Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/user/application_security/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/application_security/index.md')
-rw-r--r--doc/user/application_security/index.md21
1 files changed, 6 insertions, 15 deletions
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md
index e3a419ea771..7c7d5380a24 100644
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -149,19 +149,8 @@ base address for Docker images. You can override this for most scanners by setti
The [Container Scanning](container_scanning/index.md) analyzer is an exception, and it
does not use the `SECURE_ANALYZERS_PREFIX` variable. To override its Docker image, see
-the instructions for [Running container scanning in an offline
-environment](container_scanning/index.md#running-container-scanning-in-an-offline-environment).
-
-### Use security scanning tools with merge request pipelines
-
-By default, the application security jobs are configured to run for branch pipelines only.
-To use them with [merge request pipelines](../../ci/pipelines/merge_request_pipelines.md),
-you may need to override the default `rules:` configuration to add:
-
-```yaml
-rules:
- - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-```
+the instructions for
+[Running container scanning in an offline environment](container_scanning/index.md#running-container-scanning-in-an-offline-environment).
## Default behavior of GitLab security scanning tools
@@ -401,8 +390,10 @@ Validation depends on the schema version declared in the security report artifac
- If your security report specifies a supported schema version, GitLab uses this version to validate.
- If your security report uses a deprecated version, GitLab attempts validation against that version and adds a deprecation warning to the validation result.
-- If your security report uses a version that is not supported, GitLab attempts to validate it against the latest schema version available in GitLab.
-- If your security report does not specify a schema version, GitLab attempts to validate it against the lastest schema version available in GitLab. Since the `version` property is required, validation always fails in this case, but other validation errors may also be present.
+- If your security report uses a supported MAJOR-MINOR version of the report schema but the PATCH version doesn't match any vendored versions, GitLab attempts to validate it against latest vendored PATCH version of the schema.
+ - Example: security report uses version 14.1.1 but the latest vendored version is 14.1.0. GitLab would validate against schema version 14.1.0.
+- If your security report uses a version that is not supported, GitLab attempts to validate it against the latest schema version available in your installation but doesn't ingest the report.
+- If your security report does not specify a schema version, GitLab attempts to validate it against the latest schema version available in GitLab. Because the `version` property is required, validation always fails in this case, but other validation errors may also be present.
You can always find supported and deprecated schema versions in the [source code](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/parsers/security/validators/schema_validator.rb).
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 05:25:56 +0300