com's SSH host keys. The first time you
+connect to a GitLab.com repository, one of these keys is displayed in the output.
 
-| Algorithm | MD5 (deprecated) | SHA256  |
-| --------- | --- | ------- |
-|  DSA (deprecated)      | `7a:47:81:3a:ee:89:89:64:33:ca:44:52:3d:30:d4:87` | `p8vZBUOR0XQz6sYiaWSMLmh0t9i8srqYKool/Xfdfqw` |
-|  ECDSA    | `f1:d0:fb:46:73:7a:70:92:5a:ab:5d:ef:43:e2:1c:35` | `HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw` |
-|  ED25519  | `2e:65:6a:c8:cf:bf:b2:8b:9a:bd:6d:9f:11:5c:12:16` | `eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8` |
-|  RSA      | `b6:03:0e:39:97:9e:d0:e7:24:ce:a3:77:3e:01:42:09` | `ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ` |
+| Algorithm        | MD5 (deprecated) | SHA256  |
+|------------------|------------------|---------|
+| ED25519          | `2e:65:6a:c8:cf:bf:b2:8b:9a:bd:6d:9f:11:5c:12:16` | `eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8` |
+| RSA              | `b6:03:0e:39:97:9e:d0:e7:24:ce:a3:77:3e:01:42:09` | `ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ` |
+| DSA (deprecated) | `7a:47:81:3a:ee:89:89:64:33:ca:44:52:3d:30:d4:87` | `p8vZBUOR0XQz6sYiaWSMLmh0t9i8srqYKool/Xfdfqw` |
+| ECDSA            | `f1:d0:fb:46:73:7a:70:92:5a:ab:5d:ef:43:e2:1c:35` | `HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw` |
 
 ## SSH `known_hosts` entries
 
@@ -34,32 +34,40 @@ gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAA
 
 ## Mail configuration
 
-GitLab.com sends emails from the `mg.gitlab.com` domain via [Mailgun](https://www.mailgun.com/) and has
-its own dedicated IP address (`192.237.158.143`).
+GitLab.com sends emails from the `mg.gitlab.com` domain by using [Mailgun](https://www.mailgun.com/),
+and has its own dedicated IP address (`192.237.158.143`).
 
-NOTE:
 The IP address for `mg.gitlab.com` is subject to change at any time.
 
 ## Backups
 
 [See our backup strategy](https://about.gitlab.com/handbook/engineering/infrastructure/production/#backups).
 
-There are several ways to perform backups of your content on GitLab.com.
+To back up an entire project on GitLab.com, you can export it either:
 
-Projects can be backed up in their entirety by exporting them either [through the UI](../project/settings/import_export.md) or [API](../../api/project_import_export.md#schedule-an-export), the latter of which can be used to programmatically upload exports to a storage platform such as AWS S3.
+- [Through the UI](../project/settings/import_export.md).
+- [Through the API](../../api/project_import_export.md#schedule-an-export). You
+  can also use the API to programmatically upload exports to a storage platform,
+  such as Amazon S3.
 
-With exports, be sure to take note of [what is and is not](../project/settings/import_export.md#exported-contents), included in a project export.
+With exports, be aware of [what is and is not](../project/settings/import_export.md#exported-contents)
+included in a project export.
 
-Since GitLab is built on Git, you can back up **just** the repository of a project by [cloning](../../gitlab-basics/start-using-git.md#clone-a-repository) it to another machine. Similarly, if you need to back up just the wiki of a repository it can also be cloned and all files uploaded to that wiki are included [if they were uploaded after 2020-08-22](../project/wiki/index.md#create-a-new-wiki-page).
+GitLab is built on Git, so you can back up just the repository of a project by
+[cloning](../../gitlab-basics/start-using-git.md#clone-a-repository) it to
+another computer.
+Similarly, you can clone a project's wiki to back it up. All files
+[uploaded after August 22, 2020](../project/wiki/index.md#create-a-new-wiki-page)
+are included when cloning.
 
