Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-02-08 00:08:39 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2020-02-08 00:08:39 +0300
commit0c6bc5443aa6c8f3e4becccb89fc0f135b4c64c8 (patch)
tree55f13e752e9061c1800cce510a52fc78b13282ca /doc
parentd7ce7307dca551759ffa972015875f8ebe476927 (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r--doc/README.md2
-rw-r--r--doc/administration/monitoring/gitlab_self_monitoring_project/index.md19
-rw-r--r--doc/ci/environments.md2
-rw-r--r--doc/development/README.md2
-rw-r--r--doc/development/cycle_analytics.md249
-rw-r--r--doc/development/i18n/externalization.md2
-rw-r--r--doc/development/testing_guide/best_practices.md21
-rw-r--r--doc/development/value_stream_analytics.md248
-rw-r--r--doc/topics/web_application_firewall/img/guide_waf_ingress_installation.pngbin0 -> 54834 bytes
-rw-r--r--doc/topics/web_application_firewall/index.md95
-rw-r--r--doc/topics/web_application_firewall/quick_start_guide.md266
-rw-r--r--doc/user/analytics/code_review_analytics.md2
-rw-r--r--doc/user/analytics/cycle_analytics.md224
-rw-r--r--doc/user/analytics/index.md4
-rw-r--r--doc/user/analytics/productivity_analytics.md2
-rw-r--r--doc/user/analytics/value_stream_analytics.md224
-rw-r--r--doc/user/clusters/applications.md34
-rw-r--r--doc/user/index.md2
-rw-r--r--doc/user/permissions.md14
-rw-r--r--doc/user/project/cycle_analytics.md4
-rw-r--r--doc/user/project/index.md2
21 files changed, 920 insertions, 498 deletions
diff --git a/doc/README.md b/doc/README.md
index 201a2b57fbd..59c27d11d99 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -88,7 +88,7 @@ The following documentation relates to the DevOps **Manage** stage:
| Manage Topics | Description |
|:--------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [Authentication and<br/>Authorization](administration/auth/README.md) **(CORE ONLY)** | Supported authentication and authorization providers. |
-| [GitLab Cycle Analytics](user/project/cycle_analytics.md) | Measure the time it takes to go from an [idea to production](https://about.gitlab.com/blog/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/#from-idea-to-production-with-gitlab) for each project you have. |
+| [GitLab Value Stream Analytics](user/project/cycle_analytics.md) | Measure the time it takes to go from an [idea to production](https://about.gitlab.com/blog/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/#from-idea-to-production-with-gitlab) for each project you have. |
| [Instance Statistics](user/instance_statistics/index.md) | Discover statistics on how many GitLab features you use and user activity. |
<div align="right">
diff --git a/doc/administration/monitoring/gitlab_self_monitoring_project/index.md b/doc/administration/monitoring/gitlab_self_monitoring_project/index.md
index edd263428cb..da4dd09bc67 100644
--- a/doc/administration/monitoring/gitlab_self_monitoring_project/index.md
+++ b/doc/administration/monitoring/gitlab_self_monitoring_project/index.md
@@ -19,17 +19,26 @@ members to the group in order to give them maintainer access to the project.
This project will be used for self monitoring your GitLab instance.
-## Activating or deactivating the self monitoring project
+## Activating the self monitoring project
-1. Navigate to **Admin Area > Settings > Metrics and profiling** and expand the **Self monitoring** section.
-1. Toggle on or off the **Create Project** button to create or remove the "GitLab self monitoring" project.
-1. Click **Save changes** for the changes to take effect.
+1. Navigate to **Admin Area > Settings > Metrics and profiling**, and expand the **Self monitoring** section.
+1. Toggle the **Create Project** button on.
+1. It can take a few seconds for the project to be created. After the project is
+created, GitLab displays a message with a link to the project. The project
+will also be linked in the help text above the **Create Project** button. You can also
+find the project under **Projects > Your projects**.
-If you activated the monitoring project, it should now be visible in **Projects > Your projects**.
+## Deactivating the self monitoring project
CAUTION: **Warning:**
If you deactivate the self monitoring project, it will be permanently deleted.
+1. Navigate to **Admin Area > Settings > Metrics and profiling**, and expand the **Self monitoring** section.
+1. Toggle the **Create Project** button off.
+1. In the confirmation dialog that opens, click **Delete project**.
+ It can take a few seconds for it to be deleted.
+1. After the project is deleted, GitLab displays a message confirming your action.
+
## Connection to Prometheus
The project will be automatically configured to connect to the
diff --git a/doc/ci/environments.md b/doc/ci/environments.md
index bd3e4a17ef6..61f09bf6e00 100644
--- a/doc/ci/environments.md
+++ b/doc/ci/environments.md
@@ -220,7 +220,7 @@ deployment will be recorded as a new environment named `production`.
NOTE: **Note:**
If your environment's name is `production` (all lowercase),
-it will get recorded in [Cycle Analytics](../user/project/cycle_analytics.md).
+it will get recorded in [Value Stream Analytics](../user/project/cycle_analytics.md).
### Configuring dynamic environments
diff --git a/doc/development/README.md b/doc/development/README.md
index ba1714b2746..7511221b246 100644
--- a/doc/development/README.md
+++ b/doc/development/README.md
@@ -80,7 +80,7 @@ Complementary reads:
- [File uploads](uploads.md)
- [Auto DevOps development guide](auto_devops.md)
- [Mass Inserting Models](mass_insert.md)
-- [Cycle Analytics development guide](cycle_analytics.md)
+- [Value Stream Analytics development guide](value_stream_analytics.md)
- [Issue types vs first-class types](issue_types.md)
- [Application limits](application_limits.md)
- [Redis guidelines](redis.md)
diff --git a/doc/development/cycle_analytics.md b/doc/development/cycle_analytics.md
index 90abafb3e03..3947a012bd5 100644
--- a/doc/development/cycle_analytics.md
+++ b/doc/development/cycle_analytics.md
@@ -1,246 +1,5 @@
-# Cycle Analytics development guide
+---
+redirect_to: 'value_stream_analytics.md'
+---
-Cycle analytics calculates the time between two arbitrary events recorded on domain objects and provides aggregated statistics about the duration.
-
-## Stage
-
-During development, events occur that move issues and merge requests through different stages of progress until they are considered finished. These stages can be expressed with the `Stage` model.
-
-Example stage:
-
-- Name: Development
-- Start event: Issue created
-- End event: Issue first mentioned in commit
-- Parent: `Group: gitlab-org`
-
-### Events
-
-Events are the smallest building blocks of the cycle analytics feature. A stage consists of two events:
-
-- Start
-- End
-
-These events play a key role in the duration calculation.
-
-Formula: `duration = end_event_time - start_event_time`
-
-To make the duration calculation flexible, each `Event` is implemented as a separate class. They're responsible for defining a timestamp expression that will be used in the calculation query.
-
-#### Implementing an `Event` class
-
-There are a few methods that are required to be implemented, the `StageEvent` base class describes them in great detail. The most important ones are:
-
-- `object_type`
-- `timestamp_projection`
-
-The `object_type` method defines which domain object will be queried for the calculation. Currently two models are allowed:
-
-- `Issue`
-- `MergeRequest`
-
-For the duration calculation the `timestamp_projection` method will be used.
-
-```ruby
-def timestamp_projection
- # your timestamp expression comes here
-end
-
-# event will use the issue creation time in the duration calculation
-def timestamp_projection
- Issue.arel_table[:created_at]
-end
-```
-
-NOTE: **Note:**
-More complex expressions are also possible (e.g. using `COALESCE`). Look at the existing event classes for examples.
-
-In some cases, defining the `timestamp_projection` method is not enough. The calculation query should know which table contains the timestamp expression. Each `Event` class is responsible for making modifications to the calculation query to make the `timestamp_projection` work. This usually means joining an additional table.
-
-Example for joining the `issue_metrics` table and using the `first_mentioned_in_commit_at` column as the timestamp expression:
-
-```ruby
-def object_type
- Issue
-end
-
-def timestamp_projection
- IssueMetrics.arel_table[:first_mentioned_in_commit_at]
-end
-
-def apply_query_customization(query)
- # in this case the query attribute will be based on the Issue model: `Issue.where(...)`
- query.joins(:metrics)
-end
-```
-
-### Validating start and end events
-
-Some start/end event pairs are not "compatible" with each other. For example:
-
-- "Issue created" to "Merge Request created": The event classes are defined on different domain models, the `object_type` method is different.
-- "Issue closed" to "Issue created": Issue must be created first before it can be closed.
-- "Issue closed" to "Issue closed": Duration is always 0.
-
-The `StageEvents` module describes the allowed `start_event` and `end_event` pairings (`PAIRING_RULES` constant). If a new event is added, it needs to be registered in this module.
-​To add a new event:​
-
-1. Add an entry in `ENUM_MAPPING` with a unique number, it'll be used in the `Stage` model as `enum`.
-1. Define which events are compatible with the event in the `PAIRING_RULES` hash.
