Add latest changes from gitlab-org/gitlab@master

6 files changed, 121 insertions, 7 deletions

diff --git a/doc/ci/runners/saas/macos_saas_runner.md b/doc/ci/runners/saas/macos_saas_runner.md
index 9ce0f0779ac..2d13d6e23e4 100644
--- a/doc/ci/runners/saas/macos_saas_runner.md
+++ b/doc/ci/runners/saas/macos_saas_runner.md
@@ -14,7 +14,7 @@ Use these runners to build, test, and deploy apps for the Apple ecosystem (macOS
 of all the capabilities of the GitLab single DevOps platform and not have to manage or operate a
 build environment. Our [Mobile DevOps solution](../../../ci/mobile_devops.md#ios-build-environments) provides features, documentation, and guidance on building and deploying mobile applications for iOS.
 
-We want to keep iterating to get SaaS runners on macOS 
+We want to keep iterating to get SaaS runners on macOS
 [generally available](../../../policy/experiment-beta-support.md#generally-available-ga).
 You can follow our work towards this goal in the
 [related epic](https://gitlab.com/groups/gitlab-org/-/epics/8267).
diff --git a/doc/ci/variables/index.md b/doc/ci/variables/index.md
index 1e50756d08f..e7938f85246 100644
--- a/doc/ci/variables/index.md
+++ b/doc/ci/variables/index.md
@@ -353,9 +353,9 @@ kubectl config set-cluster e2e --server="$KUBE_URL" --certificate-authority="$KU
 ```
 
 WARNING:
-Be careful when assigning the value of a file variable to another variable. The other
-variable takes the content of the file as its value, **not** the path to the file.
-[Issue 29407](https://gitlab.com/gitlab-org/gitlab/-/issues/29407) proposes to change this behavior.
+Be careful when assigning the value of a file variable to another variable in GitLab 15.6 or older.
+The other variable takes the content of the file as its value, **not** the path to the file.
+In GitLab 15.7 and newer, this behavior [was fixed](https://gitlab.com/gitlab-org/gitlab/-/issues/29407) and the other variable now takes the path to the file as the value.
 
 #### Use a `.gitlab-ci.yml` variable as a file type variable
 
diff --git a/doc/development/documentation/styleguide/index.md b/doc/development/documentation/styleguide/index.md
index 07df96a5c15..6aecfbe88ea 100644
--- a/doc/development/documentation/styleguide/index.md
+++ b/doc/development/documentation/styleguide/index.md
@@ -871,7 +871,7 @@ These links fail for:
 
 If you must use one of these links:
 
-- If the link is to a confidential issue, mention that the issue is visible only to GitLab team members, as in the first example. 
+- If the link is to a confidential issue, mention that the issue is visible only to GitLab team members, as in the first example.
 - If the link requires a specific role or permissions, mention that information, as in the second example.
 - Put the link in backticks, so that it does not cause link checkers to fail.
 
diff --git a/doc/tutorials/container_scanning/index.md b/doc/tutorials/container_scanning/index.md
new file mode 100644
index 00000000000..e8abde9cb5e
--- /dev/null
+++ b/doc/tutorials/container_scanning/index.md
@@ -0,0 +1,112 @@
+---
+stage: Secure
+group: Composition Analysis
+info: For assistance with this tutorial, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments-to-other-projects-and-subjects.
+---
+
+# Tutorial: Scan a Docker container for vulnerabilities **(FREE)**
+
+You can use [container scanning](../../user/application_security/container_scanning/index.md) to check for vulnerabilities
+in container images stored in the [container registry](../../user/packages/container_registry/index.md).
+
+Container scanning configuration is added to the pipeline configuration of a project. In this tutorial, you:
+
+1. Create a [new project](#create-a-new-project).
+1. [Add a `Dockerfile`](#add-a-dockerfile-to-new-project) file to the project. This `Dockerfile` contains minimal
+   configuration required to create a Docker image.
+1. Create [pipeline configuration](#create-pipeline-configuration) for the new project to create a Docker
+   image from the `Dockerfile`, build and push a Docker image to the container registry, and then scan the Docker image
+   for vulnerabilities.
+1. Check for [reported vulnerabilities](#check-for-reported-vulnerabilities).
+1. [Update the Docker image](#update-the-docker-image) and scan the updated image.
+
+## Create a new project
+
+To create the new project
+
+1. On the top bar, select **Create new... > New project/repository**.
+1. Select **Create blank project**.
+1. In **Project name**, enter `Tutorial container scanning project`.
+1. In **Project URL**, select a namespace for the project.
+1. Select **Create project**.
+
+## Add a `Dockerfile` to new project
+
+To provide something for container scanning to work on, create a `Dockerfile` with very minimal configuration:
+
+1. In your `Tutorial container scanning project` project, select **{plus}** > **New file**.
+1. Enter the filename `Dockerfile`, and provide the following contents for the file:
+
+   ```Dockerfile
+   FROM hello-world:latest
+   ```
+
+Docker images created from this `Dockerfile` are based on [`hello-world`](https://hub.docker.com/_/hello-world) Docker
+image.
+
+1. Select **Commit changes**.
+
+## Create pipeline configuration
+
+Now you're ready to create pipeline configuration. The pipeline configuration:
+
+1. Builds a Docker image from the `Dockerfile` file, and pushes the Docker image to the container registry. The
+   `build-image` job uses [Docker-in-Docker](../../ci/docker/using_docker_build.md) as a
+   [CI/CD service](../../ci/services/index.md) to build the Docker image. You can also
+   [use kaniko](../../ci/docker/using_kaniko.md) to build Docker images in a pipeline.
+1. Includes the `Container-Scanning.gitlab-ci.yml` template, to scan the Docker image stored in the container registry.
+
+To create the pipeline configuration:
+
+1. In the root directory of your project, select **{plus}** > **New file**.
+1. Enter the filename `.gitlab-ci.yml`, and provide the following contents for the file:
+
+   ```yaml
+   include:
+     - template: Security/Container-Scanning.gitlab-ci.yml
+
+   container_scanning:
+     variables:
+       CS_IMAGE: $CI_REGISTRY_IMAGE/tutorial-image
+
+   build-image:
+     image: docker:24.0.2
