Add latest changes from gitlab-org/gitlab@master

18 files changed, 296 insertions, 111 deletions

diff --git a/doc/administration/integration/terminal.md b/doc/administration/integration/terminal.md
index 0aa42e630b9..251e4ded8b4 100644
--- a/doc/administration/integration/terminal.md
+++ b/doc/administration/integration/terminal.md
@@ -96,7 +96,5 @@ they will receive a `Connection failed` message.
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/8413) in GitLab 8.17.
 
-Terminal sessions use long-lived connections; by default, these may last
-forever. You can configure a maximum session time in the Admin Area of your
-GitLab instance if you find this undesirable from a scalability or security
-point of view.
+Terminal sessions, by default, do not expire.
+You can limit terminal session lifetime in your GitLab instance. To do so, navigate to **{admin}** [**Admin Area > Settings > Web terminal**](../../user/admin_area/settings/index.md#general), and set a `max session time`.
diff --git a/doc/administration/monitoring/gitlab_self_monitoring_project/index.md b/doc/administration/monitoring/gitlab_self_monitoring_project/index.md
index 2058aa4f01c..884bb44cfda 100644
--- a/doc/administration/monitoring/gitlab_self_monitoring_project/index.md
+++ b/doc/administration/monitoring/gitlab_self_monitoring_project/index.md
@@ -21,10 +21,7 @@ This project will be used for self monitoring your GitLab instance.
 
 1. Navigate to **Admin Area > Settings > Metrics and profiling**, and expand the **Self monitoring** section.
 1. Toggle the **Create Project** button on.
-1. It can take a few seconds for the project to be created. After the project is
-created, GitLab displays a message with a link to the project. The project
-will also be linked in the help text above the **Create Project** button. You can also
-find the project under **Projects > Your projects**.
+1. Once your GitLab instance creates the project, you'll see a link to the project in the text above the **Create Project** toggle. You can also find it under **Projects > Your projects**.
 
 ## Deleting the self monitoring project
 
diff --git a/doc/api/graphql/reference/gitlab_schema.graphql b/doc/api/graphql/reference/gitlab_schema.graphql
index f6a1cb79a1f..2f1b902825a 100644
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -1869,6 +1869,11 @@ type Environment {
   Human-readable name of the environment
   """
   name: String!
+
+  """
+  State of the environment, for example: available/stopped
+  """
+  state: String!
 }
 
 """
diff --git a/doc/api/graphql/reference/gitlab_schema.json b/doc/api/graphql/reference/gitlab_schema.json
index a8f6923927b..aebd9131f3d 100644
--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -5542,6 +5542,24 @@
               },
               "isDeprecated": false,
               "deprecationReason": null
+            },
+            {
+              "name": "state",
+              "description": "State of the environment, for example: available/stopped",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "NON_NULL",
+                "name": null,
+                "ofType": {
+                  "kind": "SCALAR",
+                  "name": "String",
+                  "ofType": null
+                }
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
             }
           ],
           "inputFields": null,
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index fb13c674347..dc3638dc7bc 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -318,6 +318,7 @@ Describes where code is deployed for a project
 | ---   |  ---- | ----------  |
 | `id` | ID! | ID of the environment |
 | `name` | String! | Human-readable name of the environment |
+| `state` | String! | State of the environment, for example: available/stopped |
 
 ## Epic
 
diff --git a/doc/api/packages.md b/doc/api/packages.md
index ebab03662e0..31fc2863708 100644
--- a/doc/api/packages.md
+++ b/doc/api/packages.md
@@ -73,6 +73,10 @@ GET /groups/:id/packages
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/:id/packages?exclude_subgroups=true
 ```
 
+CAUTION: **Deprecation**
+> The `build_info` attribute in the response is deprecated in favour of `pipeline`.
+> Introduced [GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28040).
+
 Example response:
 
