Add latest changes from gitlab-org/gitlab@master

13 files changed, 169 insertions, 21 deletions

diff --git a/doc/user/application_security/sast/analyzers.md b/doc/user/application_security/sast/analyzers.md
index 15412473ab1..1f0b461c91b 100644
--- a/doc/user/application_security/sast/analyzers.md
+++ b/doc/user/application_security/sast/analyzers.md
@@ -68,6 +68,10 @@ the official analyzers.
 
 ### Selecting specific analyzers
 
+WARNING:
+`SAST_DEFAULT_ANALYZERS` is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50872) in GitLab 13.8,
+and is scheduled for [removal in GitLab 14.0](https://gitlab.com/gitlab-org/gitlab/-/issues/290777).
+
 You can select the official analyzers you want to run. Here's how to enable
 `bandit` and `flawfinder` while disabling all the other default ones.
 In `.gitlab-ci.yml` define:
@@ -83,9 +87,9 @@ variables:
 `bandit` runs first. When merging the reports, SAST
 removes the duplicates and keeps the `bandit` entries.
 
-### Disabling default analyzers
+### Disabling all default analyzers
 
-Setting `SAST_DEFAULT_ANALYZERS` to an empty string disables all the official
+Setting `SAST_DISABLED` to `true` disables all the official
 default analyzers. In `.gitlab-ci.yml` define:
 
 ```yaml
@@ -93,11 +97,25 @@ include:
   - template: Security/SAST.gitlab-ci.yml
 
 variables:
-  SAST_DEFAULT_ANALYZERS: ""
+  SAST_DISABLED: true
 ```
 
 That's needed when one totally relies on [custom analyzers](#custom-analyzers).
 
+### Disabling specific default analyzers
+
+Set `SAST_EXCLUDED_ANALYZERS` to a comma-delimited string that includes the official
+default analyzers that you want to avoid running. In `.gitlab-ci.yml` define the
+following to prevent the `eslint` analyzer from running:
+
+```yaml
+include:
+  - template: Security/SAST.gitlab-ci.yml
+
+variables:
+  SAST_EXCLUDED_ANALYZERS: "eslint"
+```
+
 ## Custom Analyzers
 
 You can provide your own analyzers by
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 49f04251c44..59887c95c67 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -431,7 +431,8 @@ The following are Docker image-related variables.
 |---------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
 | `SECURE_ANALYZERS_PREFIX` | Override the name of the Docker registry providing the default images (proxy). Read more about [customizing analyzers](analyzers.md). |
 | `SAST_ANALYZER_IMAGE_TAG` | **DEPRECATED:** Override the Docker tag of the default images. Read more about [customizing analyzers](analyzers.md).                 |
-| `SAST_DEFAULT_ANALYZERS`  | Override the names of default images. Read more about [customizing analyzers](analyzers.md).                                          |
+| `SAST_DEFAULT_ANALYZERS`  | **DEPRECATED:** Override the names of default images. Scheduled for [removal in GitLab 14.0](https://gitlab.com/gitlab-org/gitlab/-/issues/290777).                          |
+| `SAST_EXCLUDED_ANALYZERS` | Names of default images that should never run. Read more about [customizing analyzers](analyzers.md).                                 |
 
 #### Vulnerability filters
 
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md
index 8f57e2c5535..0ae038924ec 100644
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -53,6 +53,7 @@ The [default ruleset provided by Gitleaks](https://gitlab.com/gitlab-org/securit
   - Twitter API
 - Cloud SaaS vendors:
   - GitHub API
+  - Shopify API
   - Slack Token
   - Slack Webhook
   - Stripe API
diff --git a/doc/user/group/index.md b/doc/user/group/index.md
index 74406d3e5cf..069dea40ba5 100644
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -460,7 +460,7 @@ and above.
 There are a few limitations compared to project wikis:
 
 - Git LFS is not supported.
-- Group wikis are not included in global search, group exports, backups, and Geo replication.
+- Group wikis are not included in global search, group exports, and Geo replication.
 - Changes to group wikis don't show up in the group's activity feed.
 - Group wikis [can't be moved](../../api/project_repository_storage_moves.md#limitations) using the project
   repository moves API.
diff --git a/doc/user/packages/composer_repository/index.md b/doc/user/packages/composer_repository/index.md
index 5e60f919efd..6159ea395fa 100644
--- a/doc/user/packages/composer_repository/index.md
+++ b/doc/user/packages/composer_repository/index.md
@@ -272,6 +272,6 @@ Output indicates that the package has been successfully installed.
 