+     stage: build
+     services:
+       - docker:24.0.2-dind
+     script:
+       - docker build --tag $CI_REGISTRY_IMAGE/tutorial-image --file Dockerfile .
+       - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
+       - docker push $CI_REGISTRY_IMAGE/tutorial-image
+   ```
+
+1. Select **Commit changes**.
+
+You're almost done. After you commit the file, a new pipeline starts with this configuration.
+When it's finished, you can check the results of the scan.
+
+## Check for reported vulnerabilities
+
+Vulnerabilities for a scan are located on the pipeline that ran the scan. To check for reported vulnerabilities:
+
+1. Select **CI/CD** > **Pipelines** and select the most recent pipeline. This pipeline should consist of a job called
+   `container_scanning` in the `test` stage.
+1. If the `container_scanning` job was successful, select the **Security** tab. If any vulnerabilities were found, they
+   are listed on that page.
+
+## Update the Docker image
+
+A Docker image based on `hello-world:latest` is unlikely to show any vulnerabilities. For an example of a scan that
+reports vulnerabilities:
+
+1. In the root directory of your project, select the existing `Dockerfile` file.
+1. Select **Edit**.
+1. Replace `FROM hello-world:latest` with a different Docker image for the
+   [`FROM`](https://docs.docker.com/engine/reference/builder/#from) instruction. The best Docker images to demonstrate
+   container scanning have:
+   - Operating system packages. For example, from Debian, Ubuntu, Alpine, or Red Hat.
+   - Programming language packages. For example, NPM packages or Python packages.
+1. Select **Commit changes**.
+
+After you commit changes to the file, a new pipeline starts with this updated `Dockerfile`. When it's finished, you can
+check the results of the new scan.
diff --git a/doc/tutorials/secure_application.md b/doc/tutorials/secure_application.md
index 4c07620e6ed..54235d0a6dc 100644
--- a/doc/tutorials/secure_application.md
+++ b/doc/tutorials/secure_application.md
@@ -13,5 +13,6 @@ GitLab can check your application for security vulnerabilities and that it meets
 | [Set up dependency scanning](dependency_scanning.md) | Learn how to detect vulnerabilities in an application's dependencies. | **{star}** |
 | [Create a compliance pipeline](compliance_pipeline/index.md) | Learn how to create compliance pipelines for your groups. | **{star}** |
 | [Set up a scan result policy](scan_result_policy/index.md) | Learn how to configure a scan result policy that takes action based on scan results. | **{star}** |
+| [Scan a Docker container for vulnerabilities](container_scanning/index.md) | Learn how to use container scanning templates to add container scanning to your projects. | **{star}** |
 | [Get started with GitLab application security](../user/application_security/get-started-security.md) | Follow recommended steps to set up security tools. | |
 | [GitLab Security Essentials](https://levelup.gitlab.com/courses/security-essentials) | Learn about the essential security capabilities of GitLab in this self-paced course. | |
diff --git a/doc/user/project/quick_actions.md b/doc/user/project/quick_actions.md
index 8cd924a8c08..8e135e6d187 100644
--- a/doc/user/project/quick_actions.md
+++ b/doc/user/project/quick_actions.md
@@ -129,8 +129,9 @@ threads. Some quick actions might not be available to all subscription tiers.
 | `/unsubscribe`                                                                                   | **{check-circle}** Yes | **{check-circle}** Yes | **{check-circle}** Yes | Unsubscribe from notifications.
 | `/weight <value>`                                                                                | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Set weight. Valid options for `<value>` include `0`, `1`, `2`, and so on.
 | `/zoom <Zoom URL>`                                                                               | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Add a Zoom meeting to this issue or incident. In [GitLab 15.3 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/230853) users on GitLab Premium can add a short description when [adding a Zoom link to an incident](../../operations/incident_management/linked_resources.md#link-zoom-meetings-from-an-incident).
-| `/blocks <issue1> <issue2>`                                                                          | **{check-circle}** Yes | **{check-circle}** No | **{dotted-circle}** No | Mark the issue as blocking other issues. The `<issue>` value should be in the format of `#issue`, `group/project#issue`, or the full issue URL. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214232) in GitLab 16.0).
-| `/blocked_by <issue1> <issue2>`                                                                      | **{check-circle}** Yes | **{check-circle}** No | **{dotted-circle}** No | Mark the issue as blocked by other issues. The `<issue>` value should be in the format of `#issue`, `group/project#issue`, or the full issue URL. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214232) in GitLab 16.0).
+| `/blocks <issue1> <issue2>`                                                                          | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Mark the issue as blocking other issues. The `<issue>` value should be in the format of `#issue`, `group/project#issue`, or the full issue URL. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214232) in GitLab 16.0).
+| `/blocked_by <issue1> <issue2>`                                                                      | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Mark the issue as blocked by other issues. The `<issue>` value should be in the format of `#issue`, `group/project#issue`, or the full issue URL. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214232) in GitLab 16.0).
+| `/unlink <issue>`                                                                             | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Remove link with to the provided issue. The `<issue>` value should be in the format of `#issue`, `group/project#issue`, or the full issue URL. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/414400) in GitLab 16.1).
 
 ## Work items