 ```json
@@ -87,15 +91,17 @@ Example response:
       "delete_api_path": "/namespace1/project1/-/packages/1"
     },
     "created_at": "2019-11-27T03:37:38.711Z",
-    "build_info": {
-      "pipeline": {
-        "id": 123,
-        "status": "pending",
-        "ref": "new-pipeline",
-        "sha": "a91957a858320c0e17f3a0eca7cfacbff50ea29a",
-        "web_url": "https://example.com/foo/bar/pipelines/47",
-        "created_at": "2016-08-11T11:28:34.085Z",
-        "updated_at": "2016-08-11T11:32:35.169Z",
+    "pipeline": {
+      "id": 123,
+      "status": "pending",
+      "ref": "new-pipeline",
+      "sha": "a91957a858320c0e17f3a0eca7cfacbff50ea29a",
+      "web_url": "https://example.com/foo/bar/pipelines/47",
+      "created_at": "2016-08-11T11:28:34.085Z",
+      "updated_at": "2016-08-11T11:32:35.169Z",
+      "user": {
+        "name": "Administrator",
+        "avatar_url": "https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon"
       }
     }
   },
@@ -109,15 +115,17 @@ Example response:
       "delete_api_path": "/namespace1/project1/-/packages/1"
     },
     "created_at": "2019-11-27T03:37:38.711Z",
-    "build_info": {
-      "pipeline": {
-        "id": 123,
-        "status": "pending",
-        "ref": "new-pipeline",
-        "sha": "a91957a858320c0e17f3a0eca7cfacbff50ea29a",
-        "web_url": "https://example.com/foo/bar/pipelines/47",
-        "created_at": "2016-08-11T11:28:34.085Z",
-        "updated_at": "2016-08-11T11:32:35.169Z",
+    "pipeline": {
+      "id": 123,
+      "status": "pending",
+      "ref": "new-pipeline",
+      "sha": "a91957a858320c0e17f3a0eca7cfacbff50ea29a",
+      "web_url": "https://example.com/foo/bar/pipelines/47",
+      "created_at": "2016-08-11T11:28:34.085Z",
+      "updated_at": "2016-08-11T11:32:35.169Z",
+      "user": {
+        "name": "Administrator",
+        "avatar_url": "https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon"
       }
     }
   }
@@ -150,6 +158,10 @@ GET /projects/:id/packages/:package_id
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/:id/packages/:package_id
 ```
 
+CAUTION: **Deprecation**
+> The `build_info` attribute in the response is deprecated in favour of `pipeline`.
+> Introduced [GitLab 12.10](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28040).
+
 Example response:
 
