diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-20 15:09:30 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-04-20 15:09:30 +0300 |
commit | 0549ffef0d4f862a7354847dd185725cc196eed0 (patch) | |
tree | ab738498979b577ad3c89a986c6690250bcff104 /doc | |
parent | 03409cccee9b1cd8104484077338790add355c7d (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/operations/rails_console.md | 4 | ||||
-rw-r--r-- | doc/development/usage_ping/dictionary.md | 2 | ||||
-rw-r--r-- | doc/user/application_security/index.md | 40 | ||||
-rw-r--r-- | doc/user/application_security/policies/index.md | 14 |
4 files changed, 52 insertions, 8 deletions
diff --git a/doc/administration/operations/rails_console.md b/doc/administration/operations/rails_console.md index 1fe1ea96bff..c9e5253fbd1 100644 --- a/doc/administration/operations/rails_console.md +++ b/doc/administration/operations/rails_console.md @@ -149,7 +149,7 @@ Traceback (most recent call last): /opt/gitlab/..../runner_command.rb:42:in `load': cannot load such file -- /tmp/helloworld.rb (LoadError) ``` -In case you encouter a similar error to this: +In case you encounter a similar error to this: ```plaintext [root ~]# sudo gitlab-rails runner helloworld.rb @@ -159,7 +159,7 @@ Run 'rails runner -h' for help. undefined local variable or method `helloworld' for main:Object ``` -You can either move the file to the `/tmp` directory or create a new directory onwed by the user `git` and save the script in that directory as illustrated below: +You can either move the file to the `/tmp` directory or create a new directory owned by the user `git` and save the script in that directory as illustrated below: ```shell sudo mkdir /scripts diff --git a/doc/development/usage_ping/dictionary.md b/doc/development/usage_ping/dictionary.md index cb53d088907..16cb15882eb 100644 --- a/doc/development/usage_ping/dictionary.md +++ b/doc/development/usage_ping/dictionary.md @@ -6382,7 +6382,7 @@ Tiers: `free` ### `edition` -Edition of GitLab such as EE, CE, Bronze, Silver, Gold +Edition of GitLab such as EE or CE [YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/config/metrics/license/20210216175604_edition.yml) diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 1ba2161362c..1f9c8ecd0a3 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -412,6 +412,46 @@ You can do it quickly by following the hyperlink given to run a new pipeline. ![Run a new pipeline](img/outdated_report_pipeline_v12_9.png) +## Security report validation + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321918) in GitLab 13.11. + +As of GitLab 13.11, we've introduced the **optional** validation of the security report artifacts based on the +[report schemas](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/tree/master/dist). +If you enable validation, GitLab validates the report artifacts before ingesting the vulnerabilities. +This prevents ingesting broken vulnerability data into the database. + +### Enable security report validation + +To enable report artifacts validation, set the `VALIDATE_SCHEMA` environment variable to `"true"` for the jobs in the `.gitlab-ci.yml` file. + +For example, the configuration below enables validation for only the `sast` job: + + ```yaml + include: + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/License-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml + + stages: + - security-scan + + dependency_scanning: + stage: security-scan + + license_scanning: + stage: security-scan + + sast: + stage: security-scan + variables: + VALIDATE_SCHEMA: "true" + + .secret-analyzer: + stage: security-scan + ``` + ## Troubleshooting ### Getting error message `sast job: stage parameter should be [some stage name here]` diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md index 208fbdfa5f3..c910ae6b662 100644 --- a/doc/user/application_security/policies/index.md +++ b/doc/user/application_security/policies/index.md @@ -66,7 +66,8 @@ scan_execution_policy: enabled: true rules: - type: pipeline - branch: master + branches: + - master actions: - scan: dast scanner_profile: Scanner Profile A @@ -76,7 +77,8 @@ scan_execution_policy: enabled: true rules: - type: pipeline - branch: main + branches: + - main actions: - scan: dast scanner_profile: Scanner Profile C @@ -108,7 +110,7 @@ This rule enforces the defined actions whenever the pipeline runs for a selected | Field | Type | Possible values | Description | |-------|------|-----------------|-------------| | `type` | `string` | `pipeline` | The rule's type. | -| `branch` | `string` | `*` or the branch's name | The branch the given policy applies to (supports wildcard). | +| `branches` | `array` of `string` | `*` or the branch's name | The branch the given policy applies to (supports wildcard). | ### `scan` action type @@ -140,7 +142,8 @@ scan_execution_policy: enabled: true rules: - type: pipeline - branch: release/* + branches: + - release/* actions: - scan: dast scanner_profile: Scanner Profile A @@ -150,7 +153,8 @@ scan_execution_policy: enabled: true rules: - type: pipeline - branch: main + branches: + - main actions: - scan: dast scanner_profile: Scanner Profile C |