Add latest changes from gitlab-org/gitlab@master

13 files changed, 154 insertions, 56 deletions

diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md
index f590229f79e..e48112af870 100644
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -216,6 +216,8 @@ The following actions on groups generate group audit events:
   [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/377877) in GitLab 15.6.
 - An environment is protected or unprotected.
   [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/216164) in GitLab 15.8.
+- Changes to Code Suggestions.
+  [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/405295) in GitLab 15.11.
 
 ### Project events
 
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index aafef902d10..96ba07025ff 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -22517,6 +22517,7 @@ Check permissions for the current user on a work item.
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
+| <a id="workitempermissionsadminparentlink"></a>`adminParentLink` | [`Boolean!`](#boolean) | Indicates the user can perform `admin_parent_link` on this resource. |
 | <a id="workitempermissionsadminworkitem"></a>`adminWorkItem` | [`Boolean!`](#boolean) | Indicates the user can perform `admin_work_item` on this resource. |
 | <a id="workitempermissionsdeleteworkitem"></a>`deleteWorkItem` | [`Boolean!`](#boolean) | Indicates the user can perform `delete_work_item` on this resource. |
 | <a id="workitempermissionsreadworkitem"></a>`readWorkItem` | [`Boolean!`](#boolean) | Indicates the user can perform `read_work_item` on this resource. |
@@ -24529,6 +24530,7 @@ The status of the security scan.
 | Value | Description |
 | ----- | ----------- |
 | <a id="securityreporttypeenumapi_fuzzing"></a>`API_FUZZING` | API FUZZING scan report. |
+| <a id="securityreporttypeenumbreach_and_attack_simulation"></a>`BREACH_AND_ATTACK_SIMULATION` | BREACH AND ATTACK SIMULATION scan report. |
 | <a id="securityreporttypeenumcluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | CLUSTER IMAGE SCANNING scan report. |
 | <a id="securityreporttypeenumcontainer_scanning"></a>`CONTAINER_SCANNING` | CONTAINER SCANNING scan report. |
 | <a id="securityreporttypeenumcoverage_fuzzing"></a>`COVERAGE_FUZZING` | COVERAGE FUZZING scan report. |
@@ -24545,6 +24547,7 @@ The type of the security scanner.
 | Value | Description |
 | ----- | ----------- |
 | <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing scanner. |
+| <a id="securityscannertypebreach_and_attack_simulation"></a>`BREACH_AND_ATTACK_SIMULATION` | Breach And Attack Simulation scanner. |
 | <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning scanner. |
 | <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning scanner. |
 | <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing scanner. |
diff --git a/doc/architecture/blueprints/runner_scaling/index.md b/doc/architecture/blueprints/runner_scaling/index.md
index 421b380a9f7..de1203843aa 100644
--- a/doc/architecture/blueprints/runner_scaling/index.md
+++ b/doc/architecture/blueprints/runner_scaling/index.md
@@ -216,12 +216,12 @@ sequence diagram.
 
 ![GitLab Runner Autoscaling Overview](gitlab-autoscaling-overview.png)
 
-On the diagrams above we see that currently a GitLab Runner Manager runs on a
+On the diagrams above we see that currently a runner manager runs on a
 machine that has access to a cloud provider's API. It is using Docker Machine
 to provision new Virtual Machines with Docker Engine installed and it
 configures the Docker daemon there to allow external authenticated requests. It
 stores credentials to such ephemeral Docker environments on disk. Once a
-machine has been provisioned and made available for GitLab Runner Manager to
+machine has been provisioned and made available for the runner manager to
 run builds, it is using one of the existing executors to run a user-provided
 script. In auto-scaling, this is typically done using the Docker executor.
 
@@ -283,7 +283,7 @@ coupled with the VM lifecycle and job routing logic. Creating idle capacity
 happens as a side-effect of calling [`Acquire`](https://gitlab.com/gitlab-org/gitlab-runner/-/blob/267f40d871cd260dd063f7fbd36a921fedc62241/executors/docker/machine/provider.go#L449) on the `machineProvider` while binding a job to a VM.
 