 ```json
@@ -163,15 +175,17 @@ Example response:
     "delete_api_path": "/namespace1/project1/-/packages/1"
   },
   "created_at": "2019-11-27T03:37:38.711Z",
-  "build_info": {
-    "pipeline": {
-      "id": 123,
-      "status": "pending",
-      "ref": "new-pipeline",
-      "sha": "a91957a858320c0e17f3a0eca7cfacbff50ea29a",
-      "web_url": "https://example.com/foo/bar/pipelines/47",
-      "created_at": "2016-08-11T11:28:34.085Z",
-      "updated_at": "2016-08-11T11:32:35.169Z",
+  "pipeline": {
+    "id": 123,
+    "status": "pending",
+    "ref": "new-pipeline",
+    "sha": "a91957a858320c0e17f3a0eca7cfacbff50ea29a",
+    "web_url": "https://example.com/foo/bar/pipelines/47",
+    "created_at": "2016-08-11T11:28:34.085Z",
+    "updated_at": "2016-08-11T11:32:35.169Z",
+    "user": {
+      "name": "Administrator",
+      "avatar_url": "https://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon"
     }
   }
 }
diff --git a/doc/development/README.md b/doc/development/README.md
index 94b67ee0dfa..2089cf794ba 100644
--- a/doc/development/README.md
+++ b/doc/development/README.md
@@ -81,7 +81,7 @@ Complementary reads:
 - [Working with Merge Request diffs](diffs.md)
 - [Kubernetes integration guidelines](kubernetes.md)
 - [Permissions](permissions.md)
-- [Prometheus metrics](prometheus_metrics.md)
+- [Prometheus](prometheus.md)
 - [Guidelines for reusing abstractions](reusing_abstractions.md)
 - [DeclarativePolicy framework](policies.md)
 - [How Git object deduplication works in GitLab](git_object_deduplication.md)
diff --git a/doc/development/prometheus.md b/doc/development/prometheus.md
new file mode 100644
index 00000000000..f64d4a2eda1
--- /dev/null
+++ b/doc/development/prometheus.md
@@ -0,0 +1,43 @@
+# Working with Prometheus
+
+For more information on working with [Prometheus metrics](prometheus_metrics.md), see
+the documentation.
+
+## Access the UI of a Prometheus managed application in Kubernetes
+
+You can connect directly to Prometheus, and view the Prometheus user interface, when
+using a Prometheus managed application in Kubernetes:
+
+1. Find the name of the Prometheus pod in the user interface of your Kubernetes
+   provider, such as GKE, or by running the following `kubectl` command in your
+   terminal:
+
+   ```shell
+   kubectl get pods -n gitlab-managed-apps | grep 'prometheus-prometheus-server'
+   ```
+
+   The command should return a result like the following example, where
+   `prometheus-prometheus-server-55b4bd64c9-dpc6b` is the name of the Prometheus pod:
+
+   ```plaintext
+   gitlab-managed-apps  prometheus-prometheus-server-55b4bd64c9-dpc6b  2/2  Running  0  71d
+   ```
+
+1. Run a `kubectl port-forward` command. In the following example, `9090` is the
+   Prometheus server's listening port:
+
+   ```shell
+    kubectl port-forward prometheus-prometheus-server-55b4bd64c9-dpc6b 9090:9090 -n gitlab-managed-apps
+   ```
+
+   The `port-forward` command forwards all requests sent to your system's `9090` port
+   to the `9090` port of the Prometheus pod. If the `9090` port on your system is used
+   by another application, you can change the port number before the colon to your
+   desired port. For example, to forward port `8080` of your local system, change the
+   command to:
+
+   ```shell
+   kubectl port-forward prometheus-prometheus-server-55b4bd64c9-dpc6b 8080:9090 -n gitlab-managed-apps
+   ```
+
+1. Open `localhost:9090` in your browser to display the Prometheus user interface.
diff --git a/doc/install/aws/img/aws_ha_architecture_diagram.png b/doc/install/aws/img/aws_ha_architecture_diagram.png
index 2064b0f49ae..b3f4d5b2bd8 100644
--- a/doc/install/aws/img/aws_ha_architecture_diagram.png
+++ b/doc/install/aws/img/aws_ha_architecture_diagram.png
diff --git a/doc/install/aws/index.md b/doc/install/aws/index.md
index ab89446d9ec..3c828ef1726 100644
--- a/doc/install/aws/index.md
+++ b/doc/install/aws/index.md
@@ -122,6 +122,19 @@ RDS instances as well:
    | `gitlab-public-10.0.2.0`  | public  | `us-west-2b`      | `10.0.2.0` |
    | `gitlab-private-10.0.3.0` | private | `us-west-2b`      | `10.0.3.0` |
 
+### Create NAT Gateways
+
+Instances deployed in our private subnets need to connect to the internet for updates, but should not be reachable from the public internet. To achieve this, we'll make use of [NAT Gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) deployed in each of our public subnets:
+
+1. Navigate to the VPC dashboard and click on **NAT Gateways** in the left menu bar.
+1. Click **Create NAT Gateway** and complete the following:
+   1. **Subnet**: Select `gitlab-public-10.0.0.0` from the dropdown.
+   1. **Elastic IP Allocation ID**: Enter an existing Elastic IP or click **Allocate Elastic IP address** to allocate a new IP to your NAT gateway.
+   1. Add tags if needed.
+   1. Click **Create NAT Gateway**.
+
+Create a second NAT gateway but this time place it in the second public subnet, `gitlab-public-10.0.2.0`.
+
 ### Route Table
 
 Up to now all our subnets are private. We need to create a Route Table
diff --git a/doc/raketasks/README.md b/doc/raketasks/README.md
index a9ba44f82c6..51d85bd70f0 100644
--- a/doc/raketasks/README.md
+++ b/doc/raketasks/README.md
@@ -16,3 +16,4 @@ comments: false
 - [Rebuild authorized_keys file](../administration/raketasks/maintenance.md#rebuild-authorized_keys-file) task for administrators
 - [Uploads Migrate](../administration/raketasks/uploads/migrate.md)
 - [Uploads Sanitize](../administration/raketasks/uploads/sanitize.md)
+- [Importing large GitLab project exports](../development/import_project.md#importing-via-a-rake-task)
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index 093f595258d..d49de056def 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -535,18 +535,14 @@ in the first place, and thus not realize that it needs to re-apply the old confi
 
 > Introduced in [GitLab Ultimate][ee] 10.4.
 
