Add latest changes from gitlab-org/gitlab@master

6 files changed, 17 insertions, 8 deletions

diff --git a/doc/user/application_security/get-started-security.md b/doc/user/application_security/get-started-security.md
index fd6829f5ae2..6143dd59373 100644
--- a/doc/user/application_security/get-started-security.md
+++ b/doc/user/application_security/get-started-security.md
@@ -32,7 +32,7 @@ After you've gotten familiar with how scanning works, you can then choose to:
      You could create a copy of a higher-traffic project for testing, or select a project that's not as busy.
 1. Create a merge request to [enable Secret Detection](secret_detection/index.md#enable-secret-detection) and [enable Dependency Scanning](dependency_scanning/index.md#configuration)
    to identify any leaked secrets and vulnerable packages in that project.
-   - Security scanners run in your project's [CI/CD pipelines](../../ci/pipelines/index.md). Creating a merge request to update your [`.gitlab-ci.yml`](../../ci/yaml/gitlab_ci_yaml.md) helps you check how the scanners work with your project before they start running in every pipeline. In the merge request, you can change relevant [Secret Detection settings](secret_detection/index.md#configure-scan-settings) or [Dependency Scanning settings](dependency_scanning/index.md#available-cicd-variables) to accommodate your project's layout or configuration. For example, you might choose to exclude a directory of third-party code from scanning.
+   - Security scanners run in your project's [CI/CD pipelines](../../ci/pipelines/index.md). Creating a merge request to update your [`.gitlab-ci.yml`](../../ci/index.md#the-gitlab-ciyml-file) helps you check how the scanners work with your project before they start running in every pipeline. In the merge request, you can change relevant [Secret Detection settings](secret_detection/index.md#configure-scan-settings) or [Dependency Scanning settings](dependency_scanning/index.md#available-cicd-variables) to accommodate your project's layout or configuration. For example, you might choose to exclude a directory of third-party code from scanning.
    - After you merge this MR to your [default branch](../project/repository/branches/default.md), the system creates a baseline scan. This scan identifies which vulnerabilities already exist on the default branch so [merge requests](../project/merge_requests/index.md) can highlight only newly-introduced problems. Without a baseline scan, merge requests display every
    vulnerability in the branch, even if the vulnerability already exists on the default branch.
 1. Let your team get comfortable with [viewing security findings in merge requests](index.md#view-security-scan-information) and the [vulnerability report](vulnerability_report/index.md).
diff --git a/doc/user/clusters/agent/gitops/example_repository_structure.md b/doc/user/clusters/agent/gitops/example_repository_structure.md
index 02eea3300af..52855b9731c 100644
--- a/doc/user/clusters/agent/gitops/example_repository_structure.md
+++ b/doc/user/clusters/agent/gitops/example_repository_structure.md
@@ -96,7 +96,7 @@ You've successfully created a repository with a protected deployment branch!
 
 Next, you'll configure CI/CD to merge changes from the default branch to your deployment branch.
 
-In the root of `web-app-manifests`, create and push a [`.gitlab-ci.yml`](../../../../ci/yaml/gitlab_ci_yaml.md) file with the following contents:
+In the root of `web-app-manifests`, create and push a [`.gitlab-ci.yml`](../../../../ci/index.md#the-gitlab-ciyml-file) file with the following contents:
 
    ```yaml
    deploy:
diff --git a/doc/user/clusters/agent/gitops/flux_oci_tutorial.md b/doc/user/clusters/agent/gitops/flux_oci_tutorial.md
index b970c818a72..2c4796adf2b 100644
--- a/doc/user/clusters/agent/gitops/flux_oci_tutorial.md
+++ b/doc/user/clusters/agent/gitops/flux_oci_tutorial.md
@@ -65,7 +65,7 @@ First, create a repository for your Kubernetes manifests:
 Next, configure [GitLab CI/CD](../../../../ci/index.md) to package your manifests into an OCI artifact,
 and push the artifact to the [GitLab Container Registry](../../../packages/container_registry/index.md):
 
