diff options
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/admin_area/settings/sign_in_restrictions.md | 8 | ||||
-rw-r--r-- | doc/user/application_security/dependency_scanning/index.md | 9 | ||||
-rw-r--r-- | doc/user/application_security/iac_scanning/index.md | 11 | ||||
-rw-r--r-- | doc/user/application_security/index.md | 36 | ||||
-rw-r--r-- | doc/user/application_security/sast/index.md | 25 | ||||
-rw-r--r-- | doc/user/application_security/secret_detection/index.md | 21 | ||||
-rw-r--r-- | doc/user/search/command_palette.md | 28 |
7 files changed, 77 insertions, 61 deletions
diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md index 3b79e55f998..c84f2a12db9 100644 --- a/doc/user/admin_area/settings/sign_in_restrictions.md +++ b/doc/user/admin_area/settings/sign_in_restrictions.md @@ -114,11 +114,13 @@ Admin Mode times out after six hours, and you cannot change this timeout limit. The following access methods are **not** protected by Admin Mode: - Git client access (SSH using public keys or HTTPS using Personal Access Tokens). -- API access using a Personal Access Token. In other words, administrators who are otherwise limited by Admin Mode can still use -Git clients, and access RESTful API endpoints as administrators, without additional -authentication steps. +Git clients without additional authentication steps. + +To use the GitLab REST- or GraphQL API, administrators must [create a personal access token](../../profile/personal_access_tokens.md#create-a-personal-access-token) with the [`admin_mode` scope](../../profile/personal_access_tokens.md#personal-access-token-scopes). + +If an administrator with a personal access token with the `admin_mode` scope loses their administrator access, that user cannot access the API as an administrator even though they still have the token with the `admin_mode` scope. We may address these limitations in the future. For more information see the following epic: [Admin Mode for GitLab Administrators](https://gitlab.com/groups/gitlab-org/-/epics/2158). diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index f9a6ffa8228..15fed4f2adc 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -635,7 +635,6 @@ The following variables allow configuration of global dependency scanning settin | `DS_IMAGE_SUFFIX` | Suffix added to the image name. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/354796) in GitLab 14.10.) Automatically set to `"-fips"` when FIPS mode is enabled. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/357922) in GitLab 15.0.) | | `DS_MAX_DEPTH` | Defines how many directory levels deep that the analyzer should search for supported files to scan. A value of `-1` scans all directories regardless of depth. Default: `2`. | | `SECURE_ANALYZERS_PREFIX` | Override the name of the Docker registry providing the official default images (proxy). | -| `SECURE_LOG_LEVEL` | Set the minimum logging level. Messages of this logging level or higher are output. From highest to lowest severity, the logging levels are: `fatal`, `error`, `warn`, `info` (default), `debug`. | #### Configuring specific analyzers used by dependency scanning @@ -1136,12 +1135,10 @@ version number). ## Troubleshooting -### Increase log verbosity +### Debug-level logging -When a [job log](../../../ci/jobs/index.md#expand-and-collapse-job-log-sections) -doesn't contain enough information about a dependency-scanning failure, -[set `SECURE_LOG_LEVEL` to `debug`](#configuring-dependency-scanning) -and check the resulting, more verbose log. +Debug-level logging can help when troubleshooting. For details, see +[debug-level logging](../index.md#debug-level-logging). ### Working around missing support for certain languages or package managers diff --git a/doc/user/application_security/iac_scanning/index.md b/doc/user/application_security/iac_scanning/index.md index 8e2f54fed44..83dcfb61772 100644 --- a/doc/user/application_security/iac_scanning/index.md +++ b/doc/user/application_security/iac_scanning/index.md @@ -270,15 +270,10 @@ pipelines tab on merge requests by [setting `artifacts: paths`](../../../ci/yaml ## Troubleshooting -### IaC debug logging +### Debug-level logging -To help troubleshoot IaC jobs, you can increase the [Secure scanner log verbosity](../sast/index.md#logging-level) -by using a global CI/CD variable set to `debug`: - -```yaml -variables: - SECURE_LOG_LEVEL: "debug" -``` +Debug-level logging can help when troubleshooting. For details, see +[debug-level logging](../index.md#debug-level-logging). ### IaC Scanning findings show as `No longer detected` unexpectedly diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 61d3b463193..56a79191833 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -536,24 +536,48 @@ Feedback is welcome on our vision for [unifying the user experience for these tw ## Troubleshooting -<!