-This is an optional step, since it requires a [review app](#auto-review-apps).
-If that requirement is not met, the job will be silently skipped.
-
 Dynamic Application Security Testing (DAST) uses the
 popular open source tool [OWASP ZAProxy](https://github.com/zaproxy/zaproxy)
 to perform an analysis on the current code and checks for potential security
 issues. The Auto DAST stage will be skipped on licenses other than Ultimate.
 
-Once the report is created, it's uploaded as an artifact which you can
-later download and check out.
-
-Any security warnings are also shown in the merge request widget. Read how
+Once the DAST scan is complete, any security warnings are shown
+on the [Security Dashboard](../../user/application_security/security_dashboard/index.md)
+and the Merge Request Widget. Read how
 [DAST works](../../user/application_security/dast/index.md).
 
 On your default branch, DAST scans an app deployed specifically for that purpose.
diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md
index 103a3f7230d..e85ab9051d4 100644
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -4,35 +4,110 @@ type: index
 
 # Admin Area settings **(CORE ONLY)**
 
-In the Admin Area **Settings** page, you can find various options for your GitLab
-instance like sign-up restrictions, account limits and quota, metrics, etc.
-
-Navigate to it by going to **Admin Area > Settings**. Some of the settings
-include:
-
-- [Account and limit settings](account_and_limit_settings.md) **(STARTER)**
-- [Continuous Integration and Deployment](continuous_integration.md)
-- [Email](email.md)
-- [Sign up restrictions](sign_up_restrictions.md)
-- [Sign in restrictions](sign_in_restrictions.md)
-- [Terms](terms.md)
-- [Third party offers](third_party_offers.md)
-- [Usage statistics](usage_statistics.md)
-- [Visibility and access controls](visibility_and_access_controls.md)
-- [User and IP rate limits](user_and_ip_rate_limits.md)
-- [Custom templates repository](instance_template_repository.md) **(PREMIUM)**
-- [Protected paths](protected_paths.md) **(CORE ONLY)**
-- [Help messages for the `/help` page and the login page](help_page.md)
-- [Push event activities limit and bulk push events](push_event_activities_limit.md)
-- [Gitaly timeouts](gitaly_timeouts.md)
+As an administrator of a GitLab self-managed instance, you can manage the behavior of your deployment. To do so, select **{admin}** **Admin Area > Settings**.
 
