Add latest changes from gitlab-org/gitlab@master

7 files changed, 184 insertions, 96 deletions

diff --git a/doc/administration/appearance.md b/doc/administration/appearance.md
index 3599c444134..9ebc9a37407 100644
--- a/doc/administration/appearance.md
+++ b/doc/administration/appearance.md
@@ -6,107 +6,145 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # GitLab Appearance **(FREE SELF)**
 
-Several options are available for customizing the appearance of a self-managed instance
-of GitLab. To access these settings:
+You can update your settings to change the look and feel of your GitLab self-managed instance.
+
+To open the **Appearance** settings:
 
 1. On the left sidebar, at the bottom, select **Admin Area**.
 1. Select **Settings > Appearance**.
 
-## Navigation bar
+## Customize your homepage button
+
+Customize the appearance of your **Homepage** button.
+
+The **Homepage** button is located on the upper-left corner of the left sidebar.
+Replace the default **GitLab logo** **{tanuki}** with any image.
+
+- The file should be less than 1 MB.
+- The image should be 28 pixels high. Images more than 28 px high will be resized.
+
+To customize your **Homepage** icon image:
 
-By default, the navigation bar has the GitLab logo, but this can be customized with
-any image desired. It is optimized for images 28px high (any width), but any image can be
-used (less than 1 MB) and it is automatically resized.
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Under **Navigation bar**, select **Choose file**.
+1. At the bottom of the page, select **Update appearance settings**.
 
-After you select and upload an image, select **Update appearance settings** at the bottom
-of the page to activate it in the GitLab instance.
+Pipeline status emails also show your custom logo. However, some email applications do not support SVG images. If your custom image is in SVG format, pipeline emails show the default logo.
 
-NOTE:
-GitLab pipeline emails also display the custom logo, unless the logo is in SVG format. If the
-custom logo is in SVG format, the default logo is used instead because the SVG format is not
-supported by many email clients.
+## Customize the favicon
 
-## Favicon
+Customize the appearance of the favicon. A favicon is the icon for a website that shows in your browser tabs. The **GitLab logo** **{tanuki}** is the default browser and CI/CD status favicon. Replace the default icon with any image that is `32 x 32` pixels and in `.png` or `.ico` format.
 
-By default, the favicon (used by the browser as the tab icon and the CI status icon)
-uses the GitLab logo. This can be customized with any icon desired. It must be a
-32x32 `.png` or `.ico` image.
+To change the favicon:
 
-After you select and upload an icon, select **Update appearance settings** at the bottom
-of the page to activate it in the GitLab instance.
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Under **Favicon**, select **Choose file**.
+1. At the bottom of the page, select **Update appearance settings**.
 
-## System header and footer messages
+## Add system header and footer messages
 
 > **Enable header and footer in emails** checkbox [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344819) in GitLab 15.9.
 
-You can add a small header message, a small footer message, or both, to the interface
-of your GitLab instance. These messages appear on all projects and pages of the
-instance, including the sign-in/sign-up page. The default color is white text on
-an orange background, but this can be customized by selecting **Customize colors**.
+Add a small header message, a small footer message, or both, to the interface of your GitLab instance. These messages show on all projects and pages of the instance, such as the sign-in and register pages.
 
-Limited [Markdown](../user/markdown.md) is supported, such as bold, italics, and links, for
-example. Other Markdown features, including lists, images, and quotes are not supported
-as the header and footer messages can only be a single line.
+- You can italicize, bold, or add links to your message with Markdown.
+- Markdown lists, images, and quotes are not supported because system messages must be a single line. 
 
-You can select **Enable header and footer in emails** to have the text of
-the header and footer added to all emails sent by the GitLab instance.
+To add a system header, footer message, or both:
 
-After you add a message, select **Update appearance settings** at the bottom of the page
-to activate it in the GitLab instance.
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Go to the **System header and footer** section.
+1. Complete the fields.
+1. Optional. Select the **Enable header and footer in emails** checkbox. Add your system messages to all emails sent by your GitLab instance.
+1. At the bottom of the page, select **Update appearance settings**.
 
