diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-06 06:09:39 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-06 06:09:39 +0300 |
| commit | 6e11ac78e99b33c23fa785c02be9fc21c513b04e (patch) | |
| tree | 222c9e3119c4e24063a2db7271493fd40cdf6ca6 /doc | |
| parent | 5d86ca3d06924e9c0b99be18237ae1e3a805329d (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/user/application_security/dependency_scanning/index.md | 14 | ||||
| -rw-r--r-- | doc/user/public_access.md | 2 |
2 files changed, 9 insertions, 7 deletions
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index 9e01b2ad509..4449cf47431 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -848,7 +848,7 @@ before the feature is made generally available. In addition to the [JSON report file](#reports-json-format), the [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) Dependency Scanning tool outputs a [CycloneDX](https://cyclonedx.org/) Software Bill of Materials (SBOM) for each supported lock or build file it detects. These CycloneDX SBOMs are named -`cyclonedx-<package-type>-<package-manager>.json`, and are saved in the same directory +`gl-sbom-<package-type>-<package-manager>.cdx.json`, and are saved in the same directory as the detected lock or build files. For example, if your project has the following structure: @@ -871,16 +871,16 @@ Then the Gemnasium scanner generates the following CycloneDX SBOMs: . ├── ruby-project/ │ ├── Gemfile.lock -│ └── cyclonedx-gem-bundler.json +│ └── gl-sbom-gem-bundler.cdx.json ├── ruby-project-2/ │ ├── Gemfile.lock -│ └── cyclonedx-gem-bundler.json +│ └── gl-sbom-gem-bundler.cdx.json ├── php-project/ │ ├── composer.lock -│ └── cyclonedx-packagist-composer.json +│ └── gl-sbom-packagist-composer.cdx.json └── go-project/ ├── go.sum - └── cyclonedx-go-go.json + └── gl-sbom-go-go.cdx.json ``` The CycloneDX SBOMs can be downloaded [the same way as other job artifacts](../../../ci/pipelines/job_artifacts.md#download-job-artifacts). @@ -905,10 +905,10 @@ merge cyclonedx sboms: - wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.22.0/cyclonedx-linux-musl-x64 -O /usr/local/bin/cyclonedx-cli - chmod 755 /usr/local/bin/cyclonedx-cli - apk --update add --no-cache icu-dev libstdc++ - - find * -name "cyclonedx-*.json" -exec cyclonedx-cli merge --input-files {} --output-file cyclonedx-all.json + + - find * -name "gl-sbom-*.cdx.json" -exec cyclonedx-cli merge --input-files {} --output-file gl-sbom-all.cdx.json + artifacts: paths: - - cyclonedx-all.json + - gl-sbom-all.cdx.json ``` GitLab uses [CycloneDX Properties](https://cyclonedx.org/use-cases/#properties--name-value-store) diff --git a/doc/user/public_access.md b/doc/user/public_access.md index cca753a2830..d821c1abe47 100644 --- a/doc/user/public_access.md +++ b/doc/user/public_access.md @@ -70,6 +70,8 @@ Prerequisite: Prerequisite: - You must have the Owner role for a group. +- Subgroups and projects must already have visibility settings that are at least as + restrictive as the new setting for the group. 1. On the top bar, select **Menu > Groups** and find your project. 1. On the left sidebar, select **Settings > General**. |