 WARNING:
 Never commit the `auth.json` file to your repository. To install packages from a CI/CD job,
-consider using the [`composer config`](https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md#authentication) tool with your personal access token
+consider using the [`composer config`](https://getcomposer.org/doc/articles/handling-private-packages.md#satis) tool with your personal access token
 stored in a [GitLab CI/CD environment variable](../../../ci/variables/README.md) or in
 [HashiCorp Vault](../../../ci/secrets/index.md).
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index 816b0e5ab82..3dbae78ccc4 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -95,7 +95,7 @@ The following table depicts the various user permission levels in a project.
 | View metrics dashboard annotations                |         | ✓          | ✓           | ✓        | ✓      |
 | Archive/reopen requirements **(ULTIMATE)**        |         | ✓          | ✓           | ✓        | ✓      |
 | Create/edit requirements **(ULTIMATE)**           |         | ✓          | ✓           | ✓        | ✓      |
-| Import requirements **(ULTIMATE)**                |         | ✓          | ✓           | ✓        | ✓      |
+| Import/export requirements **(ULTIMATE)**         |         | ✓          | ✓           | ✓        | ✓      |
 | Create new [test case](../ci/test_cases/index.md) |         | ✓          | ✓           | ✓        | ✓      |
 | Archive [test case](../ci/test_cases/index.md)    |         | ✓          | ✓           | ✓        | ✓      |
 | Move [test case](../ci/test_cases/index.md)       |         | ✓          | ✓           | ✓        | ✓      |
diff --git a/doc/user/project/code_owners.md b/doc/user/project/code_owners.md
index d0e89400d88..63ea84e42c9 100644
--- a/doc/user/project/code_owners.md
+++ b/doc/user/project/code_owners.md
@@ -225,6 +225,52 @@ the rules for "Groups" and "Documentation" sections:
 
 ![MR widget - Sectional Code Owners](img/sectional_code_owners_v13.2.png)
 
+#### Optional Code Owners Sections **(PREMIUM)**
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/232995) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.8 behind a feature flag, enabled by default.
+
+When you want to make a certain section optional, you can do so by adding a code owners section prepended with the caret `^` character. Approvals from owners listed in the section will **not** be required. For example:
+
+```plaintext
+[Documentation]
+*.md @root
+
+[Ruby]
+*.rb @root
+
+^[Go]
+*.go @root
+```
+
+The optional code owners section will be displayed in merge requests under the **Approval Rules** area:
+
+![MR widget - Optional Code Owners Sections](img/optional_code_owners_sections_v13_8.png)
+
+If a section is duplicated in the file, and one of them is marked as optional and the other isn't, the requirement prevails. 
+
+For example, the code owners of the "Documentation" section below will still be required to approve merge requests: 
+
+```plaintext
+[Documentation]
+*.md @root
+
+[Ruby]
+*.rb @root
+
+^[Go]
+*.go @root
+
+^[Documentation]
+*.txt @root
+```
+
+Optional sections in the code owners file are currently treated as optional only
+when changes are submitted via merge requests. If a change is submitted directly
+to the protected branch, approval from code owners will still be required, even if the
+section is marked as optional. We plan to change this in a
+[future release](https://gitlab.com/gitlab-org/gitlab/-/issues/297638),
+where direct pushes to the protected branch will be allowed for sections marked as optional.
+
 ## Example `CODEOWNERS` file
 
 ```plaintext
diff --git a/doc/user/project/img/optional_code_owners_sections_v13_8.png b/doc/user/project/img/optional_code_owners_sections_v13_8.png
new file mode 100644
index 00000000000..7a5a2fab6e3
--- /dev/null
+++ b/doc/user/project/img/optional_code_owners_sections_v13_8.png
diff --git a/doc/user/project/issues/issue_data_and_actions.md b/doc/user/project/issues/issue_data_and_actions.md
index 875ea352f99..4c8630581f5 100644
--- a/doc/user/project/issues/issue_data_and_actions.md
+++ b/doc/user/project/issues/issue_data_and_actions.md
@@ -179,7 +179,8 @@ for the issue. Notifications are automatically enabled after you participate in
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/18816) in GitLab 13.8.
 
-Guest users can see a button to copy the email address for the issue. Sending an email to this address creates a comment containing the email body.
+Guest users can see a button in the right sidebar to copy the email address for the issue.
+Sending an email to this address creates a comment containing the email body.
 
 ### Edit
 
diff --git a/doc/user/project/merge_requests/getting_started.md b/doc/user/project/merge_requests/getting_started.md
index 467b58d0b5b..bc718ae867f 100644
--- a/doc/user/project/merge_requests/getting_started.md
+++ b/doc/user/project/merge_requests/getting_started.md
@@ -62,7 +62,7 @@ request's page at the top-right side:
 - Enable the [squash commits when merge request is accepted](squash_and_merge.md) option to combine all the commits into one before merging, thus keep a clean commit history in your repository.
 - Set the merge request as a [**Draft**](work_in_progress_merge_requests.md) to avoid accidental merges before it is ready.
 
-Once you have created the merge request, you can also:
+After you have created the merge request, you can also:
 
 - [Discuss](../../discussions/index.md) your implementation with your team in the merge request thread.
 - [Perform inline code reviews](reviewing_and_managing_merge_requests.md#perform-inline-code-reviews).
@@ -70,7 +70,7 @@ Once you have created the merge request, you can also:
 - Preview continuous integration [pipelines on the merge request widget](reviewing_and_managing_merge_requests.md#pipeline-status-in-merge-requests-widgets).
 - Preview how your changes look directly on your deployed application with [Review Apps](reviewing_and_managing_merge_requests.md#live-preview-with-review-apps).
 - [Allow collaboration on merge requests across forks](allow_collaboration.md).
-- Perform a [Review](../../discussions/index.md#merge-request-reviews) in order to create multiple comments on a diff and publish them once you're ready.
+- Perform a [Review](../../discussions/index.md#merge-request-reviews) to create multiple comments on a diff and publish them when you're ready.
 - Add [code suggestions](../../discussions/index.md#suggest-changes) to change the content of merge requests directly into merge request threads, and easily apply them to the codebase directly from the UI.
 - Add a time estimation and the time spent with that merge request with [Time Tracking](../time_tracking.md#time-tracking).
 
@@ -161,6 +161,53 @@ Feature.disable(:merge_request_reviewers)
 Feature.disable(:merge_request_reviewers, Project.find(<project id>))
 ```
 