-## Sign-in / Sign-up pages
+By default, the system header and footer text is white text on an orange background. To customize the message colors:
 
-You can replace the default message on the sign-in/sign-up page with your own message
-and logo. You can make full use of [Markdown](../user/markdown.md) in the description.
+- Go to the **System header and footer** section and select **Customize colors**.
 
-The optimal size for the logo is 128 x 128 pixels, but any image can be used (below 1 MB)
-and it is resized automatically. The logo image appears between the title and
-the description, on the left of the sign-up page.
+## Customize your sign-in and register pages
 
-After you add a message, select **Update appearance settings** at the bottom of the page
-to activate it in the GitLab instance. You can also select **Sign-in page**,
-to review the saved appearance settings:
+Customize the title, description, and logo on the sign-in and register page. By default, the register page logo is located on the left of the page, between the title and the description.
 
-NOTE:
-You can add also add a [customized help message](settings/help_page.md) below the sign-in message or add [a Sign-in text message](settings/sign_in_restrictions.md#sign-in-information).
+To customize your sign-in and register page titles or descriptions:
 
-## Progressive Web App
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Go to the **Sign in/Sign up pages** section.
+1. Complete the fields. You can format the page **Title** and **Description** with Markdown.
+1. At the bottom of the page, select **Update appearance settings**.
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/375708) in GitLab 15.9.
+To customize the logo on your sign-in and register pages:
 
-GitLab can be installed as a [Progressive Web App](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps) (PWA).
-Use the Progressive Web App settings to customize its appearance, including its name,
-description, and icon.
+- The file should be less than 1 MB.
+- The image should be 128 pixels high. Images more than 128 px high will be resized.
 
-### Configure the PWA settings
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Go to the **Sign in/Sign up pages** section.
+1. Under **Logo**, select **Choose file**.
+1. At the bottom of the page, select **Update appearance settings**.
 
-To configure the PWA settings:
+You can add also add a [customized help message](settings/help_page.md) below the sign-in message or add [a sign-in text message](settings/sign_in_restrictions.md#sign-in-information).
+
+## Customize the Progressive Web App
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/375708) in GitLab 15.9.
+
+Customize the icon, display name, short name, and description for your Progessive Web App (PWA). For more information, see [Progressive Web App](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps).
+
+To add a Progressive Web App name and short name:
 
 1. On the left sidebar, at the bottom, select **Admin Area**.
 1. Select **Settings > Appearance**.
-1. Scroll to the **Progressive Web App (PWA)** section.
+1. Go to the **Progressive Web App (PWA)** section.
 1. Complete the fields.
-   - **Icon**: If you use the standard GitLab icon, it is available in sizes 192x192 pixels,
-     512x512 pixels, also as a maskable icon. If you use a custom icon, it must be in either size
-     192x192 pixels, or 512x512 pixels.
-1. Select **Update appearance settings**.
+   - **Name** is the display name of your PWA.
+   - **Short name** shows on mobile devices and small screens.
+1. At the bottom of the page, select **Update appearance settings**.
+
+To add a Progressive Web App description:
+
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Go to the **Progressive Web App (PWA)** section.
+1. Complete the fields. You can format the **Description** with Markdown.
+1. At the bottom of the page, select **Update appearance settings**.
+
+To customize your Progressive Web App icon:
+
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Go to the **Progressive Web App (PWA)** section.
+1. Under **Icon**, select **Choose file**.
+1. At the bottom of the page, select **Update appearance settings**.
+
+## Add guidelines to the new project page
 
-## New project pages
+Add a guideline message to the **New project page**. You can format your message with Markdown. The guideline message shows under the **New Project** message and, on the left side of the **New project page**.
 
-You can add a new project guidelines message to the **New project page** in GitLab.
-You can make full use of [Markdown](../user/markdown.md) in the description:
+To add a guideline message to the **New project page**:
 
-The message is displayed below the **New Project** message, on the left side
-of the **New project page**.
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Go to the **New project pages** section.
+1. Complete the fields. You can format your guidelines with Markdown.
 
-After you add a message, select **Update appearance settings** at the bottom of the page
-to activate it in the GitLab instance. You can also select **New project page**,
-which brings you to the new project page so you can review the change.
+## Add profile image guidelines
+
+Add guidelines for profile images.
+
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Appearance**.
+1. Go to the **Profile image guideline** section.
+1. Complete the fields. You can format your text with Markdown.
 
