Add latest changes from gitlab-org/gitlab@master

4 files changed, 42 insertions, 25 deletions

diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index c97f920af3d..e6d88904341 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -959,6 +959,7 @@ Input type: `AiActionInput`
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="mutationaiactionclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
+| <a id="mutationaiactionexplaincode"></a>`explainCode` | [`AiExplainCodeInput`](#aiexplaincodeinput) | Input for explain_code AI action. |
 | <a id="mutationaiactionsummarizecomments"></a>`summarizeComments` | [`AiSummarizeCommentsInput`](#aisummarizecommentsinput) | Input for summarize_comments AI action. |
 
 #### Fields
@@ -26480,6 +26481,24 @@ be used as arguments).
 Only general use input types are listed here. For mutation input types,
 see the associated mutation type above.
 
+### `AiExplainCodeInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="aiexplaincodeinputmessages"></a>`messages` | [`[AiExplainCodeMessageInput!]!`](#aiexplaincodemessageinput) | Code messages that is passed to be explained by AI. |
+| <a id="aiexplaincodeinputresourceid"></a>`resourceId` | [`AiModelID!`](#aimodelid) | GID of the resource to mutate. |
+
+### `AiExplainCodeMessageInput`
+
+#### Arguments
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="aiexplaincodemessageinputcontent"></a>`content` | [`String!`](#string) | Content of the message. |
+| <a id="aiexplaincodemessageinputrole"></a>`role` | [`String!`](#string) | Role of the message (system, user, assistant). |
+
 ### `AiSummarizeCommentsInput`
 