-NOTE: **Note:**
-You can change the [first day of the week](../../profile/preferences.md) for the entire GitLab instance
-in the **Localization** section of **Admin Area > Settings > Preferences**.
+The admin area is not accessible on GitLab.com, and settings can only be changed by the
+GitLab.com administrators. See the [GitLab.com settings](../../gitlab_com/index.md)
+documentation for all current settings and limits on the GitLab.com instance.
+
+## General
+
+Access the default page for admin area settings by navigating to
+**{admin}** **Admin Area > Settings > General**:
+
+| Option | Description |
+| ------ | ----------- |
+| [Visibility and access controls](visibility_and_access_controls.md) | Set default and restrict visibility levels. Configure import sources and Git access protocol. |
+| [Account and limit](account_and_limit_settings.md) **(STARTER)** | Set projects and maximum size limits, session duration, user options, and check feature availability for namespace plan. |
+| [Diff limits](../diff_limits.md) | Diff content limits. |
+| [Sign-up restrictions](sign_up_restrictions.md) | Configure the way a user creates a new account. |
+| [Sign in restrictions](sign_in_restrictions.md) | Set requirements for a user to sign-in. Enable mandatory two-factor authentication. |
+| [Terms of Service and Privacy Policy](terms.md) | Include a Terms of Service agreement and Privacy Policy that all users must accept. |
+| [External Authentication](external_authorization.md#configuration) | External Classification Policy Authorization |
+| [Web terminal](../../../administration/integration/terminal.md#limiting-websocket-connection-time) | Set max session time for web terminal. |
+| [Web IDE](../../project/web_ide/index.md#enabling-client-side-evaluation) | Manage Web IDE Features. |
+
+## Integrations
+
+| Option | Description |
+| ------ | ----------- |
+| [Elasticsearch](../../../integration/elasticsearch.md#enabling-elasticsearch) | Elasticsearch integration. Elasticsearch AWS IAM. |
+| [PlantUML](../../../administration/integration/plantuml.md#gitlab) | Allow rendering of PlantUML diagrams in Asciidoc documents. |
+| [Slack application](../../../user/project/integrations/gitlab_slack_application.md#configuration) **(FREE ONLY)** | Slack integration allows you to interact with GitLab via slash commands in a chat window. This option is only available on GitLab.com, though it may be [available for self-managed instances in the future](https://gitlab.com/gitlab-org/gitlab/-/issues/28164). |
+| [Third party offers](third_party_offers.md) | Control the display of third party offers. |
+| [Snowplow](../../../telemetry/index.md#enabling-tracking) | Configure the Snowplow integration. |
+| [Amazon EKS](../../project/clusters/add_remove_clusters.md#additional-requirements-for-self-managed-instances-core-only) | Amazon EKS integration allows you to provision EKS clusters from GitLab. |
+
+## Repository
+
+| Option | Description |
+| ------ | ----------- |
+| [Repository mirror](visibility_and_access_controls.md#allow-mirrors-to-be-set-up-for-projects) | Configure repository mirroring. |
+| [Repository storage](../../../administration/repository_storage_types.md#how-to-migrate-to-hashed-storage) | Configure storage path settings. |
+| Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. |
+| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (e.g. archives, blobs, ...) from an external storage (e.g. a CDN). |
+
+## Templates **(PREMIUM ONLY)**
+
+| Option | Description |
+| ------ | ----------- |
+| [Templates](instance_template_repository.md#configuration) | Set instance-wide template repository. |
+| [Custom project templates](../custom_project_templates.md) | Select the custom project template source group. |
+
+## CI/CD
 
-## GitLab.com Admin Area settings
+| Option | Description |
+| ------ | ----------- |
+| [Continuous Integration and Deployment](continuous_integration.md) | Auto DevOps, runners and job artifacts. |
+| [Required pipeline configuration](continuous_integration.md#required-pipeline-configuration-premium-only) **(PREMIUM ONLY)** | Set an instance-wide auto included [pipeline configuration](../../../ci/yaml/README.md). This pipeline configuration will be run after the project's own configuration. |
+| [Package Registry](continuous_integration.md#package-registry-configuration-premium-only) **(PREMIUM ONLY)**| Settings related to the use and experience of using GitLab's Package Registry. |
 