-
-Supported start/end event pairings:
-
-```mermaid
-graph LR;
- IssueCreated --> IssueClosed;
- IssueCreated --> IssueFirstAddedToBoard;
- IssueCreated --> IssueFirstAssociatedWithMilestone;
- IssueCreated --> IssueFirstMentionedInCommit;
- IssueCreated --> IssueLastEdited;
- IssueCreated --> IssueLabelAdded;
- IssueCreated --> IssueLabelRemoved;
- MergeRequestCreated --> MergeRequestMerged;
- MergeRequestCreated --> MergeRequestClosed;
- MergeRequestCreated --> MergeRequestFirstDeployedToProduction;
- MergeRequestCreated --> MergeRequestLastBuildStarted;
- MergeRequestCreated --> MergeRequestLastBuildFinished;
- MergeRequestCreated --> MergeRequestLastEdited;
- MergeRequestCreated --> MergeRequestLabelAdded;
- MergeRequestCreated --> MergeRequestLabelRemoved;
- MergeRequestLastBuildStarted --> MergeRequestLastBuildFinished;
- MergeRequestLastBuildStarted --> MergeRequestClosed;
- MergeRequestLastBuildStarted --> MergeRequestFirstDeployedToProduction;
- MergeRequestLastBuildStarted --> MergeRequestLastEdited;
- MergeRequestLastBuildStarted --> MergeRequestMerged;
- MergeRequestLastBuildStarted --> MergeRequestLabelAdded;
- MergeRequestLastBuildStarted --> MergeRequestLabelRemoved;
- MergeRequestMerged --> MergeRequestFirstDeployedToProduction;
- MergeRequestMerged --> MergeRequestClosed;
- MergeRequestMerged --> MergeRequestFirstDeployedToProduction;
- MergeRequestMerged --> MergeRequestLastEdited;
- MergeRequestMerged --> MergeRequestLabelAdded;
- MergeRequestMerged --> MergeRequestLabelRemoved;
- IssueLabelAdded --> IssueLabelAdded;
- IssueLabelAdded --> IssueLabelRemoved;
- IssueLabelAdded --> IssueClosed;
- IssueLabelRemoved --> IssueClosed;
- IssueFirstAddedToBoard --> IssueClosed;
- IssueFirstAddedToBoard --> IssueFirstAssociatedWithMilestone;
- IssueFirstAddedToBoard --> IssueFirstMentionedInCommit;
- IssueFirstAddedToBoard --> IssueLastEdited;
- IssueFirstAddedToBoard --> IssueLabelAdded;
- IssueFirstAddedToBoard --> IssueLabelRemoved;
- IssueFirstAssociatedWithMilestone --> IssueClosed;
- IssueFirstAssociatedWithMilestone --> IssueFirstAddedToBoard;
- IssueFirstAssociatedWithMilestone --> IssueFirstMentionedInCommit;
- IssueFirstAssociatedWithMilestone --> IssueLastEdited;
- IssueFirstAssociatedWithMilestone --> IssueLabelAdded;
- IssueFirstAssociatedWithMilestone --> IssueLabelRemoved;
- IssueFirstMentionedInCommit --> IssueClosed;
- IssueFirstMentionedInCommit --> IssueFirstAssociatedWithMilestone;
- IssueFirstMentionedInCommit --> IssueFirstAddedToBoard;
- IssueFirstMentionedInCommit --> IssueLastEdited;
- IssueFirstMentionedInCommit --> IssueLabelAdded;
- IssueFirstMentionedInCommit --> IssueLabelRemoved;
- IssueClosed --> IssueLastEdited;
- IssueClosed --> IssueLabelAdded;
- IssueClosed --> IssueLabelRemoved;
- MergeRequestClosed --> MergeRequestFirstDeployedToProduction;
- MergeRequestClosed --> MergeRequestLastEdited;
- MergeRequestClosed --> MergeRequestLabelAdded;
- MergeRequestClosed --> MergeRequestLabelRemoved;
- MergeRequestFirstDeployedToProduction --> MergeRequestLastEdited;
- MergeRequestFirstDeployedToProduction --> MergeRequestLabelAdded;
- MergeRequestFirstDeployedToProduction --> MergeRequestLabelRemoved;
- MergeRequestLastBuildFinished --> MergeRequestClosed;
- MergeRequestLastBuildFinished --> MergeRequestFirstDeployedToProduction;
- MergeRequestLastBuildFinished --> MergeRequestLastEdited;
- MergeRequestLastBuildFinished --> MergeRequestMerged;
- MergeRequestLastBuildFinished --> MergeRequestLabelAdded;
- MergeRequestLastBuildFinished --> MergeRequestLabelRemoved;
- MergeRequestLabelAdded --> MergeRequestLabelAdded;
- MergeRequestLabelAdded --> MergeRequestLabelRemoved;
- MergeRequestLabelRemoved --> MergeRequestLabelAdded;
- MergeRequestLabelRemoved --> MergeRequestLabelRemoved;
-```
-
-### Parent
-
-Teams and organizations might define their own way of building software, thus stages can be completely different. For each stage, a parent object needs to be defined.
-
-Currently supported parents:
-
-- `Project`
-- `Group`
-
-#### How parent relationship it work
-
-1. User navigates to the cycle analytics page.
-1. User selects a group.
-1. Backend loads the defined stages for the selected group.
-1. Additions and modifications to the stages will be persisted within the selected group only.
-
-### Default stages
-
-The [original implementation](https://gitlab.com/gitlab-org/gitlab/issues/847) of cycle analytics defined 7 stages. These stages are always available for each parent, however altering these stages is not possible.
-​
-To make things efficient and reduce the number of records created, the default stages are expressed as in-memory objects (not persisted). When the user creates a custom stage for the first time, all the stages will be persisted. This behaviour is implemented in the cycle analytics service objects.
-​
-The reason for this was that we'd like to add the abilities to hide and order stages later on.
-
-## Data Collector
-
-`DataCollector` is the central point where the data will be queried from the database. The class always operates on a single stage and consists of the following components:
-
-- `BaseQueryBuilder`:
- - Responsible for composing the initial query.
- - Deals with `Stage` specific configuration: events and their query customizations.
- - Parameters coming from the UI: date ranges.
-- `Median`: Calculates the median duration for a stage using the query from `BaseQueryBuilder`.
-- `RecordsFetcher`: Loads relevant records for a stage using the query from `BaseQueryBuilder` and specific `Finder` classes to apply visibility rules.
-- `DataForDurationChart`: Loads calculated durations with the finish time (end event timestamp) for the scatterplot chart.
-
-For a new calculation or a query, implement it as a new method call in the `DataCollector` class.
-
-## Database query
-
-Structure of the database query:
-
-```sql
-SELECT (customized by: Median or RecordsFetcher or DataForDurationChart)
-FROM OBJECT_TYPE (Issue or MergeRequest)
-INNER JOIN (several JOIN statements, depending on the events)
-WHERE
- (Filter by the PARENT model, example: filter Issues from Project A)
- (Date range filter based on the OBJECT_TYPE.created_at)
- (Check if the START_EVENT is earlier than END_EVENT, preventing negative duration)
-```
-
-Structure of the `SELECT` statement for `Median`:
-
-```sql
-SELECT (calculate median from START_EVENT_TIME-END_EVENT_TIME)
-```
-
-Structure of the `SELECT` statement for `DataForDurationChart`:
-
-```sql
-SELECT (START_EVENT_TIME-END_EVENT_TIME) as duration, END_EVENT.timestamp
-```
-
-## High-level overview
-
-- Rails Controller (`Analytics::CycleAnalytics` module): Cycle analytics exposes its data via JSON endpoints, implemented within the `analytics` workspace. Configuring the stages are also implements JSON endpoints (CRUD).
-- Services (`Analytics::CycleAnalytics` module): All `Stage` related actions will be delegated to respective service objects.
-- Models (`Analytics::CycleAnalytics` module): Models are used to persist the `Stage` objects `ProjectStage` and `GroupStage`.
-- Feature classes (`Gitlab::Analytics::CycleAnalytics` module):
- - Responsible for composing queries and define feature specific busines logic.
- - `DataCollector`, `Event`, `StageEvents`, etc.
-
-## Testing
-
-Since we have a lots of events and possible pairings, testing each pairing is not possible. The rule is to have at least one test case using an `Event` class.
-
-Writing a test case for a stage using a new `Event` can be challenging since data must be created for both events. To make this a bit simpler, each test case must be implemented in the `data_collector_spec.rb` where the stage is tested through the `DataCollector`. Each test case will be turned into multiple tests, covering the following cases:
-
-- Different parents: `Group` or `Project`
-- Different calculations: `Median`, `RecordsFetcher` or `DataForDurationChart`
+This document was moved to [another location](value_stream_analytics.md)
diff --git a/doc/development/i18n/externalization.md b/doc/development/i18n/externalization.md
index b3a08eed717..2595ee5b6d3 100644
--- a/doc/development/i18n/externalization.md
+++ b/doc/development/i18n/externalization.md
@@ -559,5 +559,5 @@ Let's suppose you want to add translations for a new language, let's say French.
```shell
git add locale/fr/ app/assets/javascripts/locale/fr/
- git commit -m "Add French translations for Cycle Analytics page"
+ git commit -m "Add French translations for Value Stream Analytics page"
```
diff --git a/doc/development/testing_guide/best_practices.md b/doc/development/testing_guide/best_practices.md
index 54666d67b8d..3285aaed095 100644
--- a/doc/development/testing_guide/best_practices.md
+++ b/doc/development/testing_guide/best_practices.md
@@ -572,6 +572,27 @@ Example:
expect(response).to have_gitlab_http_status(:ok)
```
+### Testing query performance
+
+Testing query performance allows us to:
+
+- Assert that N+1 problems do not exist within a block of code.
+- Ensure that the number of queries within a block of code does not increase unnoticed.
+
+#### QueryRecorder
+
+`QueryRecorder` allows profiling and testing of the number of database queries
+performed within a given block of code.
+
+See the [`QueryRecorder`](../query_recorder.md) section for more details.
+
+#### GitalyClient
+
+`Gitlab::GitalyClient.get_request_count` allows tests of the number of Gitaly queries
+made by a given block of code:
+
+See the [`Gitaly Request Counts`](../gitaly.md#request-counts) section for more details.
+
### Shared contexts
Shared contexts only used in one spec file can be declared inline.
diff --git a/doc/development/value_stream_analytics.md b/doc/development/value_stream_analytics.md
new file mode 100644
index 00000000000..5c6d3f18d9a
--- /dev/null
+++ b/doc/development/value_stream_analytics.md
@@ -0,0 +1,248 @@
+# Value Stream Analytics development guide
+
+Value stream analytics calculates the time between two arbitrary events recorded on domain objects and provides aggregated statistics about the duration.
+
+For information on how to configure Value Stream Analytics in GitLab, see our [analytics documentation](../user/analytics/value_stream_analytics.md).
+
+## Stage
+
+During development, events occur that move issues and merge requests through different stages of progress until they are considered finished. These stages can be expressed with the `Stage` model.
