Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/user/application_security/security_dashboard/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/application_security/security_dashboard/index.md')
-rw-r--r--doc/user/application_security/security_dashboard/index.md27
1 files changed, 8 insertions, 19 deletions
diff --git a/doc/user/application_security/security_dashboard/index.md b/doc/user/application_security/security_dashboard/index.md
index 5df2cb1ec72..c78179e9693 100644
--- a/doc/user/application_security/security_dashboard/index.md
+++ b/doc/user/application_security/security_dashboard/index.md
@@ -166,22 +166,17 @@ To add projects to the Security Center:
After you add projects, the security dashboard and vulnerability report display the vulnerabilities
found in those projects' default branches.
-## Keeping the dashboards up to date
+## Keep dashboards up to date
-The Security Dashboard displays information from the results of the most recent
-security scan on the [default branch](../../project/repository/branches/default.md),
-which means that security scans are performed every time the branch is updated.
-
-If the default branch is updated infrequently, scans are run infrequently and the
-information on the Security Dashboard can become outdated as new vulnerabilities
-are discovered.
+The Security Dashboard displays results of the most recent security scan on the
+[default branch](../../project/repository/branches/default.md). By default, security scans are run
+only when the default branch is updated. Information on the Security Dashboard may not reflect
+newly-discovered vulnerabilities.
To ensure the information on the Security Dashboard is regularly updated,
-[configure a scheduled pipeline](../../../ci/pipelines/schedules.md) to run a
-daily security scan. This updates the information displayed on the Security
-Dashboard regardless of how often the default branch is updated.
-
-That way, reports are created even if no code change happens.
+[configure a scheduled pipeline](../../../ci/pipelines/schedules.md) to run a daily security scan.
+This updates the information displayed on the Security Dashboard regardless of how often the default
+branch is updated.
WARNING:
Running Dependency Scanning from a scheduled pipeline might result in false negatives if your
@@ -191,12 +186,6 @@ can occur because the dependency version resolved during the scan might differ f
resolved when your project was built and released, in a previous pipeline. Java projects can't have
lock files. Python projects can have lock files, but GitLab Secure tools don't support them.
-## Security scans using Auto DevOps
-
-When using [Auto DevOps](../../../topics/autodevops/index.md), use
-[special environment variables](../../../topics/autodevops/customize.md#cicd-variables)
-to configure daily security scans.
-
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 06:34:41 +0300