 There is also no current abstraction for in-VM job execution. VM-specific
-commands are generated by the Runner Manager using the [`GenerateShellScript`](https://gitlab.com/gitlab-org/gitlab-runner/-/blob/267f40d871cd260dd063f7fbd36a921fedc62241/common/build.go#L336)
+commands are generated by the runner manager using the [`GenerateShellScript`](https://gitlab.com/gitlab-org/gitlab-runner/-/blob/267f40d871cd260dd063f7fbd36a921fedc62241/common/build.go#L336)
 function and [injected](https://gitlab.com/gitlab-org/gitlab-runner/-/blob/267f40d871cd260dd063f7fbd36a921fedc62241/common/build.go#L373)
 into the VM as the manager drives the job execution stages.
 
diff --git a/doc/ci/jobs/job_artifacts.md b/doc/ci/jobs/job_artifacts.md
index bc21282fe36..a6838f2e87a 100644
--- a/doc/ci/jobs/job_artifacts.md
+++ b/doc/ci/jobs/job_artifacts.md
@@ -67,7 +67,7 @@ is used.
 To prevent artifacts from expiring, you can select **Keep** from the job details page.
 The option is not available when an artifact has no expiry set.
 
-### With CI/CD variables to define the artifacts name
+### With a dynamically defined name
 