 ## Libravatar
 
-[Libravatar](https://www.libravatar.org) is supported by GitLab for avatar images, but you must
-[manually enable Libravatar support on the GitLab instance](../administration/libravatar.md) to use the service.
+GitLab supports [Libravatar](https://www.libravatar.org) is for avatar images, but you must manually enable Libravatar support on the GitLab instance. For more information, see [Libravatar](../administration/libravatar.md) to use the service.
 
 <!-- ## Troubleshooting
 
diff --git a/doc/administration/settings/email.md b/doc/administration/settings/email.md
index cc80b082139..a010a855ba1 100644
--- a/doc/administration/settings/email.md
+++ b/doc/administration/settings/email.md
@@ -10,7 +10,7 @@ You can customize some of the content in emails sent from your GitLab instance.
 
 ## Custom logo
 
-The logo in the header of some emails can be customized, see the [logo customization section](../../administration/appearance.md#navigation-bar).
+The logo in the header of some emails can be customized, see the [logo customization section](../../administration/appearance.md#customize-your-homepage-button).
 
 ## Include author name in email notification email body **(PREMIUM SELF)**
 
diff --git a/doc/administration/uploads.md b/doc/administration/uploads.md
index 31d0781ee79..95454ef629c 100644
--- a/doc/administration/uploads.md
+++ b/doc/administration/uploads.md
@@ -19,7 +19,7 @@ This is the default configuration. To change the location where the uploads are
 stored locally, use the steps in this section based on your installation method:
 
 NOTE:
-For historical reasons, uploads for the whole instance (for example the [favicon](../administration/appearance.md#favicon)) are stored in a base directory,
+For historical reasons, uploads for the whole instance (for example the [favicon](../administration/appearance.md#customize-the-favicon)) are stored in a base directory,
 which by default is `uploads/-/system`. Changing the base
 directory on an existing GitLab installation is strongly discouraged.
 
diff --git a/doc/development/push_rules/index.md b/doc/development/push_rules/index.md
index 343b199e613..96d16f5eb35 100644
--- a/doc/development/push_rules/index.md
+++ b/doc/development/push_rules/index.md
@@ -42,9 +42,6 @@ change the push behavior.
 - `EE::Gitlab::Checks::PushRules::FileSizeCheck`: Executes push rule checks
   related to file size rules.
   - Defined in `ee/lib/ee/gitlab/checks/push_rules/file_size_check.rb`.
-- `EE::Gitlab::Checks::PushRules::SecretsCheck`: Executes push rule checks
-  related to secrets rules.
-  - Defined in `ee/lib/ee/gitlab/checks/push_rules/secrets_check.rb`.
 - `EE::Gitlab::Checks::PushRules::TagCheck`: Executes push rule checks
   related to tag rules.
   - Defined in `ee/lib/ee/gitlab/checks/push_rules/tag_check.rb`.
@@ -83,11 +80,9 @@ graph TD
   EE::Gitlab::Checks::PushRuleCheck -->|Only if pushing to a tag| EE::Gitlab::Checks::PushRules::TagCheck
   EE::Gitlab::Checks::PushRuleCheck -->|Only if pushing to a branch| EE::Gitlab::Checks::PushRules::BranchCheck
   EE::Gitlab::Checks::PushRuleCheck --> EE::Gitlab::Checks::PushRules::FileSizeCheck
-  EE::Gitlab::Checks::PushRuleCheck --> EE::Gitlab::Checks::PushRules::SecretsCheck
-  EE::Gitlab::Checks::PushRuleCheck --> EE::Gitlab::Checks::PushRules::SecretsCheck
 ```
 
 NOTE:
 The `PushRuleCheck` only triggers checks in parallel if the
 `parallel_push_checks` feature flag is enabled. Otherwise tag or branch check
-runs first, then file size, then secrets.
+runs first, then file size.
diff --git a/doc/install/installation.md b/doc/install/installation.md
index 370f67865ed..0ccb475eacc 100644
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -174,7 +174,7 @@ the Git path:
 
 ### GraphicsMagick
 
-For the [Custom Favicon](../administration/appearance.md#favicon) to work, GraphicsMagick
+For the [Custom Favicon](../administration/appearance.md#customize-the-favicon) to work, GraphicsMagick
 must be installed.
 
