diff options
Diffstat (limited to 'doc/user')
26 files changed, 118 insertions, 6 deletions
diff --git a/doc/user/admin_area/img/broadcast_messages_banner_v12_10.png b/doc/user/admin_area/img/broadcast_messages_banner_v12_10.png Binary files differindex f3c468d158e..2e893476bc6 100644 --- a/doc/user/admin_area/img/broadcast_messages_banner_v12_10.png +++ b/doc/user/admin_area/img/broadcast_messages_banner_v12_10.png diff --git a/doc/user/admin_area/img/broadcast_messages_notification_v12_10.png b/doc/user/admin_area/img/broadcast_messages_notification_v12_10.png Binary files differindex 98ea48ccd3c..fb03748c892 100644 --- a/doc/user/admin_area/img/broadcast_messages_notification_v12_10.png +++ b/doc/user/admin_area/img/broadcast_messages_notification_v12_10.png diff --git a/doc/user/analytics/img/label_based_stage_vsm_v12_9.png b/doc/user/analytics/img/label_based_stage_vsm_v12_9.png Binary files differindex f1cbd9e1a8e..84ce33aece5 100644 --- a/doc/user/analytics/img/label_based_stage_vsm_v12_9.png +++ b/doc/user/analytics/img/label_based_stage_vsm_v12_9.png diff --git a/doc/user/analytics/img/vsm_stage_list_v12_9.png b/doc/user/analytics/img/vsm_stage_list_v12_9.png Binary files differindex 3775cdeddb4..3b50dd48543 100644 --- a/doc/user/analytics/img/vsm_stage_list_v12_9.png +++ b/doc/user/analytics/img/vsm_stage_list_v12_9.png diff --git a/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png b/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png Binary files differindex dd96fc7aacb..13cacc6a489 100644 --- a/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png +++ b/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png diff --git a/doc/user/application_security/dast/img/dast_all_v12_9.png b/doc/user/application_security/dast/img/dast_all_v12_9.png Binary files differindex 9871d1e6a43..548cea3f7f9 100644 --- a/doc/user/application_security/dast/img/dast_all_v12_9.png +++ b/doc/user/application_security/dast/img/dast_all_v12_9.png diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index b4fdf307d8b..c83e69ed6c4 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -160,6 +160,7 @@ The following variables are used for configuring specific analyzers (used for a | `GEMNASIUM_DB_LOCAL_PATH` | `gemnasium` | `/gemnasium-db` | Path to local gemnasium database. | | `GEMNASIUM_DB_REMOTE_URL` | `gemnasium` | `https://gitlab.com/gitlab-org/security-products/gemnasium-db.git` | Repository URL for fetching the gemnasium database. | | `GEMNASIUM_DB_REF_NAME` | `gemnasium` | `master` | Branch name for remote repository database. `GEMNASIUM_DB_REMOTE_URL` is required. | +| `DS_REMEDIATE` | `gemnasium` | `"true"` | Enable automatic remediation of vulnerable dependencies. | | `PIP_INDEX_URL` | `gemnasium-python` | `https://pypi.org/simple` | Base URL of Python Package Index. | | `PIP_EXTRA_INDEX_URL` | `gemnasium-python` | | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. | | `PIP_REQUIREMENTS_FILE` | `gemnasium-python` | | Pip requirements file to be scanned. | @@ -167,7 +168,7 @@ The following variables are used for configuring specific analyzers (used for a | `DS_PIP_DEPENDENCY_PATH` | `gemnasium-python` | | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) | | `DS_PYTHON_VERSION` | `retire.js` | | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)| | `MAVEN_CLI_OPTS` | `gemnasium-maven` | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](#using-private-maven-repos). | -| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `false` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline environment. | +| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `"false"` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline, air-gapped environment.