-Most of the settings under the Admin Area change the behavior of the whole
-GitLab instance. For GitLab.com, the admin settings are available only for the
-GitLab.com administrators, and the parameters can be found on the
-[GitLab.com settings](../../gitlab_com/index.md) documentation.
+## Reporting
+
+| Option | Description |
+| ------ | ----------- |
+| [Spam and Anti-bot Protection](../../../integration/recaptcha.md) | Enable reCAPTCHA or Akismet and set IP limits. For reCAPTCHA, we currently only support [v2](https://developers.google.com/recaptcha/docs/versions). |
+| [Abuse reports](../abuse_reports.md) | Set notification email for abuse reports. |
+
+## Metrics and profiling
+
+| Option | Description |
+| ------ | ----------- |
+| [Metrics - Influx](../../../administration/monitoring/performance/gitlab_configuration.md) | Enable and configure InfluxDB metrics. |
+| [Metrics - Prometheus](../../../administration/monitoring/prometheus/gitlab_metrics.md) | Enable and configure Prometheus metrics. |
+| [Metrics - Grafana](../../../administration/monitoring/performance/grafana_configuration.md#integration-with-gitlab-ui) | Enable and configure Grafana. |
+| [Profiling - Performance bar](../../../administration/monitoring/performance/performance_bar.md#enable-the-performance-bar-via-the-admin-panel) | Enable access to the Performance Bar for a given group. |
+| [Self monitoring](../../../administration/monitoring/gitlab_self_monitoring_project/index.md#creating-the-self-monitoring-project) | Enable or disable instance self monitoring. |
+| [Usage statistics](usage_statistics.md) | Enable or disable version check and usage ping. |
+| [Pseudonymizer data collection](../../../administration/pseudonymizer.md) **(ULTIMATE)** | Enable or disable the Pseudonymizer data collection. |
+
+## Network
+
+| Option | Description |
+| ------ | ----------- |
+| Performance optimization | [Write to "authorized_keys" file](../../../administration/operations/fast_ssh_key_lookup.md#setting-up-fast-lookup-via-gitlab-shell) and [Push event activities limit and bulk push events](push_event_activities_limit.md). Various settings that affect GitLab performance. |
+| [User and IP rate limits](user_and_ip_rate_limits.md) | Configure limits for web and API requests. |
+| [Outbound requests](../../../security/webhooks.md) | Allow requests to the local network from hooks and services. |
+| [Protected Paths](protected_paths.md) | Configure paths to be protected by Rack Attack. |
+| [Incident Management](../../incident_management/index.md) Limits | Configure limits on the number of inbound alerts able to be sent to a project. |
+
+## Geo
+
+| Option | Description |
+| ------ | ----------- |
+| Geo    | Geo allows you to replicate your GitLab instance to other geographical locations. Redirects to **{admin}** **Admin Area >** **{location-dot}** **Geo >** **{settings}** **Settings**, and will no longer be available at **{admin}** **Admin Area >** **{settings}** **Settings >** **{location-dot}** **Geo** in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/36896). |
+
+## Preferences
+
+| Option | Description |
+| ------ | ----------- |
+| [Email](email.md) | Various email settings. |
+| [Help page](../../../customization/help_message.md) | Help page text and support page url. |
+| [Pages](../../../administration/pages/index.md#custom-domain-verification) | Size and domain settings for static websites |
+| [Real-time features](../../../administration/polling.md) | Change this value to influence how frequently the GitLab UI polls for updates. |
+| [Gitaly timeouts](gitaly_timeouts.md) | Configure Gitaly timeouts. |
+| Localization | [Default first day of the week](../../profile/preferences.md) and [Time tracking](../../project/time_tracking.md#limit-displayed-units-to-hours-core-only). |
+
+NOTE: **Note:**
+You can change the [Default first day of the week](../../profile/preferences.md) for the entire GitLab instance
+in the **Localization** section of **Admin Area > Settings > Preferences**.
diff --git a/doc/user/analytics/index.md b/doc/user/analytics/index.md
index 2aa9d31d8bf..b2f7da234ad 100644
--- a/doc/user/analytics/index.md
+++ b/doc/user/analytics/index.md
@@ -1,4 +1,6 @@
-# Analytics workspace
+# Analytics
+
+## Analytics workspace
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12077) in GitLab 12.2.
 
@@ -6,27 +8,30 @@ The Analytics workspace will make it possible to aggregate analytics across
 GitLab, so that users can view information across multiple projects and groups
 in one place.
 
-To access the centralized analytics workspace, enable at least
-[one of the features](#available-analytics) under the workspace.
+To access the Analytics workspace, click on **More > Analytics** in the top navigation bar.
 
-Once enabled, click on **Analytics** from the top navigation bar.
+## Group-level analytics
 
-## Available analytics
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/195979) in GitLab 12.8.
 
-From the centralized analytics workspace, the following analytics are available:
+The following analytics features are available at the group level:
 
-- [Code Review Analytics](code_review_analytics.md). **(STARTER)**
-- [Value Stream Analytics](value_stream_analytics.md), enabled with the `cycle_analytics`
+- [Contribution](../group/contribution_analytics/index.md). **(STARTER)**
+- [Insights](../group/insights/index.md). **(ULTIMATE)**
+- [Issues](../group/issues_analytics/index.md). **(PREMIUM)**
+- [Productivity](productivity_analytics.md), enabled with the `productivity_analytics`
   [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development). **(PREMIUM)**
-- [Productivity Analytics](productivity_analytics.md), enabled with the `productivity_analytics`
+- [Value Stream](value_stream_analytics.md), enabled with the `cycle_analytics`
   [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development). **(PREMIUM)**
 