 You can use [CI/CD variables](../variables/index.md) to dynamically define the
 artifacts file's name.
@@ -186,7 +186,7 @@ job:
   dependencies: []
 ```
 
-## View all job artifacts
+## View all job artifacts in a project
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/254938) in GitLab 15.11 [with a flag](../../administration/feature_flags.md) named `artifacts_management_page`. Disabled by default.
 
@@ -202,21 +202,18 @@ You can download or delete individual artifacts from this list.
 
 ## Download job artifacts
 
-You can download job artifacts by selecting **Download** (**{download}**) from:
+You can download job artifacts from:
 
-- Any **Pipelines** list, to the right of the pipeline select **Download artifacts** (**{download}**).
-- Any **Jobs** list, to the right of the job select **Download artifacts** (**{download}**).
-- A job's detail page, on the right of the page select **Download**.
-- A merge request **Overview** page, to the right of the latest pipeline select **Artifacts** (**{download}**).
-- The [**Artifacts**](#view-all-job-artifacts) page, to the right of the job select **Download** (**{download}**).
-- If the **Browse** (**{folder-open}**) option is available, you can browse the contents of the artifacts
-  from the UI without downloading the artifact. You can also select **Download artifacts archive**
-  from the artifacts browser.
+- Any **Pipelines** list. On the right of the pipeline, select **Download artifacts** (**{download}**).
+- Any **Jobs** list. On the right of the job, select **Download artifacts** (**{download}**).
+- A job's detail page. On the right of the page, select **Download**.
+- A merge request **Overview** page. On the right of the latest pipeline, select **Artifacts** (**{download}**).
+- The [**Artifacts**](#view-all-job-artifacts-in-a-project) page. On the right of the job, select **Download** (**{download}**).
+- The [artifacts browser](#browse-the-contents-of-the-artifacts-archive). On the top of the page,
+  select **Download artifacts archive** (**{download}**).
 
-  If [GitLab Pages](../../administration/pages/index.md) is enabled in the project, you can preview
-  HTML files in the artifacts directly in your browser. If the project is internal or private, you must
-  enable [GitLab Pages access control](../../administration/pages/index.md#access-control) to preview
-  HTML files.
+[Report artifacts](../yaml/artifacts_reports.md) can only be downloaded from the **Pipelines** list
+or **Artifacts** page.
 
 You can download job artifacts from the latest successful pipeline by using [the job artifacts API](../../api/job_artifacts.md).
 You cannot download [artifact reports](../yaml/artifacts_reports.md) with the job artifacts API,
@@ -245,7 +242,21 @@ Artifacts for [parent and child pipelines](../pipelines/downstream_pipelines.md#
 are searched in hierarchical order from parent to child. For example, if both parent and
 child pipelines have a job with the same name, the job artifacts from the parent pipeline are returned.
 
-### From a URL with the artifacts browser
+## Browse the contents of the artifacts archive
+
+You can browse the contents of the artifacts from the UI without downloading the artifact locally,
+from:
+
+- Any **Jobs** list. On the right of the job, select **Browse** (**{folder-open}**).
+- A job's detail page. On the right of the page, select **Browse**.
+- The **Artifacts** page. On the right of the job, select **Browse** (**{folder-open}**).
+
+If [GitLab Pages](../../administration/pages/index.md) is enabled in the project, you can preview
+HTML files in the artifacts directly in your browser. If the project is internal or private, you must
+enable [GitLab Pages access control](../../administration/pages/index.md#access-control) to preview
+HTML files.
+
+### From a URL
 
 You can browse the job artifacts of the latest successful pipeline for a specific job
 with a publicly accessible URL.
diff --git a/doc/ci/runners/configure_runners.md b/doc/ci/runners/configure_runners.md
index 034860abebb..e32ad4ec7de 100644
--- a/doc/ci/runners/configure_runners.md
+++ b/doc/ci/runners/configure_runners.md
@@ -803,7 +803,7 @@ variables:
 NOTE:
 Zip archives are the only supported artifact type. Follow [the issue for details](https://gitlab.com/gitlab-org/gitlab/-/issues/367203).
 
-GitLab Runner can generate and produce attestation metadata for all build artifacts. To enable this feature, you must set the `RUNNER_GENERATE_ARTIFACTS_METADATA` environment variable to `true`. This variable can either be set globally or it can be set for individual jobs. The metadata is in rendered in a plain text `.json` file that's stored with the artifact. The filename is as follows: `{ARTIFACT_NAME}-metadata.json` where `ARTIFACT_NAME` is what was defined as the [name for the artifact](../jobs/job_artifacts.md#with-cicd-variables-to-define-the-artifacts-name) in the CI file. The filename, however, defaults to `artifacts-metadata.json` if no name was given to the build artifacts.
+GitLab Runner can generate and produce attestation metadata for all build artifacts. To enable this feature, you must set the `RUNNER_GENERATE_ARTIFACTS_METADATA` environment variable to `true`. This variable can either be set globally or it can be set for individual jobs. The metadata is in rendered in a plain text `.json` file that's stored with the artifact. The filename is as follows: `{ARTIFACT_NAME}-metadata.json` where `ARTIFACT_NAME` is what was defined as the [name for the artifact](../jobs/job_artifacts.md#with-a-dynamically-defined-name) in the CI file. The filename, however, defaults to `artifacts-metadata.json` if no name was given to the build artifacts.
 
 ### Attestation format
 
diff --git a/doc/ci/runners/index.md b/doc/ci/runners/index.md
index 09525955a02..6883f0727dd 100644
--- a/doc/ci/runners/index.md
+++ b/doc/ci/runners/index.md
@@ -22,7 +22,7 @@ in your [subscription plan](https://about.gitlab.com/pricing/).
 