+
+Example stage:
+
+- Name: Development
+- Start event: Issue created
+- End event: Issue first mentioned in commit
+- Parent: `Group: gitlab-org`
+
+### Events
+
+Events are the smallest building blocks of the value stream analytics feature. A stage consists of two events:
+
+- Start
+- End
+
+These events play a key role in the duration calculation.
+
+Formula: `duration = end_event_time - start_event_time`
+
+To make the duration calculation flexible, each `Event` is implemented as a separate class. They're responsible for defining a timestamp expression that will be used in the calculation query.
+
+#### Implementing an `Event` class
+
+There are a few methods that are required to be implemented, the `StageEvent` base class describes them in great detail. The most important ones are:
+
+- `object_type`
+- `timestamp_projection`
+
+The `object_type` method defines which domain object will be queried for the calculation. Currently two models are allowed:
+
+- `Issue`
+- `MergeRequest`
+
+For the duration calculation the `timestamp_projection` method will be used.
+
+```ruby
+def timestamp_projection
+ # your timestamp expression comes here
+end
+
+# event will use the issue creation time in the duration calculation
+def timestamp_projection
+ Issue.arel_table[:created_at]
+end
+```
+
+NOTE: **Note:**
+More complex expressions are also possible (e.g. using `COALESCE`). Look at the existing event classes for examples.
+
+In some cases, defining the `timestamp_projection` method is not enough. The calculation query should know which table contains the timestamp expression. Each `Event` class is responsible for making modifications to the calculation query to make the `timestamp_projection` work. This usually means joining an additional table.
+
+Example for joining the `issue_metrics` table and using the `first_mentioned_in_commit_at` column as the timestamp expression:
+
+```ruby
+def object_type
+ Issue
+end
+
+def timestamp_projection
+ IssueMetrics.arel_table[:first_mentioned_in_commit_at]
+end
+
+def apply_query_customization(query)
+ # in this case the query attribute will be based on the Issue model: `Issue.where(...)`
+ query.joins(:metrics)
+end
+```
+
+### Validating start and end events
+
+Some start/end event pairs are not "compatible" with each other. For example:
+
+- "Issue created" to "Merge Request created": The event classes are defined on different domain models, the `object_type` method is different.
+- "Issue closed" to "Issue created": Issue must be created first before it can be closed.
+- "Issue closed" to "Issue closed": Duration is always 0.
+
+The `StageEvents` module describes the allowed `start_event` and `end_event` pairings (`PAIRING_RULES` constant). If a new event is added, it needs to be registered in this module.
+​To add a new event:​
+
+1. Add an entry in `ENUM_MAPPING` with a unique number, it'll be used in the `Stage` model as `enum`.
+1. Define which events are compatible with the event in the `PAIRING_RULES` hash.
+
+Supported start/end event pairings:
+
+```mermaid
+graph LR;
+ IssueCreated --> IssueClosed;
+ IssueCreated --> IssueFirstAddedToBoard;
+ IssueCreated --> IssueFirstAssociatedWithMilestone;
+ IssueCreated --> IssueFirstMentionedInCommit;
+ IssueCreated --> IssueLastEdited;
+ IssueCreated --> IssueLabelAdded;
+ IssueCreated --> IssueLabelRemoved;
+ MergeRequestCreated --> MergeRequestMerged;
+ MergeRequestCreated --> MergeRequestClosed;
+ MergeRequestCreated --> MergeRequestFirstDeployedToProduction;
+ MergeRequestCreated --> MergeRequestLastBuildStarted;
+ MergeRequestCreated --> MergeRequestLastBuildFinished;
+ MergeRequestCreated --> MergeRequestLastEdited;
+ MergeRequestCreated --> MergeRequestLabelAdded;
+ MergeRequestCreated --> MergeRequestLabelRemoved;
+ MergeRequestLastBuildStarted --> MergeRequestLastBuildFinished;
+ MergeRequestLastBuildStarted --> MergeRequestClosed;
+ MergeRequestLastBuildStarted --> MergeRequestFirstDeployedToProduction;
+ MergeRequestLastBuildStarted --> MergeRequestLastEdited;
+ MergeRequestLastBuildStarted --> MergeRequestMerged;
+ MergeRequestLastBuildStarted --> MergeRequestLabelAdded;
+ MergeRequestLastBuildStarted --> MergeRequestLabelRemoved;
+ MergeRequestMerged --> MergeRequestFirstDeployedToProduction;
+ MergeRequestMerged --> MergeRequestClosed;
+ MergeRequestMerged --> MergeRequestFirstDeployedToProduction;
+ MergeRequestMerged --> MergeRequestLastEdited;
+ MergeRequestMerged --> MergeRequestLabelAdded;
+ MergeRequestMerged --> MergeRequestLabelRemoved;
+ IssueLabelAdded --> IssueLabelAdded;
+ IssueLabelAdded --> IssueLabelRemoved;
+ IssueLabelAdded --> IssueClosed;
+ IssueLabelRemoved --> IssueClosed;
+ IssueFirstAddedToBoard --> IssueClosed;
+ IssueFirstAddedToBoard --> IssueFirstAssociatedWithMilestone;
+ IssueFirstAddedToBoard --> IssueFirstMentionedInCommit;
+ IssueFirstAddedToBoard --> IssueLastEdited;
+ IssueFirstAddedToBoard --> IssueLabelAdded;
+ IssueFirstAddedToBoard --> IssueLabelRemoved;
+ IssueFirstAssociatedWithMilestone --> IssueClosed;
+ IssueFirstAssociatedWithMilestone --> IssueFirstAddedToBoard;
+ IssueFirstAssociatedWithMilestone --> IssueFirstMentionedInCommit;
+ IssueFirstAssociatedWithMilestone --> IssueLastEdited;
+ IssueFirstAssociatedWithMilestone --> IssueLabelAdded;
+ IssueFirstAssociatedWithMilestone --> IssueLabelRemoved;
+ IssueFirstMentionedInCommit --> IssueClosed;
+ IssueFirstMentionedInCommit --> IssueFirstAssociatedWithMilestone;
+ IssueFirstMentionedInCommit --> IssueFirstAddedToBoard;
+ IssueFirstMentionedInCommit --> IssueLastEdited;
+ IssueFirstMentionedInCommit --> IssueLabelAdded;
+ IssueFirstMentionedInCommit --> IssueLabelRemoved;
+ IssueClosed --> IssueLastEdited;
+ IssueClosed --> IssueLabelAdded;
+ IssueClosed --> IssueLabelRemoved;
+ MergeRequestClosed --> MergeRequestFirstDeployedToProduction;
+ MergeRequestClosed --> MergeRequestLastEdited;
+ MergeRequestClosed --> MergeRequestLabelAdded;
+ MergeRequestClosed --> MergeRequestLabelRemoved;
+ MergeRequestFirstDeployedToProduction --> MergeRequestLastEdited;
+ MergeRequestFirstDeployedToProduction --> MergeRequestLabelAdded;
+ MergeRequestFirstDeployedToProduction --> MergeRequestLabelRemoved;
+ MergeRequestLastBuildFinished --> MergeRequestClosed;
+ MergeRequestLastBuildFinished --> MergeRequestFirstDeployedToProduction;
+ MergeRequestLastBuildFinished --> MergeRequestLastEdited;
+ MergeRequestLastBuildFinished --> MergeRequestMerged;
+ MergeRequestLastBuildFinished --> MergeRequestLabelAdded;
+ MergeRequestLastBuildFinished --> MergeRequestLabelRemoved;
+ MergeRequestLabelAdded --> MergeRequestLabelAdded;
+ MergeRequestLabelAdded --> MergeRequestLabelRemoved;
+ MergeRequestLabelRemoved --> MergeRequestLabelAdded;
+ MergeRequestLabelRemoved --> MergeRequestLabelRemoved;
+```
+
+### Parent
+
+Teams and organizations might define their own way of building software, thus stages can be completely different. For each stage, a parent object needs to be defined.
+
+Currently supported parents:
+
+- `Project`
+- `Group`
+
+#### How parent relationship it work
+
+1. User navigates to the value stream analytics page.
+1. User selects a group.
+1. Backend loads the defined stages for the selected group.
+1. Additions and modifications to the stages will be persisted within the selected group only.
+
+### Default stages
+
+The [original implementation](https://gitlab.com/gitlab-org/gitlab/issues/847) of value stream analytics defined 7 stages. These stages are always available for each parent, however altering these stages is not possible.
+​
+To make things efficient and reduce the number of records created, the default stages are expressed as in-memory objects (not persisted). When the user creates a custom stage for the first time, all the stages will be persisted. This behaviour is implemented in the value stream analytics service objects.
+​
+The reason for this was that we'd like to add the abilities to hide and order stages later on.
+
+## Data Collector
+
+`DataCollector` is the central point where the data will be queried from the database. The class always operates on a single stage and consists of the following components:
+
+- `BaseQueryBuilder`:
+ - Responsible for composing the initial query.
+ - Deals with `Stage` specific configuration: events and their query customizations.
+ - Parameters coming from the UI: date ranges.
+- `Median`: Calculates the median duration for a stage using the query from `BaseQueryBuilder`.
+- `RecordsFetcher`: Loads relevant records for a stage using the query from `BaseQueryBuilder` and specific `Finder` classes to apply visibility rules.
+- `DataForDurationChart`: Loads calculated durations with the finish time (end event timestamp) for the scatterplot chart.
+
+For a new calculation or a query, implement it as a new method call in the `DataCollector` class.
+
+## Database query
+
+Structure of the database query:
+
+```sql
+SELECT (customized by: Median or RecordsFetcher or DataForDurationChart)
+FROM OBJECT_TYPE (Issue or MergeRequest)
+INNER JOIN (several JOIN statements, depending on the events)
+WHERE
+ (Filter by the PARENT model, example: filter Issues from Project A)
+ (Date range filter based on the OBJECT_TYPE.created_at)
+ (Check if the START_EVENT is earlier than END_EVENT, preventing negative duration)
+```
+
+Structure of the `SELECT` statement for `Median`:
+
+```sql
+SELECT (calculate median from START_EVENT_TIME-END_EVENT_TIME)
+```
+
+Structure of the `SELECT` statement for `DataForDurationChart`:
+
+```sql
+SELECT (START_EVENT_TIME-END_EVENT_TIME) as duration, END_EVENT.timestamp
+```
+
+## High-level overview
+
+- Rails Controller (`Analytics::CycleAnalytics` module): Value stream analytics exposes its data via JSON endpoints, implemented within the `analytics` workspace. Configuring the stages are also implements JSON endpoints (CRUD).