-1. In the root of `web-app-manifests`, create and push a [`.gitlab-ci.yml`](../../../../ci/yaml/gitlab_ci_yaml.md) file with the following contents:
+1. In the root of `web-app-manifests`, create and push a [`.gitlab-ci.yml`](../../../../ci/index.md#the-gitlab-ciyml-file) file with the following contents:
 
    ```yaml
    package:
diff --git a/doc/user/clusters/agent/install/index.md b/doc/user/clusters/agent/install/index.md
index d620a9f658c..221270b69f6 100644
--- a/doc/user/clusters/agent/install/index.md
+++ b/doc/user/clusters/agent/install/index.md
@@ -76,7 +76,7 @@ In GitLab 14.10, a [flag](../../../../administration/feature_flags.md) named `ce
 Prerequisites:
 
 - For a [GitLab CI/CD workflow](../ci_cd_workflow.md), ensure that
-  [GitLab CI/CD is not disabled](../../../../ci/enable_or_disable_ci.md#disable-cicd-in-a-project).
+  [GitLab CI/CD is not disabled](../../../../ci/index.md#disable-gitlab-cicd-in-a-project).
 
 You must register an agent before you can install the agent in your cluster. To register an agent:
 
diff --git a/doc/user/clusters/agent/vulnerabilities.md b/doc/user/clusters/agent/vulnerabilities.md
index 4c6d4a9740b..e57551fc8c1 100644
--- a/doc/user/clusters/agent/vulnerabilities.md
+++ b/doc/user/clusters/agent/vulnerabilities.md
@@ -39,7 +39,7 @@ Other elements of the [CRON syntax](https://docs.oracle.com/cd/E12058_01/doc/doc
 NOTE:
 The CRON expression is evaluated in [UTC](https://www.timeanddate.com/worldclock/timezone/utc) using the system-time of the Kubernetes-agent pod.
 
-By default, operational container scanning does not scan any workloads for vulnerabilities. 
+By default, operational container scanning does not scan any workloads for vulnerabilities.
 You can set the `vulnerability_report` block with the `namespaces`
 field which can be used to select which namespaces are scanned. For example,
 if you would like to scan only the `default`, `kube-system` namespaces, you can use this configuration:
@@ -112,13 +112,15 @@ You can customize it with a `resource_requirements` field.
 container_scanning:
   resource_requirements:
     requests:
-      cpu: 200m
+      cpu: '0.2'
       memory: 200Mi
     limits:
-      cpu: 700m
+      cpu: '0.7'
       memory: 700Mi
 ```
 
+When using a fractional value for CPU, format the value as a string.
+
 NOTE:
 Resource requirements can only be set up using the agent configuration. If you enabled `Operational Container Scanning` through `scan execution policies`, you would need to define the resource requirements within the agent configuration file.
 
@@ -143,3 +145,10 @@ You must have at least the Developer role.
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415451) in GitLab 16.4.
 
 To scan private images, the scanner relies on the image pull secrets (direct references and from the service account) to pull the image.
+
+## Troubleshooting
+
+### `Error running Trivy scan. Container terminated reason: OOMKilled`
+
+OCS might fail with an OOM error if there are too many resources to be scanned or if the images being scanned are large.
+To resolve this, [configure the resource requirement](#configure-scanner-resource-requirements) to increase the amount of memory available.
diff --git a/doc/user/project/merge_requests/merge_when_pipeline_succeeds.md b/doc/user/project/merge_requests/merge_when_pipeline_succeeds.md
index 699c79806f0..7994dd30046 100644
--- a/doc/user/project/merge_requests/merge_when_pipeline_succeeds.md
+++ b/doc/user/project/merge_requests/merge_when_pipeline_succeeds.md
@@ -79,7 +79,7 @@ merge. This configuration works for both:
 - GitLab CI/CD pipelines.
 - Pipelines run from an [external CI integration](../integrations/index.md#available-integrations).
 
-As a result, [disabling GitLab CI/CD pipelines](../../../ci/enable_or_disable_ci.md#disable-cicd-in-a-project)
+As a result, [disabling GitLab CI/CD pipelines](../../../ci/index.md#disable-gitlab-cicd-in-a-project)
 does not disable this feature, but you can use pipelines from external
 CI providers with it.