+#### Reviewer approval rules
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/233736) in GitLab 13.8.
+> - It was [deployed behind a feature flag](../../../user/feature_flags.md), disabled by default.
+> - [Became enabled by default](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51183) in GitLab 13.8.
+> - It's enabled on GitLab.com.
+> - It's recommended for production use.
+> - It can be enabled or disabled for a single project.
+> - For GitLab self-managed instances, GitLab administrators can opt to [disable it](#enable-or-disable-reviewer-approval-rules). **(CORE ONLY)**
+
+When editing the **Reviewers** field in a new or existing merge request, this feature
+displays the name of the matching [approval rule](merge_request_approvals.md#approval-rules)
+below the name of each suggested reviewer. [Code Owners](../code_owners.md) are displayed as `Codeowner` without group detail. We intend to iterate on this feature in future releases.
+
+This example shows reviewers and approval rules when creating a new merge request:
+
+![Reviewer approval rules in new/edit form](img/reviewer_approval_rules_form_v13_8.png)
+
+This example shows reviewers and approval rules in a merge request sidebar:
+
+![Reviewer approval rules in sidebar](img/reviewer_approval_rules_sidebar_v13_8.png)
+
+##### Enable or disable Reviewer Approval Rules **(CORE ONLY)**
+
+Merge Request Reviewers is under development and ready for production use.
+It is deployed behind a feature flag that is **enabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
+can opt to disable it.
+
+To enable it:
+
+```ruby
+# For the instance
+Feature.enable(:reviewer_approval_rules)
+# For a single project
+Feature.enable(:reviewer_approval_rules, Project.find(<project id>))
+```
+
+To disable it:
+
+```ruby
+# For the instance
+Feature.disable(:reviewer_approval_rules)
+# For a single project
+Feature.disable(:reviewer_approval_rules, Project.find(<project id>))
+```
+
 ### Merge requests to close issues
 