+- Services (`Analytics::CycleAnalytics` module): All `Stage` related actions will be delegated to respective service objects.
+- Models (`Analytics::CycleAnalytics` module): Models are used to persist the `Stage` objects `ProjectStage` and `GroupStage`.
+- Feature classes (`Gitlab::Analytics::CycleAnalytics` module):
+ - Responsible for composing queries and define feature specific busines logic.
+ - `DataCollector`, `Event`, `StageEvents`, etc.
+
+## Testing
+
+Since we have a lots of events and possible pairings, testing each pairing is not possible. The rule is to have at least one test case using an `Event` class.
+
+Writing a test case for a stage using a new `Event` can be challenging since data must be created for both events. To make this a bit simpler, each test case must be implemented in the `data_collector_spec.rb` where the stage is tested through the `DataCollector`. Each test case will be turned into multiple tests, covering the following cases:
+
+- Different parents: `Group` or `Project`
+- Different calculations: `Median`, `RecordsFetcher` or `DataForDurationChart`
diff --git a/doc/topics/web_application_firewall/img/guide_waf_ingress_installation.png b/doc/topics/web_application_firewall/img/guide_waf_ingress_installation.png
new file mode 100644
index 00000000000..a150fa4e46f
--- /dev/null
+++ b/doc/topics/web_application_firewall/img/guide_waf_ingress_installation.png
Binary files differ
diff --git a/doc/topics/web_application_firewall/index.md b/doc/topics/web_application_firewall/index.md
new file mode 100644
index 00000000000..db1265e08ac
--- /dev/null
+++ b/doc/topics/web_application_firewall/index.md
@@ -0,0 +1,95 @@
+# Web Application Firewall - ModSecurity
+
+A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to
+and from a web application. By inspecting HTTP traffic, it can prevent attacks
+stemming from web application security flaws. It can be used to detect SQL injection,
+Cross-Site Scripting (XSS), Remote File Inclusion, Security Misconfigurations, and
+much more.
+
+## Overview
+
+GitLab provides a WAF out of the box after Ingress is deployed.
+All you need to do is deploy your application along with a service
+and Ingress resource.
+
+In GitLab's [Ingress](../../user/clusters/applications.md#ingress) deployment, the [ModSecurity](https://modsecurity.org/) module is loaded
+into Ingress-NGINX by default and monitors the traffic going to the
+applications which have an Ingress.
+
+The ModSecurity module runs with the [OWASP Core Rule Set (CRS)](https://coreruleset.org/) by default. The OWASP CRS will detect and log a wide range of common attacks.
+
+NOTE: **Note**
+The WAF is deployed in "Detection-only mode" by default and will only log attack
+attempts.
+
+## Requirements
+
+The Web Application Firewall requires:
+
+- **Kubernetes**
+
+ To enable the WAF, you need:
+
+ - Kubernetes 1.12+.
+ - A load balancer. You can use NGINX-Ingress by deploying it to your
+ Kubernetes cluster by either:
+ - Using the [`nginx-ingress` Helm chart](https://github.com/helm/charts/tree/master/stable/nginx-ingress).
+ - Installing the [Ingress GitLab Managed App](../../user/clusters/applications.md#ingress) with WAF enabled.
+
+- **Configured Kubernetes objects**
+
+ To use the WAF on an application, you need to deploy the following Kubernetes resources:
+
+ - [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
+ - [Service](https://kubernetes.io/docs/concepts/services-networking/service/)
+ - [Ingress Resource](https://kubernetes.io/docs/concepts/services-networking/ingress/)
+
+## Quick start
+
+If you are using GitLab.com, see the [quick start guide](quick_start_guide.md) for
+how to use the WAF with GitLab.com and a Kubernetes cluster on Google Kubernetes Engine (GKE).
+
+If you are using a self-hosted instance of GitLab, you need to configure the
+[Google OAuth2 OmniAuth Provider](../../integration/google.md) before
+you can configure a cluster on GKE. Once this is set up, you can follow the steps on the [quick start guide](quick_start_guide.md) to get started.
+
+NOTE: **Note**
+This guide shows how the WAF can be deployed using Auto DevOps. The WAF
+is avaliable by default to all applications no matter how they are deployed,
+as long as they are using Ingress.
+
+## Network firewall vs. Web Application Firewall
+
+A network firewall or packet filter looks at traffic at the Network (L3) and Transport (L4) layers
+of the [OSI Model](https://en.wikipedia.org/wiki/OSI_model), and denies packets from entry based on
+a set of rules regarding the network in general.
+
+A Web Application Firewall operates at the Application (L7) layer of the OSI Model and can
+examine all the packets traveling to and from a specific application. A WAF can set
+more advanced rules around threat detection.
+
+## Features
+
+ModSecurity is enabled with the [OWASP Core Rule Set (CRS)](https://modsecurity.org/crs/) by
+default. The OWASP CRS logs attempts to the following attacks:
+
+- [SQL Injection](https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_SQL_Injection)
+- [Cross-Site Scripting](https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Cross-Site_Scripting_(XSS))
+- [Local File Inclusion](https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
+- [Remote File Inclusion](https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_Remote_File_Inclusion)
+- [Code Injection](https://www.owasp.org/index.php/Code_Injection)
+- [Session Fixation](https://www.owasp.org/index.php/Session_fixation)
+- [Scanner Detection](https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools)
+- [Metadata/Error Leakages](https://www.owasp.org/index.php/Improper_Error_Handling)
+
+It is good to have a basic knowledge of the following:
+
+- [Kubernetes](https://kubernetes.io/docs/home/)
+- [Ingress](https://kubernetes.github.io/ingress-nginx/)
+- [ModSecurity](https://www.modsecurity.org/)
+- [OWASP Core Rule Set](https://modsecurity.org/crs/)
+
+## Roadmap
+
+More information on the direction of the WAF can be
+found in [Product Vision - Defend](https://about.gitlab.com/direction/defend/#waf)
diff --git a/doc/topics/web_application_firewall/quick_start_guide.md b/doc/topics/web_application_firewall/quick_start_guide.md
new file mode 100644
index 00000000000..35003785753
--- /dev/null
+++ b/doc/topics/web_application_firewall/quick_start_guide.md
@@ -0,0 +1,266 @@
+# Getting started with the Web Application Firewall
+
+This is a step-by-step guide that will help you use GitLab's [Web Application Firewall](index.md) after
+deploying a project hosted on GitLab.com to Google Kubernetes Engine using [Auto DevOps](../autodevops/index.md).
+
+We will use GitLab's native Kubernetes integration, so you will not need
+to create a Kubernetes cluster manually using the Google Cloud Platform console.
+We will create and deploy a simple application that we create from a GitLab template.
+
+These instructions will also work for a self-hosted GitLab instance. However, you will
+need to ensure your own [Runners are configured](../../ci/runners/README.md) and
+[Google OAuth is enabled](../../integration/google.md).
+
+**Note**: GitLab's Web Application Firewall is deployed with [Ingress](../../user/clusters/applications.md#Ingress),
+so it will be avaliable to your applications no matter how you deploy them to Kubernetes.
+
+## Enable or disable ModSecurity
+
+ModSecurity is enabled by default on GitLab.com. You can toggle the feature flag to false by running the following command in the Rails console:
+
+```ruby
+Feature.disable(:ingress_modsecurity)
+```
+
+Once disabled, you must uninstall and reinstall your Ingress application for the changes to take effect. See the [Feature Flag](../../user/project/operations/feature_flags.md) documentation for more information.
+
+## Configuring your Google account
+
+Before creating and connecting your Kubernetes cluster to your GitLab project,
+you need a Google Cloud Platform account. If you do not already have one,
+sign up at <https://console.cloud.google.com>. You will need to either sign in with an existing
+Google account (for example, one that you use to access Gmail, Drive, etc.) or create a new one.
+
+1. To enable the required APIs and related services, follow the steps in the ["Before you begin" section of the Kubernetes Engine docs](https://cloud.google.com/kubernetes-engine/docs/quickstart#before-you-begin).
+1. Make sure you have created a [billing account](https://cloud.google.com/billing/docs/how-to/manage-billing-account).
+
+TIP: **Tip:**
+Every new Google Cloud Platform (GCP) account receives [$300 in credit](https://console.cloud.google.com/freetrial),
+and in partnership with Google, GitLab is able to offer an additional $200 for new GCP accounts to get started with GitLab's
+Google Kubernetes Engine integration. All you have to do is [follow this link](https://cloud.google.com/partners/partnercredit/?PCN=a0n60000006Vpz4AAC) and apply for credit.
+
+## Creating a new project from a template
+
+We will use one of GitLab's project templates to get started. As the name suggests,
+those projects provide a barebones application built on some well-known frameworks.
+
+1. In GitLab, click the plus icon (**+**) at the top of the navigation bar and select
+ **New project**.
+1. Go to the **Create from template** tab where you can choose for example a Ruby on
+ Rails, Spring, or NodeJS Express project.
+ We will use the Ruby on Rails template.
+
+ ![Select project template](../autodevops/img/guide_project_template_v12_3.png)
+
+1. Give your project a name, optionally a description, and make it public so that
+ you can take advantage of the features available in the
+ [GitLab Gold plan](https://about.gitlab.com/pricing/#gitlab-com).
+
+ ![Create project](../autodevops/img/guide_create_project_v12_3.png)
+
+1. Click **Create project**.
+
+Now that the project is created, the next step is to create the Kubernetes cluster
+under which this application will be deployed.
