Add latest changes from gitlab-org/gitlab@master

10 files changed, 67 insertions, 42 deletions

diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 539f1c1d33f..916c01958ca 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -85,6 +85,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
+| <a id="queryciminutesusagedate"></a>`date` | [`Date`](#date) | Date for which to retrieve the usage data, should be the first day of a month. |
 | <a id="queryciminutesusagenamespaceid"></a>`namespaceId` | [`NamespaceID`](#namespaceid) | Global ID of the Namespace for the monthly CI/CD minutes usage. |
 
 ### `Query.ciVariables`
@@ -21215,6 +21216,7 @@ Describes an incident management timeline event.
 | <a id="timelogissue"></a>`issue` | [`Issue`](#issue) | Issue that logged time was added to. |
 | <a id="timelogmergerequest"></a>`mergeRequest` | [`MergeRequest`](#mergerequest) | Merge request that logged time was added to. |
 | <a id="timelognote"></a>`note` | [`Note`](#note) | Note where the quick action was executed to add the logged time. |
+| <a id="timelogproject"></a>`project` | [`Project!`](#project) | Target project of the timelog merge request or issue. |
 | <a id="timelogspentat"></a>`spentAt` | [`Time`](#time) | Timestamp of when the time tracked was spent at. |
 | <a id="timelogsummary"></a>`summary` | [`String`](#string) | Summary of how the time was spent. |
 | <a id="timelogtimespent"></a>`timeSpent` | [`Int!`](#int) | Time spent displayed in seconds. |
diff --git a/doc/development/internal_api/index.md b/doc/development/internal_api/index.md
index 1c7499f1b6d..c1c0177609b 100644
--- a/doc/development/internal_api/index.md
+++ b/doc/development/internal_api/index.md
@@ -811,9 +811,44 @@ Example response:
 
 ## Storage limit exclusions
 
-The namespace storage limit exclusions endpoints manage storage limit exclusions on top-level namespaces on GitLab.com.
+The namespace storage limit exclusion endpoints manage storage limit exclusions on top-level namespaces on GitLab.com.
 These endpoints can only be consumed in the Admin Area of GitLab.com.
 
+### Retrieve storage limit exclusions
+
+Use a GET request to retrieve all `Namespaces::Storage::LimitExclusion` records.
+
+```plaintext
+GET /namespaces/storage/limit_exclusions
+```
+
+Example request:
+
+```shell
+curl --request GET \
+  --url "https://gitlab.com/v4/namespaces/storage/limit_exclusions" \
+  --header 'PRIVATE-TOKEN: <admin access token>' 
+```
+
+Example response:
+
+```json
+[
+    {
+      "id": 1,
+      "namespace_id": 1234,
+      "namespace_name": "A Namespace Name",
+      "reason": "a reason to exclude the Namespace"
+    },
+    {
+      "id": 2,
+      "namespace_id": 4321,
+      "namespace_name": "Another Namespace Name",
+      "reason": "another reason to exclude the Namespace"
+    },
+]
+```
+
 ### Create a storage limit exclusion
 
 Use a POST request to create an `Namespaces::Storage::LimitExclusion`.
diff --git a/doc/tutorials/index.md b/doc/tutorials/index.md
index d634e8e5743..aee3adba919 100644
--- a/doc/tutorials/index.md
+++ b/doc/tutorials/index.md
@@ -89,6 +89,7 @@ GitLab can check your application for security vulnerabilities and that it meets
 |-------|-------------|--------------------|
 | [Set up dependency scanning](https://about.gitlab.com/blog/2021/01/14/try-dependency-scanning/) | Try out dependency scanning, which checks for known vulnerabilities in dependencies. | **{star}** |
 | [Create a compliance pipeline](create_compliance_pipeline.md) | Learn how to create compliance pipelines for your groups. | **{star}** |
+| [Set up a scan result policy](scan_result_policy.md) | Learn how to configure a scan result policy that takes action based on scan results. | **{star}** |
 | [Get started with GitLab application security](../user/application_security/get-started-security.md) | Follow recommended steps to set up security tools. | |
 | [GitLab Security Essentials](https://levelup.gitlab.com/courses/security-essentials) | Learn about the essential security capabilities of GitLab in this self-paced course. | |
 