 ## Alternative SSH port
 
-GitLab.com can be reached via a [different SSH port](https://about.gitlab.com/blog/2016/02/18/gitlab-dot-com-now-supports-an-alternate-git-plus-ssh-port/) for `git+ssh`.
+GitLab.com can be reached by using a [different SSH port](https://about.gitlab.com/blog/2016/02/18/gitlab-dot-com-now-supports-an-alternate-git-plus-ssh-port/) for `git+ssh`.
 
-| Setting     | Value               |
-| ---------   | ------------------- |
-| `Hostname`  | `altssh.gitlab.com` |
-| `Port`      | `443`               |
+| Setting    | Value               |
+|------------|---------------------|
+| `Hostname` | `altssh.gitlab.com` |
+| `Port`     | `443`               |
 
 An example `~/.ssh/config` is the following:
 
@@ -76,26 +84,26 @@ Host gitlab.com
 
 Below are the settings for [GitLab Pages](https://about.gitlab.com/stages-devops-lifecycle/pages/).
 
-| Setting                     | GitLab.com        | Default       |
-| --------------------------- | ----------------  | ------------- |
-| Domain name                 | `gitlab.io`       | -             |
-| IP address                  | `35.185.44.232`   | -             |
-| Custom domains support      | yes               | no            |
-| TLS certificates support    | yes               | no            |
-| Maximum size (compressed) | 1G                | 100M          |
+| Setting                   | GitLab.com             | Default                |
+|---------------------------|------------------------|------------------------|
+| Domain name               | `gitlab.io`            | -                      |
+| IP address                | `35.185.44.232`        | -                      |
+| Custom domains support    | **{check-circle}** Yes | **{dotted-circle}** No |
+| TLS certificates support  | **{check-circle}** Yes | **{dotted-circle}** No |
+| Maximum size (compressed) | 1 GB                   | 100 MB                 |
 
-NOTE:
-The maximum size of your Pages site is regulated by the artifacts maximum size
+The maximum size of your Pages site is regulated by the artifacts maximum size,
 which is part of [GitLab CI/CD](#gitlab-cicd).
 
 ## GitLab CI/CD
 
 Below are the current settings regarding [GitLab CI/CD](../../ci/README.md).
-Any settings or feature limits not listed here are using the defaults listed in the related documentation.
+Any settings or feature limits not listed here are using the defaults listed in
+the related documentation.
 
-| Setting                 | GitLab.com        | Default       |
-| -----------             | ----------------- | ------------- |
-| Artifacts maximum size (compressed) | 1G                | 100M          |
+| Setting                             | GitLab.com | Default |
+|-------------------------------------|------------|---------|
+| Artifacts maximum size (compressed) | 1 GB       | 100 MB  |
 | Artifacts [expiry time](../../ci/yaml/README.md#artifactsexpire_in)   | From June 22, 2020, deleted after 30 days unless otherwise specified (artifacts created before that date have no expiry).           | deleted after 30 days unless otherwise specified    |
 | Scheduled Pipeline Cron | `*/5 * * * *` | `3-59/10 * * * *` |
 | [Max jobs in active pipelines](../../administration/instance_limits.md#number-of-jobs-in-active-pipelines) | `500` for Free tier, unlimited otherwise | Unlimited |
@@ -107,19 +115,22 @@ Any settings or feature limits not listed here are using the defaults listed in
 
 ## Account and limit settings
 
-GitLab.com has the following [account limits](../admin_area/settings/account_and_limit_settings.md) enabled. If a setting is not listed, it is set to the default value.
+GitLab.com has the following [account limits](../admin_area/settings/account_and_limit_settings.md)
+enabled. If a setting is not listed, it is set to the default value.
 
-If you are near
-or over the repository size limit, you can [reduce your repository size with Git](../project/repository/reducing_the_repo_size_using_git.md).
+If you are near or over the repository size limit, you can
+[reduce your repository size with Git](../project/repository/reducing_the_repo_size_using_git.md).
 