+
+## Creating a Kubernetes cluster from within GitLab
+
+1. On the project's landing page, click **Add Kubernetes cluster**
+ (note that this option is also available when you navigate to **Operations > Kubernetes**).
+
+ ![Project landing page](../autodevops/img/guide_project_landing_page_v12_3.png)
+
+1. On the **Create new cluster on GKE** tab, click **Sign in with Google**.
+
+ ![Google sign in](../autodevops/img/guide_google_signin_v12_3.png)
+
+1. Connect with your Google account and click **Allow** when asked (this
+ appears only the first time you connect GitLab with your Google account).
+
+ ![Google auth](../autodevops/img/guide_google_auth_v12_3.png)
+
+1. The last step is to provide the cluster details.
+ 1. Give it a name, leave the environment scope as is, and choose the GCP project under which the cluster
+ will be created (per the instructions to [configure your Google account](#configuring-your-google-account), a project should have already been created for you).
+ 1. Choose the [region/zone](https://cloud.google.com/compute/docs/regions-zones/) under which the cluster will be created.
+ 1. Enter the number of nodes you want it to have.
+ 1. Choose the [machine type](https://cloud.google.com/compute/docs/machine-types).
+
+ ![GitLab GKE cluster details](../autodevops/img/guide_gitlab_gke_details_v12_3.png)
+
+1. Click **Create Kubernetes cluster**.
+
+After a couple of minutes, the cluster is created. You can also see its
+status on your [GCP dashboard](https://console.cloud.google.com/kubernetes).
+
+The next step is to install some applications on your cluster that are needed
+to take full advantage of Auto DevOps.
+
+## Installing Helm and Ingress
+
+GitLab's Kubernetes integration comes with some
+[pre-defined applications](../../user/project/clusters/index.md#installing-applications)
+for you to install.
+
+![Cluster applications](../autodevops/img/guide_cluster_apps_v12_3.png)
+
+The first one to install is Helm Tiller, a package manager for Kubernetes, which
+is needed in order to install the rest of the applications. Go ahead and click
+its **Install** button.
+Once it is installed, the other applications that rely on it will each have their
+**Install** buttons enabled.
+
+For this guide, we need to install Ingress. Ingress provides load balancing,
+SSL termination, and name-based virtual hosting, using NGINX behind
+the scenes. Make sure that the **Enable Web Application Firewall** button is checked
+before installing.
+
+![Cluster applications](./img/guide_waf_ingress_installation.png)
+
+After Ingress is installed, wait a few seconds and copy the IP address that
+is displayed in order to add in your base **Domain** at the top of the page. For
+the purpose of this guide, we will use the one suggested by GitLab. Once you have
+filled in the domain, click **Save changes**.
+
+![Cluster Base Domain](../autodevops/img/guide_base_domain_v12_3.png)
+
+Prometheus should also be installed. It is an open-source monitoring and
+alerting system that we will use to supervise the deployed application.
+We will not install GitLab Runners as we will use the shared Runners that
+GitLab.com provides.
+
+## Enabling Auto DevOps (optional)
+
+Starting with GitLab 11.3, Auto DevOps is enabled by default. However, it is possible to disable
+Auto DevOps at both the instance-level (for self-managed instances) and the group-level.
+Follow these steps if Auto DevOps has been manually disabled:
+
+1. Navigate to **Settings > CI/CD > Auto DevOps**.
+1. Select **Default to Auto DevOps pipeline**.
+1. Select the [continuous deployment strategy](../autodevops/index.md#deployment-strategy)
+ which automatically deploys the application to production once the pipeline
+ successfully runs on the `master` branch.
+1. Click **Save changes**.
+
+ ![Auto DevOps settings](../autodevops/img/guide_enable_autodevops_v12_3.png)
+
+Once you complete all the above and save your changes, a new pipeline is
+automatically created. To view the pipeline, go to **CI/CD > Pipelines**.
+
+![First pipeline](../autodevops/img/guide_first_pipeline_v12_3.png)
+
+The next section explains what each pipeline job does.
+
+## Deploying the application
+
+By now you should see the pipeline running, but what is it running exactly?
+
+To navigate inside the pipeline, click its status badge (its status should be "Running").
+The pipeline is split into a few stages, each running a couple of jobs.
+
+![Pipeline stages](../autodevops/img/guide_pipeline_stages_v12_3.png)
+
+In the **build** stage, the application is built into a Docker image and then
+uploaded to your project's [Container Registry](../../user/packages/container_registry/index.md) ([Auto Build](../autodevops/index.md#auto-build)).
+
+In the **test** stage, GitLab runs various checks on the application.
+
+The **production** stage is run after the tests and checks finish, and it automatically
+deploys the application in Kubernetes ([Auto Deploy](../autodevops/index.md#auto-deploy)).
+
+The **production** stage creates Kubernetes objects
+like a Deployment, Service, and Ingress resource. The
+application will be monitored by the WAF automatically.
+
+## Validating Ingress is running ModSecurity
+
+Now we can make sure that Ingress is running properly with ModSecurity and send
+a request to ensure our application is responding correctly. You must connect to
+your cluster either using [Cloud Shell](https://cloud.google.com/shell/) or the [Google Cloud SDK](https://cloud.google.com/sdk/install).
+
+1. After connecting to your cluster, check if the Ingress-NGINX controller is running and ModSecurity is enabled.
+
+ This is done by running the following commands:
+
+ ```bash
+ $ kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller'
+ ingress-nginx-ingress-controller-55f9cf6584-dxljn 2/2 Running
+
+ $ kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- cat /etc/nginx/nginx.conf | grep 'modsecurity on;'
+ modsecurity on;
+ ```
+
+1. Verify the Rails application has been installed properly.
+
+ ```bash
+ $ kubectl get ns
+ auto-devv-2-16730183-production Active
+
+ $ kubectl get pods -n auto-devv-2-16730183-production
+ NAME READY STATUS RESTARTS
+ production-5778cfcfcd-nqjcm 1/1 Running 0
+ production-postgres-6449f8cc98-r7xgg 1/1 Running 0
+ ```
+
+1. To make sure the Rails application is responding, send a request to it by running:
+
+ ```bash
+ $ kubectl get ing -n auto-devv-2-16730183-production
+ NAME HOSTS PORTS
+ production-auto-deploy fjdiaz-auto-devv-2.34.68.60.207.nip.io,le-16730183.34.68.60.207.nip.io 80, 443
+
+ $ curl --location --insecure fjdiaz-auto-devv-2.34.68.60.207.nip.io | grep 'Rails!' --after 2 --before 2
+ <body>
+ <p>You're on Rails!</p>
+ </body>
+ ```
+
+Now that we have confirmed our system is properly setup, we can go ahead and test
+the WAF with OWASP CRS!
+
+## Testing out the OWASP Core Rule Set
+
+Now let's send a potentially malicious request, as if we were a scanner,
+checking for vulnerabilities within our application and examine the modsecurity logs:
+
+```bash
+$ curl --location --insecure fjdiaz-auto-devv-2.34.68.60.207.nip.io --header "User-Agent: absinthe" | grep 'Rails!' --after 2 --before 2
+<body>
+ <p>You're on Rails!</p>
+</body>
+
+$ kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- cat /var/log/modsec/audit.log | grep 'absinthe'
+{
+ "message": "Found User-Agent associated with security scanner",
+ "details": {
+ "match": "Matched \"Operator `PmFromFile' with parameter `scanners-user-agents.data' against variable `REQUEST_HEADERS:user-agent' (Value: `absinthe' )",
+ "reference": "o0,8v84,8t:lowercase",
+ "ruleId": "913100",
+ "file": "/etc/nginx/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf",
+ "lineNumber": "33",
+ "data": "Matched Data: absinthe found within REQUEST_HEADERS:user-agent: absinthe",
+ "severity": "2",
+ "ver": "OWASP_CRS/3.2.0",
+ "rev": "",
+ "tags": ["application-multi", "language-multi", "platform-multi", "attack-reputation-scanner", "OWASP_CRS", "OWASP_CRS/AUTOMATION/SECURITY_SCANNER", "WASCTC/WASC-21", "OWASP_TOP_10/A7", "PCI/6.5.10"],
+ "maturity": "0",
+ "accuracy": "0"
+ }
+}
+```
+
+You can see that ModSecurity logs the suspicous behavior. By sending a request
+with the `User Agent: absinthe` header, which [absinthe](https://github.com/cameronhotchkies/Absinthe), a tool for testing for SQL injections uses, we can detect that someone was
+searching for vulnerabilities on our system. Detecting scanners is useful, because we
+can learn if someone is trying to exploit our system.
+
+## Conclusion
+
+You can now see the benefits of a using a Web Application Firewall.
+ModSecurity and the OWASP Core Rule Set, offer many more benefits.
+You can explore them in more detail:
+
+- [GitLab Defend Vision](https://about.gitlab.com/direction/defend/#waf)
+- [ModSecurity](https://www.modsecurity.org/)
+- [OWASP Core Rule Set](https://modsecurity.org/crs/)
+- [AutoDevOps](../autodevops/index.md)
diff --git a/doc/user/analytics/code_review_analytics.md b/doc/user/analytics/code_review_analytics.md
index 5861afd92a2..bb74e673b56 100644
--- a/doc/user/analytics/code_review_analytics.md
+++ b/doc/user/analytics/code_review_analytics.md
@@ -36,7 +36,7 @@ identify improvements that might substantially accelerate your development cycle
Code Review Analytics can be used when:
- Your team agrees that code review is moving too slow.
-- The [Cycle Analytics feature](cycle_analytics.md) shows that reviews are your team's most time-consuming step.
+- The [Value Stream Analytics feature](value_stream_analytics.md) shows that reviews are your team's most time-consuming step.
You can use Code Review Analytics to see the types of work that are currently moving the slowest, and analyze the patterns
and trends between them. For example:
diff --git a/doc/user/analytics/cycle_analytics.md b/doc/user/analytics/cycle_analytics.md
index c6de0138478..9d1cc508f63 100644
--- a/doc/user/analytics/cycle_analytics.md
+++ b/doc/user/analytics/cycle_analytics.md
@@ -1,221 +1,5 @@
-# Cycle Analytics
+---
+redirect_to: '../analytics/value_stream_analytics.md'
+---
-> - Introduced prior to GitLab 12.3 at the project level.