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index 492b200d22b..d2452441c38 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -101,7 +101,7 @@ The following vulnerability scanners and their databases are regularly updated:
 
 | Secure scanning tool                                            | Vulnerabilities database updates |
 |:----------------------------------------------------------------|:---------------------------------|
-| [Container Scanning](container_scanning/index.md)            | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. For more details, see [Vulnerabilities database update](container_scanning/index.md#vulnerabilities-database). |
+| [Container Scanning](container_scanning/index.md)            | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. GitLab monitors this job through an internal alert that tells the engineering team when the database becomes more than 48 hours old. For more information, see the [Vulnerabilities database update](container_scanning/index.md#vulnerabilities-database). |
 | [Dependency Scanning](dependency_scanning/index.md)          | Relies on the [GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db). It is updated on a daily basis using [data from NVD, the `ruby-advisory-db` and the GitHub Advisory Database as data sources](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/SOURCES.md). See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). |
 | [Dynamic Application Security Testing (DAST)](dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
 | [Static Application Security Testing (SAST)](sast/index.md)  | The source of scan rules depends on which [analyzer](sast/analyzers.md) is used for each [supported programming language](sast/index.md#supported-languages-and-frameworks). GitLab maintains a ruleset for the Semgrep-based analyzer and updates it regularly based on internal research and user feedback. For other analyzers, the ruleset is sourced from the upstream open-source scanner. Each analyzer is updated at least once per month if a relevant update is available. |
diff --git a/doc/user/enterprise_user/index.md b/doc/user/enterprise_user/index.md
index b6a823c656f..901731ad6f9 100644
--- a/doc/user/enterprise_user/index.md
+++ b/doc/user/enterprise_user/index.md
@@ -22,7 +22,7 @@ A user account is considered an enterprise account when:
 - [SCIM](../group/saml_sso/scim_setup.md) creates the user account on behalf of
   the group.
 
-A user can also [manually connect an identity provider (IdP) to a GitLab account whose email address matches the subscribing organization's domain](../group/saml_sso/index.md#linking-saml-to-your-existing-gitlabcom-account).
+A user can also [manually connect an identity provider (IdP) to a GitLab account whose email address matches the subscribing organization's domain](../group/saml_sso/index.md#link-saml-to-your-existing-gitlabcom-account).
 By selecting **Authorize** when connecting these two accounts, the user account
 with the matching email address is classified as an enterprise user. However, this
 user account does not have an **Enterprise** badge in GitLab.
diff --git a/doc/user/group/import/index.md b/doc/user/group/import/index.md
index a8617677e43..433c842384c 100644
--- a/doc/user/group/import/index.md
+++ b/doc/user/group/import/index.md
@@ -122,7 +122,7 @@ To ensure GitLab maps users and their contributions correctly:
 1. Ensure that users have a public email on the source GitLab instance that matches any confirmed email address on the destination GitLab instance. Most
    users receive an email asking them to confirm their email address.
 1. If users already exist on the destination instance and you use [SAML SSO for GitLab.com groups](../../group/saml_sso/index.md), all users must
-   [link their SAML identity to their GitLab.com account](../../group/saml_sso/index.md#linking-saml-to-your-existing-gitlabcom-account).
+   [link their SAML identity to their GitLab.com account](../../group/saml_sso/index.md#link-saml-to-your-existing-gitlabcom-account).
 
 ### Connect the source GitLab instance
 
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index a76eca4ffac..bf5c58ef442 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -59,7 +59,7 @@ To set up SSO with Azure as your identity provider:
 1. Make sure the identity provider is set to have provider-initiated calls
    to link existing GitLab accounts.
 
-1. Optional. If you use [Group Sync](#group-sync), customize the name of the
+1. Optional. If you use [Group Sync](group_sync.md), customize the name of the
    group claim to match the required attribute.
 
 <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
@@ -227,8 +227,6 @@ After you set up your identity provider to work with GitLab, you must configure
    For more information, see the [SSO enforcement documentation](#sso-enforcement).
 1. Select **Save changes**.
 