 ```shell
diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md
index 574d466cd53..de36cb30257 100644
--- a/doc/user/application_security/policies/scan-execution-policies.md
+++ b/doc/user/application_security/policies/scan-execution-policies.md
@@ -205,23 +205,18 @@ The keys for a schedule rule are:
 
 ## `scan` action type
 
-> - Scan Execution Policies variable precedence was [changed](https://gitlab.com/gitlab-org/gitlab/-/issues/424028) in GitLab 16.7 [with a flag](../../../administration/feature_flags.md) named `security_policies_variables_precedence`. Enabled by default.
-> - The `custom` scan action type was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/126457) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `compliance_pipeline_in_policies`. On GitLab.com, this feature is not available. On self-managed GitLab, by default this feature is not available. To make it available, an administrator can [enable the feature flag](../../../administration/feature_flags.md) named `compliance_pipeline_in_policies`.
+> Scan Execution Policies variable precedence was [changed](https://gitlab.com/gitlab-org/gitlab/-/issues/424028) in GitLab 16.6 [with a flag](../../../administration/feature_flags.md) named `security_policies_variables_precedence`. Disabled by default.
 
 This action executes the selected `scan` with additional parameters when conditions for at least one
 rule in the defined policy are met.
 
 | Field | Type | Possible values | Description |
 |-------|------|-----------------|-------------|
-| `scan` | `string` | `sast`, `sast_iac`, `dast`, `secret_detection`, `container_scanning`, `dependency_scanning`, `custom` | The action's type. |
+| `scan` | `string` | `sast`, `sast_iac`, `dast`, `secret_detection`, `container_scanning`, `dependency_scanning` | The action's type. |
 | `site_profile` | `string` | Name of the selected [DAST site profile](../dast/on-demand_scan.md#site-profile). | The DAST site profile to execute the DAST scan. This field should only be set if `scan` type is `dast`. |
 | `scanner_profile` | `string` or `null` | Name of the selected [DAST scanner profile](../dast/on-demand_scan.md#scanner-profile). | The DAST scanner profile to execute the DAST scan. This field should only be set if `scan` type is `dast`.|
 | `variables` | `object` | | A set of CI variables, supplied as an array of `key: value` pairs, to apply and enforce for the selected scan. The `key` is the variable name, with its `value` provided as a string. This parameter supports any variable that the GitLab CI job supports for the specified scan. |
 | `tags` | `array` of `string` | | A list of runner tags for the policy. The policy jobs are run by runner with the specified tags. |
-| `ci_configuration` <sup>1</sup> | `string` | | GitLab CI YAML as formatted as string. |
-| `ci_configuration_path` <sup>1</sup> | object | Object with project path and file name pointing to a CI configuration. |
-
-1. For `custom` scans, you must specify one of `ci_configuration` or `ci_configuration_path`.
 
 Note the following:
 
@@ -241,16 +236,6 @@ Note the following:
 - A container scanning scan that is configured for the `pipeline` rule type ignores the agent defined in the `agents` object. The `agents` object is only considered for `schedule` rule types.
   An agent with a name provided in the `agents` object must be created and configured for the project.
 - Variables defined in a Scan Execution Policy follow the standard [CI/CD variable precedence](../../../ci/variables/index.md#cicd-variable-precedence).
-- `custom` scans are not executed for scheduled rules.
-- Jobs variables and stages definitions from `custom` scans take precedence over the project's CI/CD configuration.
-
-### `ci_configuration_path` object
-
-| Field | Type | Description |
-|-------|------|-------------|
-| `project` | `string` | A project namespace path. |
-| `file` | `string` | The filename of the CI/CD YAML file. |
-| `ref` | `string` (optional) | The branch name, tag name, or commit SHA. |
 