 #### Arguments
diff --git a/doc/api/project_import_export.md b/doc/api/project_import_export.md
index 22df2b2ef4a..0e52bb959cb 100644
--- a/doc/api/project_import_export.md
+++ b/doc/api/project_import_export.md
@@ -255,9 +255,7 @@ The `Content-Type` header must be `application/gzip`.
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/348874) in GitLab 14.9 in [Beta](https://about.gitlab.com/handbook/product/gitlab-the-product/#beta), [with a flag](../administration/feature_flags.md) named `import_project_from_remote_file_s3`. Disabled by default.
 > - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/348874) in GitLab 14.10.
-
-FLAG:
-On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `import_project_from_remote_file_s3`. On GitLab.com, this feature is available.
+> - [Enabled globally](https://gitlab.com/gitlab-org/gitlab/-/issues/350571) in GitLab 15.11.
 
 ```plaintext
 POST /projects/remote-import-s3
diff --git a/doc/architecture/blueprints/secret_detection/index.md b/doc/architecture/blueprints/secret_detection/index.md
index 9911fd04667..de240646b37 100644
--- a/doc/architecture/blueprints/secret_detection/index.md
+++ b/doc/architecture/blueprints/secret_detection/index.md
@@ -170,20 +170,20 @@ sequenceDiagram
 
 ## Iterations
 
-- [x] Define [requirements for detection coverage and actions](https://gitlab.com/gitlab-org/gitlab/-/issues/376716)
-- [x] Implement [Clientside detection of GitLab tokens within comments/issues](https://gitlab.com/gitlab-org/gitlab/-/issues/368434)
-- [ ] PoC of secret scanning service
-      - [ ] Benchmarking of issuables, comments, job logs and blobs to gain confidence that the total costs will be viable
-      - [ ] Capacity planning for addition of service component to Reference Architectures headroom
-      - [ ] Service capabilities
-          - [ ] gRPC commit retrieval from Gitaly
-          - [ ] blob scanning
-- [ ] Implementation of secret scanning service MVC (targeting individual commits)
-- [ ] Security and readiness review
-- [ ] Deployment and monitoring
-- [ ] Implementation of secret scanning service MVC (targeting arbitrary text blobs)
-- [ ] Deployment and monitoring
-- [ ] High priority domain object rollout (priority `TBD`)
-      - [ ] Issuable comments
-      - [ ] Issuable bodies
-      - [ ] Job logs
+- ✓ Define [requirements for detection coverage and actions](https://gitlab.com/gitlab-org/gitlab/-/issues/376716)
+- ✓ Implement [Clientside detection of GitLab tokens within comments/issues](https://gitlab.com/gitlab-org/gitlab/-/issues/368434)
+- PoC of secret scanning service
+  - Benchmarking of issuables, comments, job logs and blobs to gain confidence that the total costs will be viable
+  - Capacity planning for addition of service component to Reference Architectures headroom
+  - Service capabilities
+    - gRPC commit retrieval from Gitaly
+    - blob scanning
+- Implementation of secret scanning service MVC (targeting individual commits)
+- Security and readiness review
+- Deployment and monitoring
+- Implementation of secret scanning service MVC (targeting arbitrary text blobs)
+- Deployment and monitoring
+- High priority domain object rollout (priority `TBD`)
+  - Issuable comments
+  - Issuable bodies
+  - Job logs
diff --git a/doc/development/sec/security_report_ingestion_overview.md b/doc/development/sec/security_report_ingestion_overview.md
index 492d840e800..aca33990b0f 100644
--- a/doc/development/sec/security_report_ingestion_overview.md
+++ b/doc/development/sec/security_report_ingestion_overview.md
@@ -12,7 +12,7 @@ The `Vulnerability::Feedback` model is currently undergoing deprecation and shou
 
 ## Commonly used terms
 
-### Feedback 
+### Feedback
 
 An instance of `Vulnerabilities::Feedback` class. They are created to keep track of users' interactions with Vulnerability Findings before they are promoted to a Vulnerability. This model is deprecated and due to be removed by GitLab 16.0 as part of the [Deprecate and remove Vulnerabilities::Feedback epic](https://gitlab.com/groups/gitlab-org/-/epics/5629).
 
@@ -38,7 +38,7 @@ An instance of the `Vulnerabilities::StateTransition` class. This model represen
 
 ### Vulnerability
 
-An instance of `Vulnerability` class. A `Vulnerability` is representative of a `Vulnerability::Finding` which has been detected in the default branch of the project, or if the `present_on_default_branch` flag is false, is representative of a finding which has been interacted with in some way outside of the default branch, such as if it is dismissed (`State Transition`), or linked to an `Issue` or `Merge Request`. They are created based on information available in `Vulnerabilities::Finding` class. Every `Vulnerability` **must have** a corresponding `Vulnerabilities::Finding` object to be valid, however this is not enforced at the database level. 
+An instance of `Vulnerability` class. A `Vulnerability` is representative of a `Vulnerability::Finding` which has been detected in the default branch of the project, or if the `present_on_default_branch` flag is false, is representative of a finding which has been interacted with in some way outside of the default branch, such as if it is dismissed (`State Transition`), or linked to an `Issue` or `Merge Request`. They are created based on information available in `Vulnerabilities::Finding` class. Every `Vulnerability` **must have** a corresponding `Vulnerabilities::Finding` object to be valid, however this is not enforced at the database level.
 
 ### Finding
 
@@ -81,7 +81,7 @@ At this point, the following things can happen to the `Security::Finding` which
 
 ### Scan runs in a pipeline for the default branch
 
-If the pipeline ran on the default branch then the following steps, in addition to the steps in [#scan-runs-in-a-pipeline-for-a-non-default-branch], are executed:
+If the pipeline ran on the default branch then the following steps, in addition to the steps in [Scan runs in a pipeline for a non-default branch](#scan-runs-in-a-pipeline-for-a-non-default-branch), are executed:
 
 1. `Security::StoreScansService` gets called and schedules `StoreSecurityReportsWorker`.
 1. `StoreSecurityReportsWorker` executes `Security::Ingestion::IngestReportsService`.
@@ -92,8 +92,8 @@ If the pipeline ran on the default branch then the following steps, in addition
 
 If you change the state of a vulnerability, such as selecting `Dismiss vulnerability` the following things currently happen:
 
-- A `Feedback` record of `dismissal` type is created to record the current state. 
-- If they do not already exist, a `Vulnerability Finding` and a `Vulnerability` with `present_on_default_branch: false` attribute get created, to which a `State Transition` reflecting the state change is related. 
+- A `Feedback` record of `dismissal` type is created to record the current state.
+- If they do not already exist, a `Vulnerability Finding` and a `Vulnerability` with `present_on_default_branch: false` attribute get created, to which a `State Transition` reflecting the state change is related.
 
 You can optionally add a comment to the state change which is recorded on both the `Feedback` and the `State Transition`.