diff options
Diffstat (limited to 'doc/development/integrations/secure.md')
| -rw-r--r-- | doc/development/integrations/secure.md | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/development/integrations/secure.md b/doc/development/integrations/secure.md index 3fb89605bdd..6709c748994 100644 --- a/doc/development/integrations/secure.md +++ b/doc/development/integrations/secure.md @@ -7,16 +7,16 @@ info: Any user with at least the Maintainer role can merge updates to this conte # Security scanner integration Integrating a security scanner into GitLab consists of providing end users -with a [CI job definition](../../ci/yaml/index.md) -they can add to their CI configuration files to scan their GitLab projects. -This CI job should then output its results in a GitLab-specified format. These results are then +with a [CI/CD job definition](../../ci/jobs/index.md) +they can add to their CI/CD configuration files to scan their GitLab projects. +This job should then output its results in a GitLab-specified format. These results are then automatically presented in various places in GitLab, such as the Pipeline view, merge request widget, and Security Dashboard. The scanning job is usually based on a [Docker image](https://docs.docker.com/) that contains the scanner and all its dependencies in a self-contained environment. -This page documents requirements and guidelines for writing CI jobs that implement a security +This page documents requirements and guidelines for writing CI/CD jobs that implement a security scanner, as well as requirements and guidelines for the Docker image. ## Job definition @@ -285,12 +285,12 @@ See the [`logutil` README](https://gitlab.com/gitlab-org/security-products/analy The report is a JSON document that combines vulnerabilities with possible remediations. -This documentation gives an overview of the report JSON format, -as well as recommendations and examples to help integrators set its fields. +This documentation gives an overview of the report JSON format, recommendations, and examples to +help integrators set its fields. The format is extensively described in the documentation of -[SAST](../../user/application_security/sast/index.md#reports-json-format), +[SAST](../../user/application_security/sast/index.md#output), [DAST](../../user/application_security/dast/proxy-based.md#reports), -[Dependency Scanning](../../user/application_security/dependency_scanning/index.md#reports-json-format), +[Dependency Scanning](../../user/application_security/dependency_scanning/index.md#output), and [Container Scanning](../../user/application_security/container_scanning/index.md#reports-json-format) You can find the schemas for these scanners here: |