 GitLab SaaS runners on Linux and Windows run on Google Compute Platform. The [Google Infrastructure Security Design Overview whitepaper](https://cloud.google.com/docs/security/infrastructure/design/resources/google_infrastructure_whitepaper_fa.pdf) provides an overview of how Google designs security into its technical infrastructure. The GitLab [Trust Center](https://about.gitlab.com/security/) and [GitLab Security Compliance Controls](https://about.staging.gitlab.com/handbook/engineering/security/security-assurance/security-compliance/sec-controls.html) pages provide an overview of the security and compliance controls that govern the GitLab SaaS runners.
 
-The runner that serves as a Runner Manager automatically initiates the creation and deletion of the virtual machines (VMs) used for CI jobs. When the Runner Manager picks up a GitLab SaaS CI job, it automatically executes that job on a new VM. There is no human or manual intervention in this process. The following section provides an overview of the additional built-in layers that harden the security of the GitLab Runner SaaS CI build environment.
+The runner that serves as a runner manager automatically initiates the creation and deletion of the virtual machines (VMs) used for CI jobs. When the runner manager picks up a GitLab SaaS CI job, it automatically executes that job on a new VM. There is no human or manual intervention in this process. The following section provides an overview of the additional built-in layers that harden the security of the GitLab Runner SaaS CI build environment.
 
 ### Security of CI job execution on GitLab Runner SaaS (Linux, Windows)
 
@@ -39,4 +39,4 @@ GitLab sends the command to remove the temporary runner VM to the Google Compute
 - Firewall rules only allow outbound communication from the temporary VM to the public internet.
 - Inbound communication from the public internet to the temporary VM is not allowed.
 - Firewall rules do not permit communication between VMs.
-- The only internal communication allowed to the temporary VMs is from the Runner Manager.
+- The only internal communication allowed to the temporary VMs is from the runner manager.
diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md
index 47b2f61bff9..06f574906c5 100644
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -958,7 +958,7 @@ job:
 
 **Related topics**:
 
-- [Use CI/CD variables to define the artifacts name](../jobs/job_artifacts.md#with-cicd-variables-to-define-the-artifacts-name).
+- [Use CI/CD variables to define the artifacts name](../jobs/job_artifacts.md#with-a-dynamically-defined-name).
 
 #### `artifacts:public`
 
diff --git a/doc/development/database/loose_foreign_keys.md b/doc/development/database/loose_foreign_keys.md
index daa022a3de2..91a22d8c26b 100644
--- a/doc/development/database/loose_foreign_keys.md
+++ b/doc/development/database/loose_foreign_keys.md
@@ -64,7 +64,7 @@ The tool ensures that all aspects of swapping a foreign key are covered. This in
 
 - Creating a migration to remove a foreign key.
 - Updating `db/structure.sql` with the new migration.
-- Updating `lib/gitlab/database/gitlab_loose_foreign_keys.yml` to add the new loose foreign key.
+- Updating `config/gitlab_loose_foreign_keys.yml` to add the new loose foreign key.
 - Creating or updating a model's specs to ensure that the loose foreign key is properly supported.
 
 The tool is located at `scripts/decomposition/generate-loose-foreign-key`:
diff --git a/doc/integration/jira/connect-app.md b/doc/integration/jira/connect-app.md
index d78c356305b..c99ee363d2d 100644
--- a/doc/integration/jira/connect-app.md
+++ b/doc/integration/jira/connect-app.md
@@ -135,6 +135,8 @@ To set up your self-managed instance for the GitLab for Jira Cloud app in GitLab
 
 ### Link your instance
 
+See [prerequisites](#prerequisites).
+
 To link your self-managed instance to the GitLab for Jira Cloud app:
 
 1. Install the [GitLab for Jira Cloud app](https://marketplace.atlassian.com/apps/1221011/gitlab-com-for-jira-cloud?tab=overview&hosting=cloud).
@@ -320,3 +322,34 @@ To resolve this issue on GitLab self-managed, follow one of the solutions below,
     - Contact the [Jira Software Cloud support](https://support.atlassian.com/jira-software-cloud/) and ask to trigger a new installed lifecycle event for the GitLab for Jira Cloud app in your namespace.
   - In all GitLab versions:
     - Re-install the GitLab for Jira Cloud app. This might remove all already synced development panel data.
+
+### `Failed to update GitLab version` error when setting up the GitLab for Jira Cloud app for self-managed instances
+
+When you set up the GitLab for Jira Cloud app, you might get the following message after you enter your
+self-managed instance URL:
+
+```plaintext
+Failed to update GitLab version. Please try again.
+```
+
+To resolve this issue, ensure all prerequisites for your installation method have been met:
+
+- [Prerequisites for connecting the GitLab for Jira Cloud app](#prerequisites)
+- [Prerequisites for installing the GitLab for Jira Cloud app manually](#prerequisites-1)
+
+If you're using GitLab 15.8 and earlier and have previously enabled both the `jira_connect_oauth_self_managed`
+and the `jira_connect_oauth` feature flags, you must disable the `jira_connect_oauth_self_managed` flag
+due to a [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/388943). To check for these flags:
+
+1. Open a [Rails console](../../administration/operations/rails_console.md#starting-a-rails-console-session).
+1. Execute the following code:
+
+   ```ruby
+   # Check if both feature flags are enabled.
+   # If the flags are enabled, these commands return `true`.
+   Feature.enabled?(:jira_connect_oauth)
+   Feature.enabled?(:jira_connect_oauth_self_managed)
+
+   # If both flags are enabled, disable the `jira_connect_oauth_self_managed` flag.
+   Feature.disable(:jira_connect_oauth_self_managed)
+   ```
diff --git a/doc/integration/kerberos.md b/doc/integration/kerberos.md
index fb5d1943fe4..dc4dd501363 100644