-| Setting                       | GitLab.com  | Default       |
-| -----------                   | ----------- | ------------- |
+| Setting                       | GitLab.com | Default |
+|-------------------------------|------------|---------|
 | [Repository size including LFS](../admin_area/settings/account_and_limit_settings.md#repository-size-limit) | 10 GB       | Unlimited     |
-| Maximum import size           | 5 GB        | Unlimited ([Modified](https://gitlab.com/gitlab-org/gitlab/-/issues/251106) from 50MB to unlimited in GitLab 13.8.    |
-| Maximum attachment size       | 10 MB      |     10 MB   | 
+| Maximum import size           | 5 GB       | Unlimited ([Modified](https://gitlab.com/gitlab-org/gitlab/-/issues/251106) from 50MB to unlimited in GitLab 13.8.    |
+| Maximum attachment size       | 10 MB      | 10 MB   |
 
 NOTE:
-`git push` and GitLab project imports are limited to 5 GB per request through Cloudflare. Git LFS and imports other than a file upload are not affected by this limit.
+`git push` and GitLab project imports are limited to 5 GB per request through
+Cloudflare. Git LFS and imports other than a file upload are not affected by
+this limit.
 
 ## IP range
 
@@ -129,17 +140,16 @@ from those IPs and allow them.
 
 GitLab.com is fronted by Cloudflare. For incoming connections to GitLab.com you might need to allow CIDR blocks of Cloudflare ([IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6)).
 
-For outgoing connections from CI/CD runners we are not providing static IP addresses.
-All our runners are deployed into Google Cloud Platform (GCP) - any IP based
-firewall can be configured by looking up all
+For outgoing connections from CI/CD runners, we are not providing static IP
+addresses. All GitLab runners are deployed into Google Cloud Platform (GCP). Any
+IP-based firewall can be configured by looking up all
 [IP address ranges or CIDR blocks for GCP](https://cloud.google.com/compute/docs/faq#find_ip_range).
 
 ## Hostname list
 
-To configure allow-lists in local HTTP(S) proxies, or other
-web-blocking software that govern end-user machines,
-pages on GitLab.com will attempt to load content from
-the following hostnames:
+Add these hostnames when you configure allow-lists in local HTTP(S) proxies,
+or other web-blocking software that governs end-user computers. Pages on
+GitLab.com load content from these hostnames:
 
 - `gitlab.com`
 - `*.gitlab.com`
@@ -147,19 +157,18 @@ the following hostnames:
 - `*.gitlab.io`
 - `*.gitlab.net`
 
-Documentation and Company pages served over `docs.gitlab.com`
-and `about.gitlab.com` will attempt to also load certain page
-content directly from common public CDN hostnames.
+Documentation and Company pages served over `docs.gitlab.com` and `about.gitlab.com`
+also load certain page content directly from common public CDN hostnames.
 
 ## Webhooks
 
 The following limits apply for [Webhooks](../project/integrations/webhooks.md):
 
-| Setting | GitLab.com | Default |
-| ------- | ---------- | ------- |
-| [Webhook rate limit](../../administration/instance_limits.md#webhook-rate-limit) | `120` calls per minute for Free tier, unlimited for all paid tiers | Unlimited
-| [Number of webhooks](../../administration/instance_limits.md#number-of-webhooks) | `100` per-project, `50` per-group | `100` per-project, `50` per-group
-| Maximum payload size | `25 MB` | `25 MB`
+| Setting              | GitLab.com | Default |
+|----------------------|------------|---------|
+| [Webhook rate limit](../../administration/instance_limits.md#webhook-rate-limit) | `120` calls per minute for GitLab Free, unlimited for GitLab Premium and GitLab Ultimate | Unlimited |
+| [Number of webhooks](../../administration/instance_limits.md#number-of-webhooks) | `100` per project, `50` per group | `100` per project, `50` per group |
+| Maximum payload size | 25 MB      | 25 MB   |
 
