Add latest changes from gitlab-org/gitlab@master

4 files changed, 49 insertions, 12 deletions

diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md
index fe57b451146..004da63476e 100644
--- a/doc/ci/docker/using_docker_build.md
+++ b/doc/ci/docker/using_docker_build.md
@@ -352,11 +352,9 @@ Docker-in-Docker is the recommended configuration, but you should be aware of th
 To use Docker commands in your CI/CD jobs, you can bind-mount `/var/run/docker.sock` into the
 container. Docker is then available in the context of the image.
 
-NOTE:
-If you bind the Docker socket and you are
-[using GitLab Runner 11.11 or later](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/1261),
-you can no longer use `docker:20.10.16-dind` as a service. Volume bindings
-also affect services, making them incompatible.
+> If you bind the Docker socket and you are [using GitLab Runner 11.11 or later](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/1261),
+> you can no longer use `docker:20.10.16-dind` as a service.
+> Volume bindings also affect services, making them incompatible.
 
 To make Docker available in the context of the image, you need to mount
 `/var/run/docker.sock` into the launched containers. To do this with the Docker
@@ -392,6 +390,12 @@ sudo gitlab-runner register -n \
   --docker-volumes /var/run/docker.sock:/var/run/docker.sock
 ```
 
+> If you want to use more complex Docker-in-Docker configurations, like it is necessary to run Code Quality checks with
+> Code Climate, you need to ensure that the paths to the build directory are the same on the host as well as inside the
+> Docker container.
+> See section "[Improve Code Quality performance with private runners](../testing/code_quality.md#improve-code-quality-performance-with-private-runners)"
+> in the Code Quality documentation.
+
 #### Enable registry mirror for `docker:dind` service
 
 When the Docker daemon starts inside the service container, it uses
diff --git a/doc/ci/secrets/id_token_authentication.md b/doc/ci/secrets/id_token_authentication.md
index 12e0402be25..6bb460f9fc7 100644
--- a/doc/ci/secrets/id_token_authentication.md
+++ b/doc/ci/secrets/id_token_authentication.md
@@ -190,3 +190,34 @@ To enable automatic ID token authentication:
 1. Toggle **Limit JSON Web Token (JWT) access** to enabled.
 
 <!--- end_remove -->
+
+## Troubleshooting
+
+### `400: missing token` status code
+
+This error indicates that one or more basic components necessary for ID tokens are
+either missing or not configured as expect.
+
+To find the problem, an administrator can look for more details in the instance's
+`exceptions_json.log` for the specific method that failed.
+
+#### `GitLab::Ci::Jwt::NoSigningKeyError`
+
+This error in the `exceptions_json.log` file is likely because the signing key is
+missing from the database and the token could not be generated. To verify this is the issue,
+run the following query on the instance's PostgreSQL terminal:
+
+```sql
+SELECT encrypted_ci_jwt_signing_key FROM application_settings;
+```
+
+If the returned value is empty, use the Rails snippet below to generate a new key
+and replace it internally:
+
+```ruby
+  key = OpenSSL::PKey::RSA.new(2048).to_pem
+
+  ApplicationSetting.find_each do |application_setting|
+    application_setting.update(ci_jwt_signing_key: key)
+  end
+```
diff --git a/doc/ci/testing/code_quality.md b/doc/ci/testing/code_quality.md
index 6eab50a1f61..5f6af4cb8a9 100644
--- a/doc/ci/testing/code_quality.md
+++ b/doc/ci/testing/code_quality.md
@@ -538,6 +538,12 @@ for more details.
 
 ## Troubleshooting
 
+### The code cannot be found and the pipeline runs always with default configuration
+
+You are probably using a private runner with the Docker-in-Docker socket-binding configuration.
+You should configure Code Quality checks to run on your worker as documented in section
+"[Improve Code Quality performance with private runners](#improve-code-quality-performance-with-private-runners)".
+
 ### Changing the default configuration has no effect
 
 A common issue is that the terms `Code Quality` (GitLab specific) and `Code Climate`
diff --git a/doc/user/application_security/vulnerabilities/index.md b/doc/user/application_security/vulnerabilities/index.md
index 4e937bc11d2..c21a197bcb7 100644
--- a/doc/user/application_security/vulnerabilities/index.md
+++ b/doc/user/application_security/vulnerabilities/index.md
@@ -6,8 +6,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Vulnerability Page **(ULTIMATE)**
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in GitLab 13.0.
-
 Each vulnerability in a project has a vulnerability page containing details of the vulnerability,
 including:
 
@@ -35,8 +33,9 @@ A vulnerability's status can be:
 - **Dismissed**: A user has seen this vulnerability and dismissed it because it is not accurate or
   otherwise not to be resolved. Dismissed vulnerabilities are ignored if detected in subsequent
   scans.
-- **Resolved**: The vulnerability has been fixed or is no longer present. Resolved vulnerabilities
-  that are reintroduced and detected by subsequent scans have a _new_ vulnerability record created.
+- **Resolved**: The vulnerability has been fixed or is no longer present. If a resolved
+  vulnerability is reintroduced and detected again, its record is reinstated and its status set to
+  detected.
 
 ## Vulnerability dismissal reasons
 
@@ -96,9 +95,6 @@ The issue is then opened so you can take further action.
 
 ### Create a Jira issue for a vulnerability
 
-> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4677) in GitLab 13.9 [with a flag](../../../administration/feature_flags.md) named `jira_for_vulnerabilities`. Disabled by default.
-> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/283850) in GitLab 13.12. Feature flag `jira_for_vulnerabilities` removed.
-
 Prerequisites:
 
 - [Enable Jira integration](../../../integration/jira/index.md). The **Enable Jira issue creation