--- a/doc/integration/kerberos.md
+++ b/doc/integration/kerberos.md
@@ -358,6 +358,16 @@ to a larger value in [the NGINX configuration](https://nginx.org/en/docs/http/ng
 
 ## Troubleshooting
 
+### Using Google Chrome with Kerberos authentication against Windows AD
+
+When you use Google Chrome to sign in to GitLab with Kerberos, you must enter your full username. For example, `username@domain.com`.
+
+If you do not enter your full username, the sign-in fails. Check the logs to see the following event message as evidence of this sign-in failure:
+
+```plain
+"message":"OmniauthKerberosController: failed to process Negotiate/Kerberos authentication: gss_accept_sec_context did not return GSS_S_COMPLETE: An unsupported mechanism was requested\nUnknown error"`.
+```
+
 ### Test connectivity between the GitLab and Kerberos servers
 
 You can use utilities like [`kinit`](https://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/kinit.html) and [`klist`](https://web.mit.edu/kerberos/krb5-1.12/doc/user/user_commands/klist.html) to test connectivity between the GitLab server
diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md
index 46ccb2513a2..49bab0b3b29 100644
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -59,6 +59,7 @@ Different features are available in different [GitLab tiers](https://about.gitla
 | [Configure Secret Detection scanner](#enable-secret-detection)   | **{check-circle}** Yes | **{check-circle}** Yes |
 | [Customize Secret Detection settings](#configure-scan-settings)  | **{check-circle}** Yes | **{check-circle}** Yes |
 | Download [JSON Report](../sast/index.md#reports-json-format)     | **{check-circle}** Yes | **{check-circle}** Yes |
+| [Check text for potential secrets](#warnings-for-potential-leaks-in-text-content) before it's posted | **{check-circle}** Yes | **{check-circle}** Yes |
 | See new findings in the merge request widget                     | **{dotted-circle}** No | **{check-circle}** Yes |
 | View identified secrets in the pipelines' **Security** tab       | **{dotted-circle}** No | **{check-circle}** Yes |
 | [Manage vulnerabilities](../vulnerability_report/index.md)       | **{dotted-circle}** No | **{check-circle}** Yes |
@@ -535,6 +536,26 @@ variable, or as a CI/CD variable.
 - If using a variable, set the value of `ADDITIONAL_CA_CERT_BUNDLE` to the text
   representation of the certificate.
 
+## Warnings for potential leaks in text content
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/368434) in GitLab 15.11.
+
+When you create an issue, propose a merge request, or write a comment, you might accidentally post a sensitive value.
+For example, you might paste in the details of an API request or an environment variable that contains an authentication token.
+
+GitLab checks if the text of your issue description, merge request description, comment, or reply contains a sensitive token.
+If a token is found, a warning message is displayed. You can then edit your message before posting it.
+This check happens in your browser before the message is sent to the server.
+The check is always on; you don't have to set it up.
+
+Your text is checked for the following secret types:
+
+- GitLab [personal access tokens](../../../security/token_overview.md#personal-access-tokens)
+- GitLab [feed tokens](../../../security/token_overview.md#feed-token)
+
+This feature is separate from Secret Detection scanning, which checks your Git repository for leaked secrets.
+[Issue 405147](https://gitlab.com/gitlab-org/gitlab/-/issues/405147) tracks efforts to align these two types of protection.
+
 ## Troubleshooting
 
 ### Set the logging level
diff --git a/doc/user/application_security/secret_detection/post_processing.md b/doc/user/application_security/secret_detection/post_processing.md
index 6d29a488ca2..b05b272b0b4 100644
--- a/doc/user/application_security/secret_detection/post_processing.md
+++ b/doc/user/application_security/secret_detection/post_processing.md
@@ -39,9 +39,38 @@ Credentials are only post-processed when Secret Detection finds them:
 - In public projects, because publicly exposed credentials pose an increased threat. Expansion to private projects is considered in [issue 391379](https://gitlab.com/gitlab-org/gitlab/-/issues/391379).
 - In projects with GitLab Ultimate, for technical reasons. Expansion to all tiers is tracked in [issue 391763](https://gitlab.com/gitlab-org/gitlab/-/issues/391763).
 
+## Partner program for leaked-credential notifications
+
+GitLab notifies partners when credentials they issue are leaked in public repositories on GitLab.com.
+If you operate a cloud or SaaS product and you're interested in receiving these notifications, learn more in [epic 4944](https://gitlab.com/groups/gitlab-org/-/epics/4944).
+Partners must [implement a revocation receiver service](#implement-a-revocation-receiver-service),
+which is called by the Token Revocation API.
+
+### Implement a revocation receiver service
+
+A revocation receiver service integrates with a GitLab instance's Token Revocation API to receive and respond
+to leaked token revocation requests. The service should be a publicly accessible HTTP API that is
+idempotent and rate-limited. Requests to your service from the Token Revocation API look similar to the example
+below:
+
+```plaintext
+POST / HTTP/2
+Accept: */*
+Content-Type: application/json
+X-Gitlab-Token: MYSECRETTOKEN
+
+[
+  {"type": "my_api_token", "token":"XXXXXXXXXXXXXXXX","url": "https://example.com/some-repo/~/raw/abcdefghijklmnop/compromisedfile1.java"}
+]
+```
+
+In this example, Secret Detection has determined that an instance of `my_api_token` has been leaked. The
+value of the token is provided to you, in addition to a publicly accessible URL to the raw content of the
+file containing the leaked token.
+
 ## High-level architecture
 
-This diagram describes how a post-processing hook revokes a secret within the GitLab application:
+This diagram describes how a post-processing hook revokes a secret in the GitLab application:
 
