diff options
Diffstat (limited to 'doc/user/application_security/configuration/index.md')
-rw-r--r-- | doc/user/application_security/configuration/index.md | 122 |
1 files changed, 31 insertions, 91 deletions
diff --git a/doc/user/application_security/configuration/index.md b/doc/user/application_security/configuration/index.md index 3cc88a40b6f..664fcd9b72f 100644 --- a/doc/user/application_security/configuration/index.md +++ b/doc/user/application_security/configuration/index.md @@ -11,9 +11,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w > - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)** > - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)** > - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10. - -WARNING: -This feature might not be available to you. Check the **version history** note above for details. +> - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2. The Security Configuration page displays what security scans are available, links to documentation and also simple enablement tools for the current project. @@ -22,35 +20,37 @@ then in the left sidebar go to **Security & Compliance > Configuration**. For each security control the page displays: -- **Security Control:** Name, description, and a documentation link. -- **Manage:** A management option or a documentation link. - -## UI redesign - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.0 for GitLab Free and Premium, behind a feature flag, disabled by default. -> - Enabled on GitLab.com for Free & Premium. -> - Recommended for production use. -> - It can be enabled or disabled for a single project. -> - To use in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-ui-redesign). **(FREE SELF)** -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333109) in 14.1 for GitLab Ultimate, behind a feature flag, disabled by default. -> - Disabled on GitLab.com. -> - Not recommended for production use. -> - It can be enabled or disabled for a single project. -> - To use in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-ui-redesign-for-ultimate). **(ULTIMATE SELF)** +- Its name, description and a documentation link. +- Whether or not it is available. +- A configuration button or a link to its configuration guide. -WARNING: -This feature might not be available to you. Check the **version history** note above for details. +## Security testing -The Security Configuration page has been redesigned in GitLab Free and Premium. -The same functionality exists as before, but presented in a more extensible -way. +You can configure the following security controls: -For each security control the page displays: +- Auto DevOps + - Click **Enable Auto DevOps** on the alert to enable it for the current project. For more details, see [Auto DevOps](../../../topics/autodevops/index.md). +- SAST + - Click **Enable SAST** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui). +- DAST **(ULTIMATE)** + - Click **Enable DAST** to use DAST for the current Project. To manage the available DAST profiles used for on-demand scans Click **Manage Scans**. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans). +- Dependency Scanning **(ULTIMATE)** + - Select **Configure via Merge Request** to create a merge request with the changes required to + enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request). -- Its name, description and a documentation link. -- Whether or not it is available. -- A configuration button or a link to its configuration guide. +- Container Scanning **(ULTIMATE)** + - Can be configured via `.gitlab-ci.yml`. For more details, see [Container Scanning](../../../user/application_security/container_scanning/index.md#configuration). +- Cluster Image Scanning **(ULTIMATE)** + - Can be configured via `.gitlab-ci.yml`. For more details, see [Cluster Image Scanning](../../../user/application_security/cluster_image_scanning/#configuration). +- Secret Detection + - Select **Configure via Merge Request** to create a merge request with the changes required to + enable Secret Detection. For more details, see [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request). +- API Fuzzing **(ULTIMATE)** + - Click **Enable API Fuzzing** to use API Fuzzing for the current Project. For more details, see [API Fuzzing](../../../user/application_security/api_fuzzing/index.md#enable-web-api-fuzzing). +- Coverage Fuzzing **(ULTIMATE)** + - Can be configured via `.gitlab-ci.yml`. For more details, see [Coverage Fuzzing](../../../user/application_security/coverage_fuzzing/index.md#configuration). + ## Status **(ULTIMATE)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6. @@ -63,71 +63,11 @@ _enabled_. If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md), all security features are configured by default. -For SAST, click **View history** to see the `.gitlab-ci.yml` file's history. +Click **View history** to see the `.gitlab-ci.yml` file's history. -## Manage **(ULTIMATE)** +## Compliance **(ULTIMATE)** You can configure the following security controls: -- Auto DevOps - - Click **Enable Auto DevOps** to enable it for the current project. For more details, see [Auto DevOps](../../../topics/autodevops/index.md). -- SAST - - Click either **Enable** or **Configure** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui). -- DAST Profiles - - Click **Manage** to manage the available DAST profiles used for on-demand scans. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans). -- Secret Detection - - Select **Configure via Merge Request** to create a merge request with the changes required to - enable Secret Detection. For more details, see [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request). -- Dependency Scanning - - Select **Configure via Merge Request** to create a merge request with the changes required to - enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request). - -## Enable or disable UI redesign **(FREE SELF)** - -The Security Configuration redesign is under development, but is ready for -production use. It is deployed behind a feature flag that is **disabled by -default**. -[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) can enable it. - -To enable it: - -```ruby -# For the instance -Feature.enable(:security_configuration_redesign) -# For a single project -Feature.enable(:security_configuration_redesign, Project.find(<project id>)) -``` - -To disable it: - -```ruby -# For the instance -Feature.disable(:security_configuration_redesign) -# For a single project -Feature.disable(:security_configuration_redesign, Project.find(<project id>)) -``` - -## Enable or disable UI redesign for Ultimate **(ULTIMATE SELF)** - -The Security Configuration redesign is under development, and is not ready for -production use. It is deployed behind a feature flag that is **disabled by -default**. -[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) can enable it. - -To enable it: - -```ruby -# For the instance -Feature.enable(:security_configuration_redesign_ee) -# For a single project -Feature.enable(:security_configuration_redesign_ee, Project.find(<project id>)) -``` - -To disable it: - -```ruby -# For the instance -Feature.disable(:security_configuration_redesign_ee) -# For a single project -Feature.disable(:security_configuration_redesign_ee, Project.find(<project id>)) -``` +- License Compliance **(ULTIMATE)** + - Can be configured via `.gitlab-ci.yml`. For more details, see [License Compliance](../../../user/compliance/license_compliance/index.md#configuration). |