| | `BUNDLER_AUDIT_ADVISORY_DB_URL` | `bundler-audit` | `https://github.com/rubysec/ruby-advisory-db` | URL of the advisory database used by bundler-audit. | | `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME` | `bundler-audit` | `master` | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL`. | | `RETIREJS_JS_ADVISORY_DB` | `retire.js` | `https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json` | Path or URL to Retire.js js vulnerability data file. | diff --git a/doc/user/application_security/img/multi_select_v12_9.png b/doc/user/application_security/img/multi_select_v12_9.png Binary files differindex b2b171e13d0..ec3648bff08 100644 --- a/doc/user/application_security/img/multi_select_v12_9.png +++ b/doc/user/application_security/img/multi_select_v12_9.png diff --git a/doc/user/application_security/sast/img/sast_v12_9.png b/doc/user/application_security/sast/img/sast_v12_9.png Binary files differindex 91f4b8a8e2e..3c6ee7a276b 100644 --- a/doc/user/application_security/sast/img/sast_v12_9.png +++ b/doc/user/application_security/sast/img/sast_v12_9.png diff --git a/doc/user/application_security/threat_monitoring/index.md b/doc/user/application_security/threat_monitoring/index.md index 07427af7c7d..3a3e2b36133 100644 --- a/doc/user/application_security/threat_monitoring/index.md +++ b/doc/user/application_security/threat_monitoring/index.md @@ -13,6 +13,7 @@ navigating to your project's **Security & Compliance > Threat Monitoring** page. GitLab supports statistics for the following security features: - [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity) +- [Container Network Policies](../../../topics/autodevops/index.md#network-policy) ## Web Application Firewall @@ -38,3 +39,38 @@ about your Ingress traffic: If a significant percentage of traffic is anomalous, you should investigate it for potential threats by [examining the application logs](../../clusters/applications.md#web-application-firewall-modsecurity). + +## Container Network Policy + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32365) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. + +The **Container Network Policy** section provides packet flow metrics for +your application's Kubernetes namespace. This section has the following +prerequisites: + +- Your project contains at least one [environment](../../../ci/environments.md) +- You've [installed Cilium](../../clusters/applications.md#install-cilium-using-gitlab-cicd) +- You've configured the [Prometheus service](../../project/integrations/prometheus.md#enabling-prometheus-integration) + +If you're using custom Helm values for Cilium, you must enable Hubble +with flow metrics for each namespace by adding the following lines to +your [Hubble values](../../clusters/applications.md#install-cilium-using-gitlab-cicd): + +```yaml +metrics: + enabled: + - 'flow:sourceContext=namespace;destinationContext=namespace' +``` + +The **Container Network Policy** section displays the following information +about your packet flow: + +- The total amount of the inbound and outbound packets +- The proportion of packets dropped according to the configured + policies +- The per-second average rate of the forwarded and dropped packets + accumulated over time window for the requested time interval + +If a significant percentage of packets is dropped, you should +investigate it for potential threats by +[examining the Cilium logs](../../clusters/applications.md#install-cilium-using-gitlab-cicd). diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md index 0aff09910d2..08ac82ed781 100644 --- a/doc/user/clusters/applications.md +++ b/doc/user/clusters/applications.md @@ -825,6 +825,28 @@ agent: enabled: false ``` +The [Hubble](https://github.com/cilium/hubble) monitoring daemon is +enabled by default and it's set to collect per namespace flow +metrics. This metrics are accessible on the [Threat Monitoring](../application_security/threat_monitoring/index.md) +dashboard. You can disable Hubble by adding the following to +`.gitlab/managed-apps/config.yaml`: + +```yaml +cilium: + installed: true + hubble: + installed: false +``` + +You can also adjust Helm values for Hubble via +`.gitlab/managed-apps/cilium/hubble-values.yaml`: + +```yaml +metrics: + enabled: + - 'flow:sourceContext=namespace;destinationContext=namespace' +``` + ### Install Vault using GitLab CI/CD > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/9982) in GitLab 12.9. diff --git a/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png b/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png