 ```mermaid
 sequenceDiagram
@@ -58,41 +87,12 @@ sequenceDiagram
 ```
 
 1. A pipeline with a Secret Detection job completes, producing a scan report (**1**).
-1. The report is processed (**2**) by a service class, which schedules an asychronous worker if token revocation is possible.
+1. The report is processed (**2**) by a service class, which schedules an asynchronous worker if token revocation is possible.
 1. The asynchronous worker (**3**) communicates with an externally deployed HTTP service
    (**4** and **5**) to determine which kinds of secrets can be automatically revoked.
 1. The worker sends (**6** and **7**) the list of detected secrets which the Token Revocation API is able to
    revoke.
-1. The Token Revocation API sends (**8** and **9**) each revocable token to their respective vendor's [receiver service](#integrate-your-cloud-provider-service-with-gitlabcom).
+1. The Token Revocation API sends (**8** and **9**) each revocable token to their respective vendor's [receiver service](#implement-a-revocation-receiver-service).
 
 See the [Token Revocation API](../../../development/sec/token_revocation_api.md) documentation for more
 information.
-
-## Integrate your cloud provider service with GitLab.com
-
-Third-party cloud and SaaS vendors interested in automated token revocation can
-[express integration interest by filling out this form](https://forms.gle/wWpvrtLRK21Q2WJL9).
-Vendors must [implement a revocation receiver service](#implement-a-revocation-receiver-service)
-which will be called by the Token Revocation API.
-
-### Implement a revocation receiver service
-
-A revocation receiver service integrates with a GitLab instance's Token Revocation API to receive and respond
-to leaked token revocation requests. The service should be a publicly accessible HTTP API that is
-idempotent and rate-limited. Requests to your service from the Token Revocation API will follow the example
-below:
-
-```plaintext
-POST / HTTP/2
-Accept: */*
-Content-Type: application/json
-X-Gitlab-Token: MYSECRETTOKEN
-
-[
-  {"type": "my_api_token", "token":"XXXXXXXXXXXXXXXX","url": "https://example.com/some-repo/~/raw/abcdefghijklmnop/compromisedfile1.java"}
-]
-```
-
-In this example, Secret Detection has determined that an instance of `my_api_token` has been leaked. The
-value of the token is provided to you, in addition to a publicly accessible URL to the raw content of the
-file containing the leaked token.
diff --git a/doc/user/workspace/quick_start/index.md b/doc/user/workspace/quick_start/index.md
new file mode 100644
index 00000000000..d2c58299b64
--- /dev/null
+++ b/doc/user/workspace/quick_start/index.md
@@ -0,0 +1,18 @@
+---
+stage: Create
+group: Editor
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference
+---
+
+> Introduced in GitLab 15.11 [with a flag](../../../administration/feature_flags.md) named `remote_development_feature_flag`. Disabled by default.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available,
+ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `remote_development_feature_flag`.
+On GitLab.com, this feature is not available.
+The feature is not ready for production use.
+
+# Tutorial: Create and run your first GitLab Workspace **(ULTIMATE)**
+
+This tutorial shows you how to configure and run your first Remote Development Workspace in GitLab.