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12077) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.3 at the group level.
-
-Cycle Analytics measures the time spent to go from an
-[idea to production](https://about.gitlab.com/blog/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/#from-idea-to-production-with-gitlab)
-(also known as cycle time) for each of your projects. Cycle Analytics displays the median time
-spent in each stage defined in the process.
-
-NOTE: **Note:**
-Use the `cycle_analytics` feature flag to enable at the group level.
-
-Cycle Analytics is useful in order to quickly determine the velocity of a given
-project. It points to bottlenecks in the development process, enabling management
-to uncover, triage, and identify the root cause of slowdowns in the software development life cycle.
-
-Cycle Analytics is tightly coupled with the [GitLab flow](../../topics/gitlab_flow.md) and
-calculates a separate median for each stage.
-
-## Overview
-
-Cycle Analytics is available:
-
-- From GitLab 12.3, at the group level in the analytics workspace (top navigation bar) at
- **Analytics > Cycle Analytics**. **(PREMIUM)**
-
- In the future, multiple groups will be selectable which will effectively make this an
- instance-level feature.
-
-- At the project level via **Project > Cycle Analytics**.
-
-There are seven stages that are tracked as part of the Cycle Analytics calculations.
-
-- **Issue** (Tracker)
- - Time to schedule an issue (by milestone or by adding it to an issue board)
-- **Plan** (Board)
- - Time to first commit
-- **Code** (IDE)
- - Time to create a merge request
-- **Test** (CI)
- - Time it takes GitLab CI/CD to test your code
-- **Review** (Merge Request/MR)
- - Time spent on code review
-- **Staging** (Continuous Deployment)
- - Time between merging and deploying to production
-- **Total** (Total)
- - Total lifecycle time. That is, the velocity of the project or team. [Previously known](https://gitlab.com/gitlab-org/gitlab/issues/38317) as **Production**.
-
-## Date ranges
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/13216) in GitLab 12.4.
-
-GitLab provides the ability to filter analytics based on a date range. To filter results:
-
-1. Select a group.
-1. Optionally select a project.
-1. Select a date range using the available date pickers.
-
-## How the data is measured
-
-Cycle Analytics records cycle time and data based on the project issues with the
-exception of the staging and total stages, where only data deployed to
-production are measured.
-
-Specifically, if your CI is not set up and you have not defined a `production`
-or `production/*` [environment](../../ci/yaml/README.md#environment), then you will not have any
-data for this stage.
-
-Each stage of Cycle Analytics is further described in the table below.
-
-| **Stage** | **Description** |
-| --------- | --------------- |
-| Issue | Measures the median time between creating an issue and taking action to solve it, by either labeling it or adding it to a milestone, whatever comes first. The label will be tracked only if it already has an [Issue Board list](../project/issue_board.md#creating-a-new-list) created for it. |
-| Plan | Measures the median time between the action you took for the previous stage, and pushing the first commit to the branch. The very first commit of the branch is the one that triggers the separation between **Plan** and **Code**, and at least one of the commits in the branch needs to contain the related issue number (e.g., `#42`). If none of the commits in the branch mention the related issue number, it is not considered to the measurement time of the stage. |
-| Code | Measures the median time between pushing a first commit (previous stage) and creating a merge request (MR) related to that commit. The key to keep the process tracked is to include the [issue closing pattern](../project/issues/managing_issues.md#closing-issues-automatically) to the description of the merge request (for example, `Closes #xxx`, where `xxx` is the number of the issue related to this merge request). If the issue closing pattern is not present in the merge request description, the MR is not considered to the measurement time of the stage. |
-| Test | Measures the median time to run the entire pipeline for that project. It's related to the time GitLab CI takes to run every job for the commits pushed to that merge request defined in the previous stage. It is basically the start->finish time for all pipelines. |
-| Review | Measures the median time taken to review the merge request that has closing issue pattern, between its creation and until it's merged. |
-| Staging | Measures the median time between merging the merge request with closing issue pattern until the very first deployment to production. It's tracked by the environment set to `production` or matching `production/*` (case-sensitive, `Production` won't work) in your GitLab CI configuration. If there isn't a production environment, this is not tracked. |
-| Total | The sum of all time (medians) taken to run the entire process, from issue creation to deploying the code to production. [Previously known](https://gitlab.com/gitlab-org/gitlab/issues/38317) as **Production**. |
-
-How this works, behind the scenes:
-
-1. Issues and merge requests are grouped together in pairs, such that for each
- `<issue, merge request>` pair, the merge request has the [issue closing pattern](../project/issues/managing_issues.md#closing-issues-automatically)
- for the corresponding issue. All other issues and merge requests are **not**
- considered.
-1. Then the `<issue, merge request>` pairs are filtered out by last XX days (specified
- by the UI - default is 90 days). So it prohibits these pairs from being considered.
-1. For the remaining `<issue, merge request>` pairs, we check the information that
- we need for the stages, like issue creation date, merge request merge time,
- etc.
-
-To sum up, anything that doesn't follow [GitLab flow](../../workflow/gitlab_flow.md) will not be tracked and the
-Cycle Analytics dashboard will not present any data for:
-
-- Merge requests that do not close an issue.
-- Issues not labeled with a label present in the Issue Board or for issues not assigned a milestone.
-- Staging and production stages, if the project has no `production` or `production/*`
- environment.
-
-## Example workflow
-
-Below is a simple fictional workflow of a single cycle that happens in a
-single day passing through all seven stages. Note that if a stage does not have
-a start and a stop mark, it is not measured and hence not calculated in the median
-time. It is assumed that milestones are created and CI for testing and setting
-environments is configured.
-
-1. Issue is created at 09:00 (start of **Issue** stage).
-1. Issue is added to a milestone at 11:00 (stop of **Issue** stage / start of
- **Plan** stage).
-1. Start working on the issue, create a branch locally and make one commit at
- 12:00.
-1. Make a second commit to the branch which mentions the issue number at 12.30
- (stop of **Plan** stage / start of **Code** stage).
-1. Push branch and create a merge request that contains the [issue closing pattern](../project/issues/managing_issues.md#closing-issues-automatically)
- in its description at 14:00 (stop of **Code** stage / start of **Test** and
- **Review** stages).
-1. The CI starts running your scripts defined in [`.gitlab-ci.yml`](../../ci/yaml/README.md) and
- takes 5min (stop of **Test** stage).
-1. Review merge request, ensure that everything is OK and merge the merge
- request at 19:00. (stop of **Review** stage / start of **Staging** stage).
-1. Now that the merge request is merged, a deployment to the `production`
- environment starts and finishes at 19:30 (stop of **Staging** stage).
-1. The cycle completes and the sum of the median times of the previous stages
- is recorded to the **Total** stage. That is the time between creating an
- issue and deploying its relevant merge request to production.
-
-From the above example you can conclude the time it took each stage to complete
-as long as their total time:
-
-- **Issue**: 2h (11:00 - 09:00)
-- **Plan**: 1h (12:00 - 11:00)
-- **Code**: 2h (14:00 - 12:00)
-- **Test**: 5min
-- **Review**: 5h (19:00 - 14:00)
-- **Staging**: 30min (19:30 - 19:00)
-- **Total**: Since this stage measures the sum of median time of all
- previous stages, we cannot calculate it if we don't know the status of the
- stages before. In case this is the very first cycle that is run in the project,
- then the **Total** time is 10h 30min (19:30 - 09:00)
-
-A few notes:
-
-- In the above example we demonstrated that it doesn't matter if your first
- commit doesn't mention the issue number, you can do this later in any commit
- of the branch you are working on.
-- You can see that the **Test** stage is not calculated to the overall time of
- the cycle since it is included in the **Review** process (every MR should be
- tested).
-- The example above was just **one cycle** of the seven stages. Add multiple
- cycles, calculate their median time and the result is what the dashboard of
- Cycle Analytics is showing.
-
-## Days to completion chart
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/21631) in GitLab 12.6.
-
-This chart visually depicts the total number of days it takes for cycles to be completed.
-
-This chart uses the global page filters for displaying data based on the selected
-group, projects, and timeframe. In addition, specific stages can be selected
-from within the chart itself.
-
-### Chart median line
-
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/36675) in GitLab 12.7.
-
-The median line on the chart displays data that is offset by the number of days selected.
-For example, if 30 days worth of data has been selected (for example, 2019-12-16 to 2020-01-15) the
-median line will represent the previous 30 days worth of data (2019-11-16 to 2019-12-16)
-as a metric to compare against.
-
-### Disabling chart
-
-This chart is enabled by default. If you have a self-managed instance, an
-administrator can open a Rails console and disable it with the following command:
-
-```ruby
-Feature.disable(:cycle_analytics_scatterplot_enabled)
-```
-
-### Disabling chart median line
-
-This chart's median line is enabled by default. If you have a self-managed instance, an
-administrator can open a Rails console and disable it with the following command:
-
-```ruby
-Feature.disable(:cycle_analytics_scatterplot_median_enabled)
-```
-
-## Permissions
-
-The current permissions on the Project Cycle Analytics dashboard are:
-
-- Public projects - anyone can access.
-- Internal projects - any authenticated user can access.
-- Private projects - any member Guest and above can access.
-
-You can [read more about permissions](../../ci/yaml/README.md) in general.
-
-NOTE: **Note:**
-As of GitLab 12.3, the project-level page is deprecated. You should access
-project-level Cycle Analytics from **Analytics > Cycle Analytics** in the top
-navigation bar. We will ensure that the same project-level functionality is available
-to CE users in the new analytics space.
-
-For Cycle Analytics functionality introduced in GitLab 12.3 and later:
-
-- Users must have Reporter access or above.
-- Features are available only on
- [Premium or Silver tiers](https://about.gitlab.com/pricing/) and above.
-
-## More resources
-
-Learn more about Cycle Analytics in the following resources:
-
-- [Cycle Analytics feature page](https://about.gitlab.com/product/cycle-analytics/).