-![Group SAML Settings for GitLab.com](img/group_saml_settings_v13_12.png)
-
 NOTE:
 The certificate [fingerprint algorithm](../../../integration/saml.md#configure-saml-on-your-idp) must be in SHA1. When configuring the identity provider (such as [Google Workspace](#set-up-google-workspace)), use a secure signature algorithm.
 
@@ -260,7 +258,7 @@ You can pass user information to GitLab as attributes in the SAML assertion.
 
 For more information, see the [attributes available for self-managed GitLab instances](../../../integration/saml.md#configure-assertions).
 
-### Linking SAML to your existing GitLab.com account
+### Link SAML to your existing GitLab.com account
 
 > **Remember me** checkbox [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/121569) in GitLab 15.7.
 
@@ -274,9 +272,9 @@ To link SAML to your existing GitLab.com account:
 1. Enter your credentials on the identity provider if prompted.
 1. You are then redirected back to GitLab.com and should now have access to the group. In the future, you can use SAML to sign in to GitLab.com.
 
-On subsequent visits, you should be able to go [sign in to GitLab.com with SAML](#signing-in-to-gitlabcom-with-saml) or by visiting links directly. If the **enforce SSO** option is turned on, you are then redirected to sign in through the identity provider.
+On subsequent visits, you should be able to go [sign in to GitLab.com with SAML](#sign-in-to-gitlabcom-with-saml) or by visiting links directly. If the **enforce SSO** option is turned on, you are then redirected to sign in through the identity provider.
 
-### Signing in to GitLab.com with SAML
+### Sign in to GitLab.com with SAML
 
 1. Sign in to your identity provider.
 1. From the list of apps, select the "GitLab.com" app. (The name is set by the administrator of the identity provider.)
@@ -291,8 +289,8 @@ If [SCIM](scim_setup.md) is configured, group owners can update the SCIM identit
 
 Alternatively, ask the users to reconnect their SAML account.
 
-1. Ask relevant users to [unlink their account from the group](#unlinking-accounts).
-1. Ask relevant users to [link their account to the new SAML app](#linking-saml-to-your-existing-gitlabcom-account).
+1. Ask relevant users to [unlink their account from the group](#unlink-accounts).
+1. Ask relevant users to [link their account to the new SAML app](#link-saml-to-your-existing-gitlabcom-account).
 
 ### Configure user settings from SAML response
 
@@ -305,9 +303,9 @@ created via [SCIM](scim_setup.md) or by first sign-in with SAML SSO for GitLab.c
 
 #### Supported user attributes
 
-- `can_create_group` - 'true' or 'false' to indicate whether the user can create
+- **can_create_group** - `true` or `false` to indicate whether the user can create
   new groups. Default is `true`.
-- `projects_limit` - The total number of personal projects a user can create.
+- **projects_limit** - The total number of personal projects a user can create.
   A value of `0` means the user cannot create new projects in their personal
   namespace. Default is `10000`.
 
@@ -365,7 +363,7 @@ If a user is already a member of the group, linking the SAML identity does not c
 
 Users given a "minimal access" role have [specific restrictions](../../permissions.md#users-with-minimal-access).
 
-### Blocking access
+### Block user access
 
 To rescind a user's access to the group when only SAML SSO is configured, either:
 
@@ -376,7 +374,7 @@ To rescind a user's access to the group when only SAML SSO is configured, either
 
 To rescind a user's access to the group when also using SCIM, refer to [Remove access](scim_setup.md#remove-access).
 
-### Unlinking accounts
+### Unlink accounts
 
 Users can unlink SAML for a group from their profile page. This can be helpful if:
 
@@ -398,10 +396,6 @@ For example, to unlink the `MyOrg` account:
 1. On the left sidebar, select **Account**.
 1. In the **Service sign-in** section, select **Disconnect** next to the connected account.
 