-NOTE: **Note:**
-Project-level Value Stream Analytics are still available at a project's **Project > Value Stream Analytics**.
-
-## Other analytics tools
+## Project-level analytics
 
-In addition to the tools available in the Analytics workspace, GitLab provides:
+The following analytics features are available at the project level:
 
-- [Contribution analytics](../group/contribution_analytics/index.md). **(STARTER)**
-- [Issue analytics](../group/issues_analytics/index.md). **(PREMIUM)**
+- [CI/CD](../../ci/pipelines/index.md#pipeline-success-and-duration-charts). **(STARTER)**
+- [Code Review](code_review_analytics.md). **(STARTER)**
+- [Insights](../group/insights/index.md). **(ULTIMATE)**
+- [Issues](../group/issues_analytics/index.md). **(PREMIUM)**
+- Repository. **(STARTER)**
+- [Value Stream](value_stream_analytics.md), enabled with the `cycle_analytics`
+  [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development). **(STARTER)**
diff --git a/doc/user/application_security/offline_deployments/index.md b/doc/user/application_security/offline_deployments/index.md
index 6fc16684d79..c8161b2ef33 100644
--- a/doc/user/application_security/offline_deployments/index.md
+++ b/doc/user/application_security/offline_deployments/index.md
@@ -2,48 +2,62 @@
 type: reference, howto
 ---
 
-# Offline deployments
+# Air-gapped (or offline) environment deployments
 
-This document describes how to operate Secure scanners offline.
+It is possible to run most of the GitLab security scanners when not
+connected to the internet.
 
-## Overview
+This document describes how to operate Secure scanners in an air-gapped or offline envionment. These instructions also apply to
+self-managed installations that are secured, have security policies (e.g., firewall policies), or otherwise restricted from
+accessing the full internet. These instructions are designed for physically disconnected networks,
+but can also be followed in these other use cases.
 
-It is possible to run most of the GitLab security scanners when not
-connected to the internet, in what is sometimes known as an offline,
-limited connectivity, Local Area Network (LAN), Intranet, or "air-gap"
-environment.
+## Air-gapped (or offline) environments
+
+In this situation, the GitLab instance can be one or more servers and services that can communicate
+on a local network, but with no or very restricted access to the internet. Assume anything within
+the GitLab instance and supporting infrastructure (for example, a private Maven repository) can be
+accessed through a local network connection. Assume any files from the internet must come in through
+physical media (USB drive, hard drive, writeable DVD, etc.).
 
-In this situation, the GitLab instance can be one, or more, servers and services running in a network that can talk to one another, but have zero, or perhaps very restricted access to the internet. Assume anything within the GitLab instance and supporting infrastructure (private Maven repository for example) can be accessed via local network connection. Assume any files from the internet must come in via physical media (USB drive, hard drive).
+## Overview
 
 GitLab scanners generally will connect to the internet to download the
 latest sets of signatures, rules, and patches. A few extra steps are necessary
-to configure the tools to not do this and to still function properly.
+to configure the tools to function properly by using resources available on your local network.
 
 ### Container registries and package repositories
 
-At a high-level, each of the security analyzers are delivered as Docker
-containers and reference various package repositories. When you run a job on
+At a high-level, the security analyzers are delivered as Docker images and
+may leverage various package repositories. When you run a job on
 an internet-connected GitLab installation, GitLab checks the GitLab.com-hosted
-container registry and package repositories to ensure that you have
-the latest versions.
+container registry to check that you have the latest versions of these Docker images
+and possibly connect to package repositories to install necessary dependencies.
 
-In an air-gapped environment, this must be disabled so that GitLab.com is not
+In an air-gapped environment, these checks must be disabled so that GitLab.com is not
 queried. Because the GitLab.com registry and repositories are not available,
 you must update each of the scanners to either reference a different,
 internally-hosted registry or provide access to the individual scanner images.
 
-You must also ensure that your app has access to common package repos
+You must also ensure that your app has access to common package repositories
 that are not hosted on GitLab.com, such as npm, yarn, or rubygems. Packages
 from these repos can be obtained by temporarily connecting to a network or by
 mirroring the packages inside your own offline network.
 