 ## Shared runners
 
@@ -172,15 +181,15 @@ For more information, see [choosing a runner](../../ci/runners/README.md).
 GitLab.com runs [Sidekiq](https://sidekiq.org) with arguments `--timeout=4 --concurrency=4`
 and the following environment variables:
 
-| Setting                                    | GitLab.com | Default   |
-|--------                                    |----------- |--------   |
-| `SIDEKIQ_DAEMON_MEMORY_KILLER`             | -          | `1`       |
-| `SIDEKIQ_MEMORY_KILLER_MAX_RSS`            | `2000000`  | `2000000` |
-| `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS`     | -          | -         |
-| `SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL`     | -          | `3`       |
-| `SIDEKIQ_MEMORY_KILLER_GRACE_TIME`         | -          | `900`     |
-| `SIDEKIQ_MEMORY_KILLER_SHUTDOWN_WAIT`      | -          | `30`      |
-| `SIDEKIQ_LOG_ARGUMENTS`                    | `1`        | `1`       |
+| Setting                                | GitLab.com | Default   |
+|----------------------------------------|------------|-----------|
+| `SIDEKIQ_DAEMON_MEMORY_KILLER`         | -          | `1`       |
+| `SIDEKIQ_MEMORY_KILLER_MAX_RSS`        | `2000000`  | `2000000` |
+| `SIDEKIQ_MEMORY_KILLER_HARD_LIMIT_RSS` | -          | -         |
+| `SIDEKIQ_MEMORY_KILLER_CHECK_INTERVAL` | -          | `3`       |
+| `SIDEKIQ_MEMORY_KILLER_GRACE_TIME`     | -          | `900`     |
+| `SIDEKIQ_MEMORY_KILLER_SHUTDOWN_WAIT`  | -          | `30`      |
+| `SIDEKIQ_LOG_ARGUMENTS`                | `1`        | `1`       |
 
 NOTE:
 The `SIDEKIQ_MEMORY_KILLER_MAX_RSS` setting is `16000000` on Sidekiq import
@@ -228,11 +237,8 @@ The list of GitLab.com specific settings (and their defaults) is as follows:
 | `idle_in_transaction_session_timeout` | 60s                                                                 | 60s                                   |
 
 Some of these settings are in the process being adjusted. For example, the value
-for `shared_buffers` is quite high and as such we are looking into adjusting it.
-More information on this particular change can be found at
-<https://gitlab.com/gitlab-com/infrastructure/-/issues/1555>. An up to date list
-of proposed changes can be found at
-<https://gitlab.com/gitlab-com/infrastructure/-/issues?scope=all&state=opened&label_name[]=database&label_name[]=change>.
+for `shared_buffers` is quite high, and we are
+[considering adjusting it](https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/4985).
 
 ## Puma
 
@@ -282,16 +288,18 @@ paths that exceed 10 requests per **minute** per IP address.
 See the source below for which paths are protected. This includes user creation,
 user confirmation, user sign in, and password reset.
 
-[User and IP rate limits](../admin_area/settings/user_and_ip_rate_limits.md#response-headers) includes a list of the headers responded to blocked requests.
+[User and IP rate limits](../admin_area/settings/user_and_ip_rate_limits.md#response-headers)
+includes a list of the headers responded to blocked requests.
 
 See [Protected Paths](../admin_area/settings/protected_paths.md) for more details.
 
 ### IP blocks
 
 IP blocks can occur when GitLab.com receives unusual traffic from a single
-IP address that the system views as potentially malicious, based on rate limit
-settings. After the unusual traffic ceases, the IP address is automatically
-released depending on the type of block, as described in a following section.
+IP address that the system views as potentially malicious. This can be based on
+rate limit settings. After the unusual traffic ceases, the IP address is
+automatically released depending on the type of block, as described in a
+following section.
 