-## Group Sync
-
-For information on automatically managing GitLab group membership, see [SAML Group Sync](group_sync.md).
-
 ## NameID
 
 GitLab.com uses the SAML **NameID** to identify users. The **NameID** is:
@@ -518,6 +512,7 @@ immediately. If the user:
 - [Glossary](../../../integration/saml.md#glossary)
 - [Authentication comparison between SaaS and self-managed](../../../administration/auth/index.md#saas-vs-self-managed-comparison)
 - [Passwords for users created through integrated authentication](../../../security/passwords_for_integrated_authentication_methods.md)
+- [SAML Group Sync](group_sync.md)
 
 ## Troubleshooting
 
diff --git a/doc/user/group/saml_sso/scim_setup.md b/doc/user/group/saml_sso/scim_setup.md
index a61615104c1..9c4ae9e7a27 100644
--- a/doc/user/group/saml_sso/scim_setup.md
+++ b/doc/user/group/saml_sso/scim_setup.md
@@ -214,7 +214,7 @@ To link your SCIM and SAML identities:
 
 1. Update the [primary email](../../profile/index.md#change-your-primary-email) address in your GitLab.com user account
    to match the user profile email address in your identity provider.
-1. [Link your SAML identity](index.md#linking-saml-to-your-existing-gitlabcom-account).
+1. [Link your SAML identity](index.md#link-saml-to-your-existing-gitlabcom-account).
 
 ### Remove access
 
diff --git a/doc/user/group/saml_sso/troubleshooting.md b/doc/user/group/saml_sso/troubleshooting.md
index a022c299d0f..103ab0b6ed6 100644
--- a/doc/user/group/saml_sso/troubleshooting.md
+++ b/doc/user/group/saml_sso/troubleshooting.md
@@ -167,7 +167,7 @@ you must set `attribute_statements` in the SAML configuration to
 
 This error suggests you are signed in as a GitLab user but have already linked your SAML identity to a different GitLab user. Sign out and then try to sign in again using SAML, which should log you into GitLab with the linked user account.
 
-If you do not wish to use that GitLab user with the SAML login, you can [unlink the GitLab account from the SAML app](index.md#unlinking-accounts).
+If you do not wish to use that GitLab user with the SAML login, you can [unlink the GitLab account from the SAML app](index.md#unlink-accounts).
 
 ### Message: "SAML authentication failed: User has already been taken"
 
@@ -176,7 +176,7 @@ Here are possible causes and solutions:
 
 | Cause                                                                                          | Solution                                                                                                                                                                   |
 | ---------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| You've tried to link multiple SAML identities to the same user, for a given identity provider. | Change the identity that you sign in with. To do so, [unlink the previous SAML identity](index.md#unlinking-accounts) from this GitLab account before attempting to sign in again. |
+| You've tried to link multiple SAML identities to the same user, for a given identity provider. | Change the identity that you sign in with. To do so, [unlink the previous SAML identity](index.md#unlink-accounts) from this GitLab account before attempting to sign in again. |
 | The `NameID` changes every time the user requests SSO identification | [Check the `NameID`](#verify-nameid) is not set with `Transient` format, or the `NameID` is not changing on subsequent requests.|
 
 ### Message: "SAML authentication failed: Email has already been taken"
@@ -196,7 +196,7 @@ User accounts are created in one of the following ways:
 
 Getting both of these errors at the same time suggests the `NameID` capitalization provided by the identity provider didn't exactly match the previous value for that user.
 
-This can be prevented by configuring the `NameID` to return a consistent value. Fixing this for an individual user involves changing the identifier for the user. For GitLab.com, the user needs to [unlink their SAML from the GitLab account](index.md#unlinking-accounts).
+This can be prevented by configuring the `NameID` to return a consistent value. Fixing this for an individual user involves changing the identifier for the user. For GitLab.com, the user needs to [unlink their SAML from the GitLab account](index.md#unlink-accounts).
 
 ### Message: "Request to link SAML account must be authorized"
 
@@ -209,7 +209,7 @@ initiated by the service provider and not only the identity provider.
 
 ### Message: "There is already a GitLab account associated with this email address. Sign in with your existing credentials to connect your organization's account" **(PREMIUM SAAS)**
 
-A user can see this message when they are trying to [manually link SAML to their existing GitLab.com account](index.md#linking-saml-to-your-existing-gitlabcom-account).
+A user can see this message when they are trying to [manually link SAML to their existing GitLab.com account](index.md#link-saml-to-your-existing-gitlabcom-account).
 