 If the merge request is being created to resolve an issue, you can
@@ -200,5 +247,5 @@ is set for deletion, the merge request widget displays the
   at once. By doing so, you save pipeline minutes.
 - Delete feature branches on merge or after merging them to keep your repository clean.
 - Take one thing at a time and ship the smallest changes possible. By doing so,
-  you'll have faster reviews and your changes will be less prone to errors.
+  reviews are faster and your changes are less prone to errors.
 - Do not use capital letters nor special chars in branch names.
diff --git a/doc/user/project/merge_requests/img/reviewer_approval_rules_form_v13_8.png b/doc/user/project/merge_requests/img/reviewer_approval_rules_form_v13_8.png
new file mode 100644
index 00000000000..c2aa0689d65
--- /dev/null
+++ b/doc/user/project/merge_requests/img/reviewer_approval_rules_form_v13_8.png
diff --git a/doc/user/project/merge_requests/img/reviewer_approval_rules_sidebar_v13_8.png b/doc/user/project/merge_requests/img/reviewer_approval_rules_sidebar_v13_8.png
new file mode 100644
index 00000000000..3828868965b
--- /dev/null
+++ b/doc/user/project/merge_requests/img/reviewer_approval_rules_sidebar_v13_8.png
diff --git a/doc/user/project/requirements/index.md b/doc/user/project/requirements/index.md
index 9d75c4ab071..c99b0d91523 100644
--- a/doc/user/project/requirements/index.md
+++ b/doc/user/project/requirements/index.md
@@ -34,7 +34,7 @@ Users with Reporter or higher [permissions](../../permissions.md) can create req
 
 To create a requirement:
 
-1. From your project page, go to **Requirements**.
+1. In a project, go to **Requirements**.
 1. Select **New requirement**.
 1. Enter a title and description and select **Create requirement**.
 
@@ -200,10 +200,10 @@ requirements_confirmation:
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/246857) in GitLab 13.7.
 
-You can import requirements to a project by uploading a CSV file with the columns
-`title` and `description`.
+You can import requirements to a project by uploading a [CSV file](https://en.wikipedia.org/wiki/Comma-separated_values)
+with the columns `title` and `description`.
 
-The user uploading the CSV file will be set as the author of the imported requirements.
+After the import, the user uploading the CSV file is set as the author of the imported requirements.
 
 Users with Reporter or higher [permissions](../../permissions.md) can import requirements.
 
@@ -213,20 +213,20 @@ Before you import your file:
 
 - Consider importing a test file containing only a few requirements. There is no way to undo a large
   import without using the GitLab API.
-- Ensure your CSV file meets the [file format](#csv-file-format) requirements.
+- Ensure your CSV file meets the [file format](#imported-csv-file-format) requirements.
 
 To import requirements:
 
-1. Navigate to a project's Requirements page.
-   - If the project already has existing requirements, click the import icon (**{import}**) at the
+1. In a project, go to **Requirements**.
+   - If the project already has existing requirements, select the import icon (**{import}**) in the
      top right.
-   - For a project without any requirements, click **Import CSV** in the middle of the page.
-1. Select the file and click **Import requirements**.
+   - For a project without any requirements, select **Import CSV** in the middle of the page.
+1. Select the file and select **Import requirements**.
 
 The file is processed in the background and a notification email is sent
 to you after the import is complete.
 
-### CSV file format
+### Imported CSV file format
 
 When importing requirements from a CSV file, it must be formatted in a certain way:
 
@@ -257,3 +257,37 @@ Another Title,"A description, with a comma"
 The limit depends on the configuration value of Max Attachment Size for the GitLab instance.
 
 For GitLab.com, it is set to 10 MB.
+
+## Export requirements to a CSV file
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/290813) in GitLab 13.8.
+
+You can export GitLab requirements to a
+[CSV file](https://en.wikipedia.org/wiki/Comma-separated_values) sent to your default notification
+email as an attachment.
+
+By exporting requirements, you and your team can import them into another tool or share them with
+your customers. Exporting requirements can aid collaboration with higher-level systems, as well as
+audit and regulatory compliance tasks.
+
+Users with Reporter or higher [permissions](../../permissions.md) can export requirements.
+
+To export requirements:
+
+1. In a project, go to **Requirements**.
+1. Select the **Export as CSV** icon (**{export}**) in the top right. A confirmation modal appears.
+1. Select **Export requirements**. The exported CSV file is sent to the email address associated with your user.
+
+### Exported CSV file format
+
+You can preview the exported CSV file in a spreadsheet editor, such as Microsoft Excel,
+OpenOffice Calc, or Google Sheets.
+
+The exported CSV file contains the following columns:
+
+- Requirement ID
+- Title
+- Description
+- Author Username
+- Latest Test Report State
+- Latest Test Report Created At (UTC)