-- [Cycle Analytics feature preview](https://about.gitlab.com/blog/2016/09/16/feature-preview-introducing-cycle-analytics/).
-- [Cycle Analytics feature highlight](https://about.gitlab.com/blog/2016/09/21/cycle-analytics-feature-highlight/).
+This document was moved to [another location](../analytics/value_stream_analytics.md)
diff --git a/doc/user/analytics/index.md b/doc/user/analytics/index.md
index 3117a5dfbca..2aa9d31d8bf 100644
--- a/doc/user/analytics/index.md
+++ b/doc/user/analytics/index.md
@@ -16,13 +16,13 @@ Once enabled, click on **Analytics** from the top navigation bar.
From the centralized analytics workspace, the following analytics are available:
- [Code Review Analytics](code_review_analytics.md). **(STARTER)**
-- [Cycle Analytics](cycle_analytics.md), enabled with the `cycle_analytics`
+- [Value Stream Analytics](value_stream_analytics.md), enabled with the `cycle_analytics`
[feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development). **(PREMIUM)**
- [Productivity Analytics](productivity_analytics.md), enabled with the `productivity_analytics`
[feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development). **(PREMIUM)**
NOTE: **Note:**
-Project-level Cycle Analytics are still available at a project's **Project > Cycle Analytics**.
+Project-level Value Stream Analytics are still available at a project's **Project > Value Stream Analytics**.
## Other analytics tools
diff --git a/doc/user/analytics/productivity_analytics.md b/doc/user/analytics/productivity_analytics.md
index 798b12fc2bd..572265b5b09 100644
--- a/doc/user/analytics/productivity_analytics.md
+++ b/doc/user/analytics/productivity_analytics.md
@@ -7,7 +7,7 @@ Track development velocity with Productivity Analytics.
For many companies, the development cycle is a blackbox and getting an estimate of how
long, on average, it takes to deliver features is an enormous endeavor.
-While [Cycle Analytics](../project/cycle_analytics.md) focuses on the entire
+While [Value Stream Analytics](../project/cycle_analytics.md) focuses on the entire
Software Development Life Cycle (SDLC) process, Productivity Analytics provides a way for Engineering Management to drill down in a systematic way to uncover patterns and causes for success or failure at an individual, project or group level.
Productivity can slow down for many reasons ranging from degrading code base to quickly growing teams. In order to investigate, department or team leaders can start by visualizing the time it takes for merge requests to be merged.
diff --git a/doc/user/analytics/value_stream_analytics.md b/doc/user/analytics/value_stream_analytics.md
new file mode 100644
index 00000000000..718367dc69d
--- /dev/null
+++ b/doc/user/analytics/value_stream_analytics.md
@@ -0,0 +1,224 @@
+# Value Stream Analytics
+
+> - Introduced as Cycle Analytics prior to GitLab 12.3 at the project level.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12077) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.3 at the group level.
+> - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/23427) from Cycle Analytics to Value Stream Analytics in GitLab 12.8.
+
+Value Stream Analytics measures the time spent to go from an
+[idea to production](https://about.gitlab.com/blog/2016/08/05/continuous-integration-delivery-and-deployment-with-gitlab/#from-idea-to-production-with-gitlab)
+(also known as cycle time) for each of your projects. Value Stream Analytics displays the median time
+spent in each stage defined in the process.
+
+For information on how to contribute to the development of Value Stream Analytics, see our [contributor documentation](../../development/value_stream_analytics.md).
+
+NOTE: **Note:**
+Use the `cycle_analytics` feature flag to enable at the group level.
+
+Value Stream Analytics is useful in order to quickly determine the velocity of a given
+project. It points to bottlenecks in the development process, enabling management
+to uncover, triage, and identify the root cause of slowdowns in the software development life cycle.
+
+Value Stream Analytics is tightly coupled with the [GitLab flow](../../topics/gitlab_flow.md) and
+calculates a separate median for each stage.
+
+## Overview
+
+Value Stream Analytics is available:
+
+- From GitLab 12.3, at the group level in the analytics workspace (top navigation bar) at
+ **Analytics > Value Stream Analytics**. **(PREMIUM)**
+
+ In the future, multiple groups will be selectable which will effectively make this an
+ instance-level feature.
+
+- At the project level via **Project > Value Stream Analytics**.
+
+There are seven stages that are tracked as part of the Value Stream Analytics calculations.
+
+- **Issue** (Tracker)
+ - Time to schedule an issue (by milestone or by adding it to an issue board)
+- **Plan** (Board)
+ - Time to first commit
+- **Code** (IDE)
+ - Time to create a merge request
+- **Test** (CI)
+ - Time it takes GitLab CI/CD to test your code
+- **Review** (Merge Request/MR)
+ - Time spent on code review
+- **Staging** (Continuous Deployment)
+ - Time between merging and deploying to production
+- **Total** (Total)
+ - Total lifecycle time. That is, the velocity of the project or team. [Previously known](https://gitlab.com/gitlab-org/gitlab/issues/38317) as **Production**.
+
+## Date ranges
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/13216) in GitLab 12.4.
+
+GitLab provides the ability to filter analytics based on a date range. To filter results:
+
+1. Select a group.
+1. Optionally select a project.
+1. Select a date range using the available date pickers.
+
+## How the data is measured
+
+Value Stream Analytics records cycle time and data based on the project issues with the
+exception of the staging and total stages, where only data deployed to
+production are measured.
+
+Specifically, if your CI is not set up and you have not defined a `production`
+or `production/*` [environment](../../ci/yaml/README.md#environment), then you will not have any
+data for this stage.
+
+Each stage of Value Stream Analytics is further described in the table below.
+
+| **Stage** | **Description** |
+| --------- | --------------- |
+| Issue | Measures the median time between creating an issue and taking action to solve it, by either labeling it or adding it to a milestone, whatever comes first. The label will be tracked only if it already has an [Issue Board list](../project/issue_board.md#creating-a-new-list) created for it. |
+| Plan | Measures the median time between the action you took for the previous stage, and pushing the first commit to the branch. The very first commit of the branch is the one that triggers the separation between **Plan** and **Code**, and at least one of the commits in the branch needs to contain the related issue number (e.g., `#42`). If none of the commits in the branch mention the related issue number, it is not considered to the measurement time of the stage. |
+| Code | Measures the median time between pushing a first commit (previous stage) and creating a merge request (MR) related to that commit. The key to keep the process tracked is to include the [issue closing pattern](../project/issues/managing_issues.md#closing-issues-automatically) to the description of the merge request (for example, `Closes #xxx`, where `xxx` is the number of the issue related to this merge request). If the issue closing pattern is not present in the merge request description, the MR is not considered to the measurement time of the stage. |
+| Test | Measures the median time to run the entire pipeline for that project. It's related to the time GitLab CI takes to run every job for the commits pushed to that merge request defined in the previous stage. It is basically the start->finish time for all pipelines. |
+| Review | Measures the median time taken to review the merge request that has closing issue pattern, between its creation and until it's merged. |
+| Staging | Measures the median time between merging the merge request with closing issue pattern until the very first deployment to production. It's tracked by the environment set to `production` or matching `production/*` (case-sensitive, `Production` won't work) in your GitLab CI configuration. If there isn't a production environment, this is not tracked. |
+| Total | The sum of all time (medians) taken to run the entire process, from issue creation to deploying the code to production. [Previously known](https://gitlab.com/gitlab-org/gitlab/issues/38317) as **Production**. |
+
+How this works, behind the scenes:
+
+1. Issues and merge requests are grouped together in pairs, such that for each
+ `<issue, merge request>` pair, the merge request has the [issue closing pattern](../project/issues/managing_issues.md#closing-issues-automatically)
+ for the corresponding issue. All other issues and merge requests are **not**
+ considered.
+1. Then the `<issue, merge request>` pairs are filtered out by last XX days (specified
+ by the UI - default is 90 days). So it prohibits these pairs from being considered.
+1. For the remaining `<issue, merge request>` pairs, we check the information that
+ we need for the stages, like issue creation date, merge request merge time,
+ etc.
+
+To sum up, anything that doesn't follow [GitLab flow](../../workflow/gitlab_flow.md) will not be tracked and the
+Value Stream Analytics dashboard will not present any data for:
+
+- Merge requests that do not close an issue.
+- Issues not labeled with a label present in the Issue Board or for issues not assigned a milestone.
+- Staging and production stages, if the project has no `production` or `production/*`
+ environment.
+
+## Example workflow
+
+Below is a simple fictional workflow of a single cycle that happens in a
+single day passing through all seven stages. Note that if a stage does not have
+a start and a stop mark, it is not measured and hence not calculated in the median
+time. It is assumed that milestones are created and CI for testing and setting
+environments is configured.
+
+1. Issue is created at 09:00 (start of **Issue** stage).
+1. Issue is added to a milestone at 11:00 (stop of **Issue** stage / start of
+ **Plan** stage).
+1. Start working on the issue, create a branch locally and make one commit at
+ 12:00.
+1. Make a second commit to the branch which mentions the issue number at 12.30
+ (stop of **Plan** stage / start of **Code** stage).
+1. Push branch and create a merge request that contains the [issue closing pattern](../project/issues/managing_issues.md#closing-issues-automatically)
+ in its description at 14:00 (stop of **Code** stage / start of **Test** and
+ **Review** stages).
+1. The CI starts running your scripts defined in [`.gitlab-ci.yml`](../../ci/yaml/README.md) and
+ takes 5min (stop of **Test** stage).
+1. Review merge request, ensure that everything is OK and merge the merge
+ request at 19:00. (stop of **Review** stage / start of **Staging** stage).
+1. Now that the merge request is merged, a deployment to the `production`
+ environment starts and finishes at 19:30 (stop of **Staging** stage).
+1. The cycle completes and the sum of the median times of the previous stages
+ is recorded to the **Total** stage. That is the time between creating an
+ issue and deploying its relevant merge request to production.