Binary files differindex 6dc7d3a0924..ad5a49eebe5 100644 --- a/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png +++ b/doc/user/compliance/license_compliance/img/policies_maintainer_add_v12_9.png diff --git a/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png b/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png Binary files differindex 31abbcf2d44..4f2380a0bf6 100644 --- a/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png +++ b/doc/user/compliance/license_compliance/img/policies_maintainer_edit_v12_9.png diff --git a/doc/user/compliance/license_compliance/img/policies_v12_9.png b/doc/user/compliance/license_compliance/img/policies_v12_9.png Binary files differindex 6c6247320dc..b3bca716ae5 100644 --- a/doc/user/compliance/license_compliance/img/policies_v12_9.png +++ b/doc/user/compliance/license_compliance/img/policies_v12_9.png diff --git a/doc/user/group/roadmap/img/roadmap_view_v12_10.png b/doc/user/group/roadmap/img/roadmap_view_v12_10.png Binary files differindex 7fc888ec2ca..69579fd1c1e 100644 --- a/doc/user/group/roadmap/img/roadmap_view_v12_10.png +++ b/doc/user/group/roadmap/img/roadmap_view_v12_10.png diff --git a/doc/user/packages/container_registry/img/container_registry_group_repositories_v12_10.png b/doc/user/packages/container_registry/img/container_registry_group_repositories_v12_10.png Binary files differnew file mode 100644 index 00000000000..e2b606d024f --- /dev/null +++ b/doc/user/packages/container_registry/img/container_registry_group_repositories_v12_10.png diff --git a/doc/user/packages/container_registry/img/container_registry_repositories_with_quickstart_v12_10.png b/doc/user/packages/container_registry/img/container_registry_repositories_with_quickstart_v12_10.png Binary files differnew file mode 100644 index 00000000000..e94aab58a1d --- /dev/null +++ b/doc/user/packages/container_registry/img/container_registry_repositories_with_quickstart_v12_10.png diff --git a/doc/user/packages/container_registry/img/container_registry_repository_details_v12.10.png b/doc/user/packages/container_registry/img/container_registry_repository_details_v12.10.png Binary files differnew file mode 100644 index 00000000000..b911ffea935 --- /dev/null +++ b/doc/user/packages/container_registry/img/container_registry_repository_details_v12.10.png diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md index 37072eea39e..f5b8bd82a2b 100644 --- a/doc/user/packages/container_registry/index.md +++ b/doc/user/packages/container_registry/index.md @@ -7,6 +7,7 @@ > to pass a [personal access token](../../profile/personal_access_tokens.md) instead of your password in order to > login to GitLab's Container Registry. > - Multiple level image names support was added in GitLab 9.1. +> - The group level Container Registry was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23315) in GitLab 12.10. NOTE: **Note:** This document is the user guide. To learn how to enable GitLab Container @@ -47,11 +48,51 @@ project: ## Control Container Registry from within GitLab -GitLab offers a simple Container Registry management panel. Go to your project -and click **Packages > Container Registry** in the project menu. +GitLab offers a simple Container Registry management panel. This management panel is available +for both projects and groups. -This view will show you all Docker images in your project and will easily allow you to -delete them. +### Control Container Registry for your project + +Navigate to your project's **{package}** **Packages > Container Registry**. + +![Container Registry project repositories](img/container_registry_repositories_with_quickstart_v12_10.png) + +This view will: + +- Show all the image repositories that belong to the project. +- Allow you to [delete](#delete-images-from-within-gitlab) one or more image repository. +- Allow you to navigate to the image repository details page. +- Show a **Quick start** dropdown with the most common commands to log in, build and push +- Optionally, a banner will be visible if the [expiration policy](#expiration-policy) is enabled for this project. + +### Control Container Registry for your