 To resolve this problem, the user should check they are using the correct GitLab password to sign in. The user first needs
 to [reset their password](https://gitlab.com/users/password/new) if both:
@@ -233,7 +233,7 @@ This can then be compared to the `NameID` being sent by the identity provider by
 
 Ensure that the **GitLab single sign-on URL** (for GitLab.com) or the instance URL (for self-managed) has been configured as "Login URL" (or similarly named field) in the identity provider's SAML app.
 
-For GitLab.com, alternatively, when users need to [link SAML to their existing GitLab.com account](index.md#linking-saml-to-your-existing-gitlabcom-account), provide the **GitLab single sign-on URL** and instruct users not to use the SAML app on first sign in.
+For GitLab.com, alternatively, when users need to [link SAML to their existing GitLab.com account](index.md#link-saml-to-your-existing-gitlabcom-account), provide the **GitLab single sign-on URL** and instruct users not to use the SAML app on first sign in.
 
 ### Users receive a 404 **(PREMIUM SAAS)**
 
@@ -245,7 +245,7 @@ If you receive a `404` during setup when using "verify configuration", make sure
 [SHA-1 generated fingerprint](../../../integration/saml.md#configure-saml-on-your-idp).
 
 If a user is trying to sign in for the first time and the GitLab single sign-on URL has not [been configured](index.md#set-up-identity-provider), they may see a 404.
-As outlined in the [user access section](index.md#linking-saml-to-your-existing-gitlabcom-account), a group Owner needs to provide the URL to users.
+As outlined in the [user access section](index.md#link-saml-to-your-existing-gitlabcom-account), a group Owner needs to provide the URL to users.
 
 If all users are receiving a `404` after signing in to the identity provider (IdP):
 
@@ -317,4 +317,4 @@ This error appears when you try to invite a user to a GitLab.com group (or subgr
 If you see this message after trying to invite a user to a group:
 
 1. Ensure the user has been [added to the SAML identity provider](index.md#user-access-and-management).
-1. Ask the user to [link SAML to their existing GitLab.com account](index.md#linking-saml-to-your-existing-gitlabcom-account), if they have one. Otherwise, ask the user to create a GitLab.com account by [accessing GitLab.com through the identity provider's dashboard](index.md#user-access-and-management), or by [signing up manually](https://gitlab.com/users/sign_up) and linking SAML to their new account.
+1. Ask the user to [link SAML to their existing GitLab.com account](index.md#link-saml-to-your-existing-gitlabcom-account), if they have one. Otherwise, ask the user to create a GitLab.com account by [accessing GitLab.com through the identity provider's dashboard](index.md#user-access-and-management), or by [signing up manually](https://gitlab.com/users/sign_up) and linking SAML to their new account.
diff --git a/doc/user/markdown.md b/doc/user/markdown.md
index d7f8176001f..0dfadba9dcb 100644
--- a/doc/user/markdown.md
+++ b/doc/user/markdown.md
@@ -390,15 +390,15 @@ the language declared as `math` is rendered on a separate line:
 ````markdown
 This math is inline: $`a^2+b^2=c^2`$.
 
-This math is on a separate line:
+This math is on a separate line using a ```` ```math ```` block:
 
 ```math
 a^2+b^2=c^2
 ```
 
-This math is on a separate line: $$a^2+b^2=c^2$$
+This math is on a separate line using inline `$$`: $$a^2+b^2=c^2$$
 
-This math is on a separate line:
+This math is on a separate line using a `$$...$$` block:
 
 $$
 a^2+b^2=c^2
@@ -407,23 +407,15 @@ $$
 
 This math is inline: $`a^2+b^2=c^2`$.
 
-This math is on a separate line:
+This math is on a separate line using a ```` ```math ```` block:
 
 ```math
 a^2+b^2=c^2
 ```
 
-This math is on a separate line: $$a^2+b^2=c^2$$
+This math is on a separate line using inline `$$`: $$a^2+b^2=c^2$$
 
-This math is on a separate line:
-
-$$
-a^2+b^2=c^2
-$$
-
-This math is on a separate line: $$a^2+b^2=c^2$$
-
-This math is on a separate line:
+This math is on a separate line using a `$$...$$` block:
 
 $$
 a^2+b^2=c^2