Add latest changes from gitlab-org/gitlab@master

3 files changed, 20 insertions, 19 deletions

diff --git a/doc/ci/pipelines/settings.md b/doc/ci/pipelines/settings.md
index 0a859b5b68f..11aa34c20d2 100644
--- a/doc/ci/pipelines/settings.md
+++ b/doc/ci/pipelines/settings.md
@@ -118,7 +118,8 @@ job log using a regular expression. In the pipelines settings, search for the
 ![Pipelines settings test coverage](img/pipelines_settings_test_coverage.png)
 
 Leave blank if you want to disable it or enter a Ruby regular expression. You
-can use <https://rubular.com> to test your regex.
+can use <https://rubular.com> to test your regex. The regex returns the **last**
+match found in the output.
 
 If the pipeline succeeds, the coverage is shown in the merge request widget and
 in the jobs table.
diff --git a/doc/topics/airgap/index.md b/doc/topics/airgap/index.md
index 854e0103a69..076d4674586 100644
--- a/doc/topics/airgap/index.md
+++ b/doc/topics/airgap/index.md
@@ -70,12 +70,11 @@ registry.
 The project using the `Secure-Binaries.gitlab-ci.yml` template should now host all the required
 images and resources needed to run GitLab Security features.
 
-The next step is to tell the offline instance to use these resources instead of the default ones on
-`gitlab.com`. This can be done by setting the right environment variables:
-`SAST_ANALYZER_IMAGE_PREFIX` for SAST analyzers, `DS_ANALYZER_IMAGE_PREFIX` for Dependency Scanning,
-and so on.
+Next, you must tell the offline instance to use these resources instead of the default ones on
+GitLab.com. To do so, set the environment variable `SECURE_ANALYZERS_PREFIX` with the URL of the
+project [container registry](../../user/packages/container_registry/index.md).
 
-You can set these variables in the project's `.gitlab-ci.yml` files by using the bundle directly, or
+You can set this variable in the projects' `.gitlab-ci.yml`, or
 in the GitLab UI at the project or group level. See the [GitLab CI/CD environment variables page](../../ci/variables/README.md#custom-environment-variables)
 for more information.
 
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 370c6d0e8e7..5652d56aa56 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -313,19 +313,20 @@ Some analyzers can be customized with environment variables.
 
 | Environment variable        | Analyzer | Description |
 |-----------------------------|----------|-------------|
-| `SCAN_KUBERNETES_MANIFESTS` | Kubesec  | Set to `"true"` to scan Kubernetes manifests. |
-| `ANT_HOME`                  | SpotBugs | The `ANT_HOME` environment variable. |
-| `ANT_PATH`                  | SpotBugs | Path to the `ant` executable. |
-| `GRADLE_PATH`               | SpotBugs | Path to the `gradle` executable. |
-| `JAVA_OPTS`                 | SpotBugs | Additional arguments for the `java` executable. |
-| `JAVA_PATH`                 | SpotBugs | Path to the `java` executable. |
-| `SAST_JAVA_VERSION`         | SpotBugs | Which Java version to use. Supported versions are `8` and `11`. Defaults to `8`. |
-| `MAVEN_CLI_OPTS`            | SpotBugs | Additional arguments for the `mvn` or `mvnw` executable. |
-| `MAVEN_PATH`                | SpotBugs | Path to the `mvn` executable. |
-| `MAVEN_REPO_PATH`           | SpotBugs | Path to the Maven local repository (shortcut for the `maven.repo.local` property). |
-| `SBT_PATH`                  | SpotBugs | Path to the `sbt` executable. |
-| `FAIL_NEVER`                | SpotBugs | Set to `1` to ignore compilation failure. |
-| `SAST_GOSEC_CONFIG`         | Gosec    | Path to configuration for Gosec (optional). |
+| `SCAN_KUBERNETES_MANIFESTS`           | Kubesec              | Set to `"true"` to scan Kubernetes manifests. |
+| `ANT_HOME`                            | SpotBugs             | The `ANT_HOME` environment variable. |
+| `ANT_PATH`                            | SpotBugs             | Path to the `ant` executable. |
+| `GRADLE_PATH`                         | SpotBugs             | Path to the `gradle` executable. |
+| `JAVA_OPTS`                           | SpotBugs             | Additional arguments for the `java` executable. |
+| `JAVA_PATH`                           | SpotBugs             | Path to the `java` executable. |
+| `SAST_JAVA_VERSION`                   | SpotBugs             | Which Java version to use. Supported versions are `8` and `11`. Defaults to `8`. |
+| `MAVEN_CLI_OPTS`                      | SpotBugs             | Additional arguments for the `mvn` or `mvnw` executable. |
+| `MAVEN_PATH`                          | SpotBugs             | Path to the `mvn` executable. |
+| `MAVEN_REPO_PATH`                     | SpotBugs             | Path to the Maven local repository (shortcut for the `maven.repo.local` property). |
+| `SBT_PATH`                            | SpotBugs             | Path to the `sbt` executable. |
+| `FAIL_NEVER`                          | SpotBugs             | Set to `1` to ignore compilation failure. |
+| `SAST_GOSEC_CONFIG`                   | Gosec                | Path to configuration for Gosec (optional). |
+| `PHPCS_SECURITY_AUDIT_PHP_EXTENSIONS` | phpcs-security-audit | Comma separated list of additional PHP Extensions. |
 
 #### Custom environment variables