group + +Navigate to your groups's **{package}** **Packages > Container Registry**. + +![Container Registry group repositories](img/container_registry_group_repositories_v12_10.png) + +This view will: + +- Show all the image repositories of the projects that belong to this group. +- Allow to [delete](#delete-images-from-within-gitlab) one or more image repositories. +- Allow to navigate to a specific image repository details page. + +### Image Repository details page + +Clicking on the name of any image repository will navigate to the details. + +![Container Registry project repository details](img/container_registry_repository_details_v12.10.png) + +NOTE: **Note:** +The following page has the same functionalities both in the **Group level container registry** +and in the **Project level container registry**. + +This view: + +- Shows all the image repository details. +- Shows all the tags of the image repository. +- Allows you to quickly copy the tag path (by clicking on the clipboard button near the tag name). +- Allows you to [delete one or more tags](#delete-images-from-within-gitlab). ## Use images from GitLab Container Registry diff --git a/doc/user/packages/nuget_repository/index.md b/doc/user/packages/nuget_repository/index.md index 15772d1303d..ed936b546d2 100644 --- a/doc/user/packages/nuget_repository/index.md +++ b/doc/user/packages/nuget_repository/index.md @@ -18,7 +18,7 @@ NuGet CLI is probably already installed. Alternatively, you can use [.NET SDK 3.0 or later](https://dotnet.microsoft.com/download/dotnet-core/3.0), which installs NuGet CLI. -You can confirm that [nuget CLI](https://www.nuget.org/) is properly installed with: +You can confirm that [NuGet CLI](https://www.nuget.org/) is properly installed with: ```shell nuget help @@ -36,6 +36,18 @@ Available commands: [output truncated] ``` +### macOS support + +For macOS, you can also use [Mono](https://www.mono-project.com/) to run +the NuGet CLI. For Homebrew users, run `brew install mono` to install +Mono. Then you should be able to download the Windows C# binary +`nuget.exe` from the [NuGet CLI page](https://www.nuget.org/downloads) +and run: + +```shell +mono nuget.exe +``` + ## Enabling the NuGet Repository NOTE: **Note:** diff --git a/doc/user/project/issues/img/csv_export_button_v12_9.png b/doc/user/project/issues/img/csv_export_button_v12_9.png Binary files differindex 88083cacbfb..702b6439d7c 100644 --- a/doc/user/project/issues/img/csv_export_button_v12_9.png +++ b/doc/user/project/issues/img/csv_export_button_v12_9.png diff --git a/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png b/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png Binary files differindex 61ce3692808..6680c792063 100644 --- a/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png +++ b/doc/user/project/issues/img/design_drag_and_drop_uploads_v12_9.png diff --git a/doc/user/project/issues/img/issue_health_status_v12_10.png b/doc/user/project/issues/img/issue_health_status_v12_10.png Binary files differindex bcd6af144fb..dd6becbb970 100644 --- a/doc/user/project/issues/img/issue_health_status_v12_10.png +++ b/doc/user/project/issues/img/issue_health_status_v12_10.png diff --git a/doc/user/project/merge_requests/img/test_coverage_visualization_v12_9.png b/doc/user/project/merge_requests/img/test_coverage_visualization_v12_9.png Binary files differindex c2cd28adc95..1922a566dd5 100644 --- a/doc/user/project/merge_requests/img/test_coverage_visualization_v12_9.png +++ b/doc/user/project/merge_requests/img/test_coverage_visualization_v12_9.png diff --git a/doc/user/project/pages/img/change_path_v12_10.png b/doc/user/project/pages/img/change_path_v12_10.png Binary files differindex 79c6432707a..7ca09bd21a3 100644 --- a/doc/user/project/pages/img/change_path_v12_10.png +++ b/doc/user/project/pages/img/change_path_v12_10.png diff --git a/doc/user/project/web_ide/img/commit_changes_v12_9.png b/doc/user/project/web_ide/img/commit_changes_v12_9.png Binary files differindex 48491360626..d26c9cc82e1 100644 --- a/doc/user/project/web_ide/img/commit_changes_v12_9.png +++ b/doc/user/project/web_ide/img/commit_changes_v12_9.png |