+### Interacting with the vulnerabilities
+
+Once a vulnerability is found, you can interact with it. Read more on how to [interact with the vulnerabilities](../index.md#interacting-with-the-vulnerabilities).
+
+Please note that in some cases the reported vulnerabilities provide metadata that can contain external links exposed in the UI. These links might not be accessible within an air-gapped (or offline) environment.
+
 ### Scanner signature and rule updates
 
 When connected to the internet, some scanners will reference public databases
 for the latest sets of signatures and rules to check against. Without connectivity,
 this is not possible. Depending on the scanner, you must therefore disable
 these automatic update checks and either use the databases that they came
-with or manually update those databases.
+with and manually update those databases or provide access to your own copies
+hosted within your network.
 
 ## Specific scanner instructions
 
diff --git a/doc/user/compliance/license_compliance/img/license_compliance_add_license_v12_3.png b/doc/user/compliance/license_compliance/img/license_compliance_add_license_v12_3.png
index 79f6160e63f..ea4db16284c 100644
--- a/doc/user/compliance/license_compliance/img/license_compliance_add_license_v12_3.png
+++ b/doc/user/compliance/license_compliance/img/license_compliance_add_license_v12_3.png
diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md
index 77314faea29..c968ad26b5e 100644
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@@ -18,9 +18,9 @@ that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 
 GitLab checks the License Compliance report, compares the licenses between the
 source and target branches, and shows the information right on the merge request.
-Blacklisted licenses will be clearly visible with an `x` red icon next to them
+Denied licenses will be clearly visible with an `x` red icon next to them
 as well as new licenses which need a decision from you. In addition, you can
-[manually approve or blacklist](#project-policies-for-license-compliance)
+[manually allow or deny](#project-policies-for-license-compliance)
 licenses in your project's settings.
 
 NOTE: **Note:**
@@ -33,7 +33,7 @@ compliance report will be shown properly.
 ![License Compliance Widget](img/license_compliance.png)
 
 If you are a project or group Maintainer, you can click on a license to be given
-the choice to approve it or blacklist it.
+the choice to allow it or deny it.
 
 ![License approval decision](img/license_compliance_decision.png)
 
@@ -282,9 +282,9 @@ license_scanning:
 From the project's settings:
 
 - The list of licenses and their status can be managed.
-- Licenses can be manually approved or blacklisted.
+- Licenses can be manually allowed or denied.
 
-To approve or blacklist a license:
+To allow or deny a license:
 
 1. Either use the **Manage licenses** button in the merge request widget, or
    navigate to the project's **Settings > CI/CD** and expand the
@@ -298,12 +298,12 @@ To approve or blacklist a license:
      at the top of the list.
    - Enter arbitrary text in the field at the top of the list. This will cause the text to be
      added as a license name to the list.
-1. Select the **Approve** or **Blacklist** radio button to approve or blacklist respectively
+1. Select the **Allow** or **Deny** radio button to allow or deny respectively
    the selected license.
 
 To modify an existing license:
 
-1. In the **License Compliance** list, click the **Approved/Declined** dropdown to change it to the desired status.
+1. In the **License Compliance** list, click the **Allow/Deny** dropdown to change it to the desired status.
 
    ![License Compliance Settings](img/license_compliance_settings_v12_3.png)
 
diff --git a/doc/user/project/integrations/prometheus.md b/doc/user/project/integrations/prometheus.md
index 502e0f95dd2..1ff58930a61 100644
--- a/doc/user/project/integrations/prometheus.md
+++ b/doc/user/project/integrations/prometheus.md
@@ -837,6 +837,11 @@ Prerequisites for embedding from a Grafana instance:
 
 ## Troubleshooting
 
+When troubleshooting issues with a managed Prometheus app, it is often useful to
+[view the Prometheus UI](../../../development/prometheus.md#access-the-ui-of-a-prometheus-managed-application-in-kubernetes).
+
+### "No data found" error on Metrics dashboard page
+
 If the "No data found" screen continues to appear, it could be due to:
 
 - No successful deployments have occurred to this environment.