 If you receive a `403 Forbidden` error for all requests to GitLab.com,
 check for any automated processes that may be triggering a block. For
@@ -309,8 +317,8 @@ This applies only to Git requests and container registry (`/jwt/auth`) requests
 This limit:
 
 - Is reset by requests that authenticate successfully. For example, 29
-  failed authentication requests followed by 1 successful request, followed by 29
-  more failed authentication requests would not trigger a ban.
+  failed authentication requests followed by 1 successful request, followed by
+  29 more failed authentication requests would not trigger a ban.
 - Does not apply to JWT requests authenticated by `gitlab-ci-token`.
 
 No response headers are provided.
@@ -326,33 +334,42 @@ doesn't return the following headers:
 
 ### Visibility settings
 
-On GitLab.com, projects, groups, and snippets created
-As of GitLab 12.2 (July 2019), projects, groups, and snippets have the
-[**Internal** visibility](../../public_access/public_access.md#internal-projects) setting [disabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/12388).
+If created before GitLab 12.2 (July 2019), these items have the
+[Internal visibility](../../public_access/public_access.md#internal-projects)
+setting [disabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/12388):
+
+- Projects
+- Groups
+- Snippets
 
 ### SSH maximum number of connections
 
-GitLab.com defines the maximum number of concurrent, unauthenticated SSH connections by
-using the [MaxStartups setting](http://man.openbsd.org/sshd_config.5#MaxStartups).
-If more than the maximum number of allowed connections occur concurrently, they are
-dropped and users get
+GitLab.com defines the maximum number of concurrent, unauthenticated SSH
+connections by using the [MaxStartups setting](http://man.openbsd.org/sshd_config.5#MaxStartups).
+If more than the maximum number of allowed connections occur concurrently, they
+are dropped and users get
 [an `ssh_exchange_identification` error](../../topics/git/troubleshooting_git.md#ssh_exchange_identification-error).
 
 ### Import/export
 
-To help avoid abuse, project and group imports, exports, and export downloads are rate limited. See [Project import/export rate limits](../../user/project/settings/import_export.md#rate-limits) and [Group import/export rate limits](../../user/group/settings/import_export.md#rate-limits) for details.
+To help avoid abuse, project and group imports, exports, and export downloads
+are rate limited. See [Project import/export rate limits](../../user/project/settings/import_export.md#rate-limits) and [Group import/export rate limits](../../user/group/settings/import_export.md#rate-limits)
+for details.
 
 ### Non-configurable limits
 
-See [non-configurable limits](../../security/rate_limits.md#non-configurable-limits) for information on
-rate limits that are not configurable, and therefore also used on GitLab.com.
+See [non-configurable limits](../../security/rate_limits.md#non-configurable-limits)
+for information on rate limits that are not configurable, and therefore also
+used on GitLab.com.
 
 ## GitLab.com Logging
 
-We use [Fluentd](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#fluentd) to parse our logs. Fluentd sends our logs to
-[Stackdriver Logging](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#stackdriver) and [Cloud Pub/Sub](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#cloud-pubsub).
-Stackdriver is used for storing logs long-term in Google Cold Storage (GCS). Cloud Pub/Sub
-is used to forward logs to an [Elastic cluster](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#elastic) using [`pubsubbeat`](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#pubsubbeat-vms).
+We use [Fluentd](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#fluentd)
+to parse our logs. Fluentd sends our logs to
+[Stackdriver Logging](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#stackdriver)
+and [Cloud Pub/Sub](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#cloud-pubsub).
+Stackdriver is used for storing logs long-term in Google Cold Storage (GCS).
+Cloud Pub/Sub is used to forward logs to an [Elastic cluster](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#elastic) using [`pubsubbeat`](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#pubsubbeat-vms).
 