+
+From the above example you can conclude the time it took each stage to complete
+as long as their total time:
+
+- **Issue**: 2h (11:00 - 09:00)
+- **Plan**: 1h (12:00 - 11:00)
+- **Code**: 2h (14:00 - 12:00)
+- **Test**: 5min
+- **Review**: 5h (19:00 - 14:00)
+- **Staging**: 30min (19:30 - 19:00)
+- **Total**: Since this stage measures the sum of median time of all
+ previous stages, we cannot calculate it if we don't know the status of the
+ stages before. In case this is the very first cycle that is run in the project,
+ then the **Total** time is 10h 30min (19:30 - 09:00)
+
+A few notes:
+
+- In the above example we demonstrated that it doesn't matter if your first
+ commit doesn't mention the issue number, you can do this later in any commit
+ of the branch you are working on.
+- You can see that the **Test** stage is not calculated to the overall time of
+ the cycle since it is included in the **Review** process (every MR should be
+ tested).
+- The example above was just **one cycle** of the seven stages. Add multiple
+ cycles, calculate their median time and the result is what the dashboard of
+ Value Stream Analytics is showing.
+
+## Days to completion chart
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/21631) in GitLab 12.6.
+
+This chart visually depicts the total number of days it takes for cycles to be completed.
+
+This chart uses the global page filters for displaying data based on the selected
+group, projects, and timeframe. In addition, specific stages can be selected
+from within the chart itself.
+
+### Chart median line
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/36675) in GitLab 12.7.
+
+The median line on the chart displays data that is offset by the number of days selected.
+For example, if 30 days worth of data has been selected (for example, 2019-12-16 to 2020-01-15) the
+median line will represent the previous 30 days worth of data (2019-11-16 to 2019-12-16)
+as a metric to compare against.
+
+### Disabling chart
+
+This chart is enabled by default. If you have a self-managed instance, an
+administrator can open a Rails console and disable it with the following command:
+
+```ruby
+Feature.disable(:cycle_analytics_scatterplot_enabled)
+```
+
+### Disabling chart median line
+
+This chart's median line is enabled by default. If you have a self-managed instance, an
+administrator can open a Rails console and disable it with the following command:
+
+```ruby
+Feature.disable(:cycle_analytics_scatterplot_median_enabled)
+```
+
+## Permissions
+
+The current permissions on the Project Value Stream Analytics dashboard are:
+
+- Public projects - anyone can access.
+- Internal projects - any authenticated user can access.
+- Private projects - any member Guest and above can access.
+
+You can [read more about permissions](../../ci/yaml/README.md) in general.
+
+NOTE: **Note:**
+As of GitLab 12.3, the project-level page is deprecated. You should access
+project-level Value Stream Analytics from **Analytics > Value Stream Analytics** in the top
+navigation bar. We will ensure that the same project-level functionality is available
+to CE users in the new analytics space.
+
+For Value Stream Analytics functionality introduced in GitLab 12.3 and later:
+
+- Users must have Reporter access or above.
+- Features are available only on
+ [Premium or Silver tiers](https://about.gitlab.com/pricing/) and above.
+
+## More resources
+
+Learn more about Value Stream Analytics in the following resources:
+
+- [Value Stream Analytics feature page](https://about.gitlab.com/product/cycle-analytics/).
+- [Value Stream Analytics feature preview](https://about.gitlab.com/blog/2016/09/16/feature-preview-introducing-cycle-analytics/).
+- [Value Stream Analytics feature highlight](https://about.gitlab.com/blog/2016/09/21/cycle-analytics-feature-highlight/).
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index 20aa6648c65..7e8ae151e47 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -139,10 +139,12 @@ file. Customizing installation by modifying this file is not supported.
> - Introduced in GitLab 10.2 for project-level clusters.
> - Introduced in GitLab 11.6 for group-level clusters.
-[Ingress](https://kubernetes.github.io/ingress-nginx/) can provide load
-balancing, SSL termination, and name-based virtual hosting. It acts as a
-web proxy for your applications and is useful if you want to use [Auto
-DevOps](../../topics/autodevops/index.md) or deploy your own web apps.
+[Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) provides load balancing, SSL termination, and name-based virtual hosting
+out of the box. It acts as a web proxy for your applications and is useful
+if you want to use [Auto DevOps](../../topics/autodevops/index.md) or deploy your own web apps.
+
+The Ingress Controller installed is [Ingress-NGINX](https://kubernetes.io/docs/concepts/services-networking/ingress/),
+which is supported by the Kubernetes community.
NOTE: **Note:**
With the following procedure, a load balancer must be installed in your cluster
@@ -255,12 +257,20 @@ use an A record. If your external endpoint is a hostname, use a CNAME record.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/21966) in GitLab 12.7.
-Out of the box, GitLab provides you real-time security monitoring with
-[ModSecurity](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#modsecurity).
+A Web Application Firewall (WAF) is able to examine traffic being sent/received
+and can block malicious traffic before it reaches your application. The benefits
+of a WAF are:
+
+- Real-time security monitoring for your application
+- Logging of all your HTTP traffic to the application
+- Access control for your application
+- Highly configurable logging and blocking rules
+
+Out of the box, GitLab provides you with a WAF known as [`ModSecurity`](https://www.modsecurity.org/)
-Modsecurity is a toolkit for real-time web application monitoring, logging,
-and access control. With GitLab's offering, the [OWASP's Core Rule Set](https://www.modsecurity.org/CRS/Documentation/), which provides generic attack detection capabilities,
-is automatically applied.
+ModSecurity is a toolkit for real-time web application monitoring, logging,
+and access control. With GitLab's offering, the [OWASP's Core Rule Set](https://www.modsecurity.org/CRS/Documentation/),
+which provides generic attack detection capabilities, is automatically applied.
This feature:
@@ -275,6 +285,12 @@ This feature:
To enable ModSecurity, check the **Enable Web Application Firewall** checkbox
when installing your [Ingress application](#ingress).
+If this is your first time using GitLab's WAF, we recommend you follow the
+[quick start guide](../../topics/web_application_firewall/quick_start_guide.md).
+
+There is a small performance overhead by enabling ModSecurity. However,
+if this is considered significant for your application, you can disable it.
+
There is a small performance overhead by enabling ModSecurity. If this is
considered significant for your application, you can disable ModSecurity's
rule engine for your deployed application by setting
diff --git a/doc/user/index.md b/doc/user/index.md
index ab953b6d8bf..ec8a53b842d 100644
--- a/doc/user/index.md
+++ b/doc/user/index.md
@@ -45,7 +45,7 @@ GitLab is a Git-based platform that integrates a great number of essential tools
- Building, testing, and deploying with built-in [Continuous Integration](../ci/README.md).
- Deploying personal and professional static websites with [GitLab Pages](project/pages/index.md).
- Integrating with Docker by using [GitLab Container Registry](packages/container_registry/index.md).
-- Tracking the development lifecycle by using [GitLab Cycle Analytics](project/cycle_analytics.md).
+- Tracking the development lifecycle by using [GitLab Value Stream Analytics](project/cycle_analytics.md).
With GitLab Enterprise Edition, you can also:
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index 41040258e01..4f42afe4e79 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -139,10 +139,10 @@ The following table depicts the various user permission levels in a project.
| Force push to protected branches (*4*) | | | | | |
| Remove protected branches (*4*) | | | | | |
-\* Owner permission is only available at the group or personal namespace level (and for instance admins) and is inherited by its projects.
-(*1*): Guest users are able to perform this action on public and internal projects, but not private projects.
-(*2*): Guest users can only view the confidential issues they created themselves.
-(*3*): If **Public pipelines** is enabled in **Project Settings > CI/CD**.
+\* Owner permission is only available at the group or personal namespace level (and for instance admins) and is inherited by its projects.
+(*1*): Guest users are able to perform this action on public and internal projects, but not private projects.
+(*2*): Guest users can only view the confidential issues they created themselves.
+(*3*): If **Public pipelines** is enabled in **Project Settings > CI/CD**.
(*4*): Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [Protected Branches](./project/protected_branches.md).
(*5*): If the [branch is protected](./project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings), this depends on the access Developers and Maintainers are given.
@@ -166,10 +166,10 @@ Maintainers and Developers from pushing to a protected branch. Read through the
[Allowed to Merge and Allowed to Push settings](project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings)
to learn more.
-### Cycle Analytics permissions
+### Value Stream Analytics permissions
-Find the current permissions on the Cycle Analytics dashboard on
-the [documentation on Cycle Analytics permissions](analytics/cycle_analytics.md#permissions).
+Find the current permissions on the Value Stream Analytics dashboard, as described in
+[related documentation](analytics/value_stream_analytics.md#permissions).
### Issue Board permissions
diff --git a/doc/user/project/cycle_analytics.md b/doc/user/project/cycle_analytics.md
index 87577c9ec88..9d1cc508f63 100644
--- a/doc/user/project/cycle_analytics.md
+++ b/doc/user/project/cycle_analytics.md
@@ -1,5 +1,5 @@
---
-redirect_to: '../analytics/cycle_analytics.md'
+redirect_to: '../analytics/value_stream_analytics.md'
---
-This document was moved to [another location](../analytics/cycle_analytics.md)
+This document was moved to [another location](../analytics/value_stream_analytics.md)
diff --git a/doc/user/project/index.md b/doc/user/project/index.md
index fb72445538a..87837d50bbe 100644
--- a/doc/user/project/index.md
+++ b/doc/user/project/index.md
@@ -87,7 +87,7 @@ When you create a project in GitLab, you'll have access to a large number of
- [Wiki](wiki/index.md): document your GitLab project in an integrated Wiki.
- [Snippets](../snippets.md): store, share and collaborate on code snippets.
-- [Cycle Analytics](cycle_analytics.md): review your development lifecycle.
+- [Value Stream Analytics](cycle_analytics.md): review your development lifecycle.
- [Insights](insights/index.md): configure the Insights that matter for your projects. **(ULTIMATE)**
- [Security Dashboard](security_dashboard.md): Security Dashboard. **(ULTIMATE)**
- [Syntax highlighting](highlighting.md): an alternative to customize