 ## Example security policies project
 
@@ -271,12 +256,6 @@ scan_execution_policy:
   - scan: dast
     scanner_profile: Scanner Profile A
     site_profile: Site Profile B
-  - scan: custom
-    ci_configuration: |-
-      test job:
-        stage: test
-        script:
-          - echo "Hello World"
 - name: Enforce DAST and secret detection scans every 10 minutes
   description: This policy enforces DAST and secret detection scans to run every 10 minutes
   enabled: true
@@ -344,3 +323,79 @@ this case, two SAST jobs run in the pipeline, one with the developer's variables
 If you want to avoid running duplicate scans, you can either remove the scans from the project's `.gitlab-ci.yml` file or disable your
 local jobs by setting `SAST_DISABLED: "true"`. Disabling jobs this way does not prevent the security jobs defined by scan execution
 policies from running.
+
+## Experimental features **(EXPERIMENT)**
+
+These experimental features have limitations:
+
+1. Enforcing pipeline execution using the pipeline execution action in projects
+   without a `.gitlab-ci.yml` is not supported.
+1. The pipeline execution action cannot be used with a scheduled trigger type.
+
+### Pipeline execution policy action
+
+> The `custom` scan action type was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/126457) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `compliance_pipeline_in_policies`.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available,
+an administrator can [enable the feature flag](../../../administration/feature_flags.md)
+named `compliance_pipeline_in_policies`.
+On GitLab.com, this feature is not available.
+
+The pipeline execution policy action introduces a new scan action type into
+scan execution policies for creating and enforcing custom CI in your target
+development projects.
+
+This custom scan type uses a remote CI configuration file to define the custom
+CI you want enforced. Scan execution policies then merge this file with the
+project's `.gitlab-ci.yml` to execute the compliance jobs for each project
+enforced by the policy.
+
+#### `ci_configuration_path` object
+
+| Field     | Type                | Description |
+|-----------|---------------------|-------------|
+| `project` | `string`            | A project namespace path. |
+| `file`    | `string`            | The file name of the CI/CD YAML file. |
+| `ref`     | `string` (optional) | The branch name, tag name, or commit SHA. |
+
+#### `scan` action type
+
+This action executes the selected `scan` with additional parameters when
+conditions for at least one rule in the defined policy are met.
+
+| Field                   | Type     | Possible values | Description |
+|-------------------------|----------|-----------------|-------------|
+| `scan`                  | `string` | `custom`        | The action's type. |
+| `ci_configuration`      | `string` |                 | GitLab CI YAML as formatted as string. |
+| `ci_configuration_path` | object   |                 | Object with project path and file name pointing to a CI configuration. |
+
+Note the following:
+
+- For `custom` scans, you must specify one of `ci_configuration` or `ci_configuration_path`.
+- `custom` scans are being executed for triggered rules only.
+- Jobs variables and stages definitions from `custom` scans take precedence over the project's CI/CD configuration.
+
+#### Example security policies project
+
+You can use this example in a `.gitlab/security-policies/policy.yml` file stored in a
+[security policy project](index.md#security-policy-project):
+
+```yaml
+---
+scan_execution_policy:
+- name: Create a custom scan that injects test job
+  description: This policy enforces pipeline configuration to have a job with DAST scan for release branches
+  enabled: true
+  rules:
+  - type: pipeline
+    branches:
+    - release/*
+  actions:
+  - scan: custom
+    ci_configuration: |-
+      test job:
+        stage: test
+        script:
+          - echo "Hello World"
+```
diff --git a/doc/user/project/service_desk/configure.md b/doc/user/project/service_desk/configure.md
index 721508acb24..95c15ef42b7 100644
--- a/doc/user/project/service_desk/configure.md
+++ b/doc/user/project/service_desk/configure.md
@@ -105,7 +105,7 @@ Instance administrators can add a header, footer or additional text to the GitLa
 them to all emails sent from GitLab. If you're using a custom `thank_you.md` or `new_note.md`, to include
 this content, add `%{SYSTEM_HEADER}`, `%{SYSTEM_FOOTER}`, or `%{ADDITIONAL_TEXT}` to your templates.
 
-For more information, see [System header and footer messages](../../../administration/appearance.md#system-header-and-footer-messages) and [custom additional text](../../../administration/settings/email.md#custom-additional-text).
+For more information, see [System header and footer messages](../../../administration/appearance.md#add-system-header-and-footer-messages) and [custom additional text](../../../administration/settings/email.md#custom-additional-text).
 
 ## Use a custom template for Service Desk tickets