 You can view more information in our runbooks such as:
 
diff --git a/doc/user/group/epics/epic_boards.md b/doc/user/group/epics/epic_boards.md
index 2f9dc27d87f..c31b0c7f78a 100644
--- a/doc/user/group/epics/epic_boards.md
+++ b/doc/user/group/epics/epic_boards.md
@@ -25,7 +25,7 @@ To view an epic board, in a group, select **Epics > Boards**.
 
 Prerequisites:
 
-- A minimum of [Reporter](../../permissions.md#group-members-permissions) access to a group in GitLab.
+- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
 
 To create a new epic board:
 
@@ -49,7 +49,7 @@ To change these options later, [edit the board](#edit-the-scope-of-an-epic-board
 
 Prerequisites:
 
-- A minimum of [Reporter](../../permissions.md#group-members-permissions) access to a group in GitLab.
+- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
 - A minimum of two boards present in a group.
 
 To delete the active epic board:
@@ -73,7 +73,7 @@ To delete the active epic board:
 
 Prerequisites:
 
-- A minimum of [Reporter](../../permissions.md#group-members-permissions) access to a group in GitLab.
+- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
 
 To create a new list:
 
@@ -90,7 +90,7 @@ list view that's removed. You can always create it again later if you need.
 
 Prerequisites:
 
-- A minimum of [Reporter](../../permissions.md#group-members-permissions) access to a group in GitLab.
+- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
 
 To remove a list from an epic board:
 
@@ -120,7 +120,7 @@ You can move epics and lists by dragging them.
 
 Prerequisites:
 
-- A minimum of [Reporter](../../permissions.md#group-members-permissions) access to a group in GitLab.
+- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
 
 To move an epic, select the epic card and drag it to another position in its current list or
 into another list. Learn about possible effects in [Dragging epics between lists](#dragging-epics-between-lists).
@@ -143,7 +143,7 @@ and the target list.
 
 Prerequisites:
 
-- A minimum of [Reporter](../../permissions.md#group-members-permissions) access to a group in GitLab.
+- You must have at least the [Reporter role](../../permissions.md#group-members-permissions) for a group.
 
 To edit the scope of an epic board:
 
diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md
index 9d65c5d37ad..d6e86e64e78 100644
--- a/doc/user/packages/container_registry/index.md
+++ b/doc/user/packages/container_registry/index.md
@@ -488,6 +488,10 @@ Cleanup policies can be run on all projects, with these exceptions:
   Feature.disable(:container_expiration_policies_historic_entry, Project.find(<project id>))
   ```
 
+WARNING:
+For performance reasons, enabled cleanup policies are automatically disabled for projects on
+GitLab.com that don't have a container image.
+
 ### How the cleanup policy works
 
 The cleanup policy collects all tags in the Container Registry and excludes tags
diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md
index 97296d22dd9..8dd8ed52dd7 100644
--- a/doc/user/project/clusters/index.md
+++ b/doc/user/project/clusters/index.md
@@ -31,7 +31,7 @@ Besides integration at the project level, Kubernetes clusters can also be
 integrated at the [group level](../../group/clusters/index.md) or
 [GitLab instance level](../../instance/clusters/index.md).
 
-To view your project level Kubernetes clusters, navigate to **Infrastructure > Kubernetes**
+To view your project level Kubernetes clusters, navigate to **Infrastructure > Kubernetes clusters**
 from your project. On this page, you can [add a new cluster](#adding-and-removing-clusters)
 and view information about your existing clusters, such as:
 
@@ -187,7 +187,7 @@ your cluster. This can cause deployment jobs to fail.
 
 To clear the cache:
 
-1. Navigate to your project's **Infrastructure > Kubernetes** page, and select your cluster.
+1. Navigate to your project's **Infrastructure > Kubernetes clusters** page, and select your cluster.
 1. Expand the **Advanced settings** section.
 1. Click **Clear cluster cache**.
 
diff --git a/doc/user/project/description_templates.md b/doc/user/project/description_templates.md
index d2897c7310e..711d7f561e4 100644
--- a/doc/user/project/description_templates.md
+++ b/doc/user/project/description_templates.md
@@ -116,12 +116,13 @@ Only instance administrators can set instance-level templates.
 
 To set the instance-level description template repository:
 
-1. Select the **Admin Area** icon (**{admin}**).
-1. Go to **Settings > Templates**.
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Templates**.
+1. Expand **Templates**
 1. From the dropdown, select your template project as the template repository at instance level.
 1. Select **Save changes**.
 
-![Setting templates in the Admin Area](../admin_area/settings/img/file_template_admin_area.png)
+![Setting templates in the Admin Area](../admin_area/settings/img/file_template_admin_area_v14_0.png)
 
 Learn more about [instance template repository](../admin_area/settings/instance_template_repository.md).
 
diff --git a/doc/user/project/merge_requests/approvals/settings.md b/doc/user/project/merge_requests/approvals/settings.md
index 97e4b7da396..b72a4125d0e 100644
--- a/doc/user/project/merge_requests/approvals/settings.md
+++ b/doc/user/project/merge_requests/approvals/settings.md
@@ -34,7 +34,7 @@ on merge requests, you can disable this setting:
 1. Select the **Prevent users from modifying MR approval rules in merge requests** checkbox.
 1. Select **Save changes**.
 
-TODO This change affects all open merge requests.
+This change affects all open merge requests.
 
 ## Reset approvals on push
 
diff --git a/doc/user/project/time_tracking.md b/doc/user/project/time_tracking.md
index 3c9b0341661..b7fd14ae74b 100644
--- a/doc/user/project/time_tracking.md
+++ b/doc/user/project/time_tracking.md
@@ -109,8 +109,15 @@ Default conversion rates are 1mo = 4w, 1w = 5d and 1d = 8h.
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/29469/) in GitLab 12.1.
 
-In GitLab self-managed instances, the display of time units can be limited to
-hours through the option in **Admin Area > Settings > Preferences** under **Localization**.
+In GitLab self-managed instances, you can limit the display of time units to
+hours.
+To do so:
+
+1. On the top bar, select **Menu >** **{admin}** **Admin**.
+1. On the left sidebar, select **Settings > Preferences**.
+1. Expand **Localization**.
+1. Under **Time tracking**, select the **Limit display of time tracking units to hours** checkbox.
+1. Select **Save changes**.
 
 With this option enabled, `75h` is displayed instead of `1w 4d 3h`.
 
diff --git a/doc/user/shortcuts.md b/doc/user/shortcuts.md
index 6abbb128f49..37e89dd54db 100644
--- a/doc/user/shortcuts.md
+++ b/doc/user/shortcuts.md
@@ -81,7 +81,7 @@ relatively quickly to work, and they take you to another page in the project.
 | <kbd>g</kbd> + <kbd>j</kbd> | Go to the CI/CD jobs list (**CI/CD > Jobs**). |
 | <kbd>g</kbd> + <kbd>l</kbd> | Go to the project metrics (**Monitor > Metrics**). |
 | <kbd>g</kbd> + <kbd>e</kbd> | Go to the project environments (**Deployments > Environments**). |
-| <kbd>g</kbd> + <kbd>k</kbd> | Go to the project Kubernetes cluster integration page (**Infrastructure > Kubernetes**). Note that you must have at least [`maintainer` permissions](permissions.md) to access this page. |
+| <kbd>g</kbd> + <kbd>k</kbd> | Go to the project Kubernetes cluster integration page (**Infrastructure > Kubernetes clusters**). Note that you must have at least [`maintainer` permissions](permissions.md) to access this page. |
 | <kbd>g</kbd> + <kbd>s</kbd> | Go to the project snippets list (**Snippets**). |
 | <kbd>g</kbd> + <kbd>w</kbd> | Go to the project wiki (**Wiki**), if enabled. |