-- NOTE: The below subsection(`### Secure job failing with exit code 1`) documentation URL is referred in the [/gitlab-org/security-products/analyzers/command](https://gitlab.com/gitlab-org/security-products/analyzers/command/-/blob/main/command.go#L19) repository. If this section/subsection changes, please ensure to update the corresponding URL in the mentioned repository. ---> +### Logging level -### Secure job failing with exit code 1 +The verbosity of logs output by GitLab analyzers is determined by the `SECURE_LOG_LEVEL` environment +variable. Messages of this logging level or higher are output. + +From highest to lowest severity, the logging levels are: + +- `fatal` +- `error` +- `warn` +- `info` (default) +- `debug` + +#### Debug-level logging WARNING: Debug logging can be a serious security risk. The output may contain the content of environment variables and other secrets available to the job. The output is uploaded -to the GitLab server and visible in job logs. +to the GitLab server and is visible in job logs. -If a Secure job is failing and it's unclear why, add `SECURE_LOG_LEVEL: "debug"` as a global CI/CD variable for -more verbose output that is helpful for troubleshooting. +To enable debug-level logging, add the following to your `.gitlab-ci.yml` file: ```yaml variables: SECURE_LOG_LEVEL: "debug" ``` +This indicates to all GitLab analyzers that they are to output **all** messages. For more details, +see [logging level](#logging-level). + +<!-- NOTE: The below subsection(`### Secure job failing with exit code 1`) documentation URL is referred in the [/gitlab-org/security-products/analyzers/command](https://gitlab.com/gitlab-org/security-products/analyzers/command/-/blob/main/command.go#L19) repository. If this section/subsection changes, please ensure to update the corresponding URL in the mentioned repository. +--> + +### Secure job failing with exit code 1 + +If a Secure job is failing and it's unclear why: + +1. Enable [debug-level logging](#debug-level-logging). +1. Run the job. +1. Examine the job's output. +1. Set the logging level to `info` (default). + ### Outdated security reports When a security report generated for a merge request becomes outdated, the merge request shows a diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 2008375d2a2..657ad904223 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -519,21 +519,6 @@ variables: SEARCH_MAX_DEPTH: 10 ``` -#### Logging level - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10880) in GitLab 13.1. - -To control the verbosity of logs, set the `SECURE_LOG_LEVEL` environment variable. Messages of this -logging level or higher are output. - -From highest to lowest severity, the logging levels are: - -- `fatal` -- `error` -- `warn` -- `info` (default) -- `debug` - #### Custom Certificate Authority To trust a custom Certificate Authority, set the `ADDITIONAL_CA_CERT_BUNDLE` variable to the bundle @@ -772,14 +757,10 @@ By default SAST analyzers are supported in GitLab instances hosted on SELinux. A ## Troubleshooting -### SAST debug logging +### Debug-level logging -Increase the [Secure scanner log verbosity](#logging-level) to `debug` in a global CI variable to help troubleshoot SAST jobs. - -```yaml -variables: - SECURE_LOG_LEVEL: "debug" -``` +Debug-level logging can help when troubleshooting. For details, see +[debug-level logging](../index.md#debug-level-logging). ### Pipeline errors related to changes in the GitLab-managed CI/CD template diff --git a/doc/user/application_security/secret_detection/index.md b/doc/user/application_security/secret_detection/index.md index c6928d3679b..0a969d51f9e 100644 --- a/doc/user/application_security/secret_detection/index.md +++ b/doc/user/application_security/secret_detection/index.md @@ -629,21 +629,10 @@ This feature is separate from Secret Detection scanning, which checks your Git r ## Troubleshooting -### Set the logging level +### Debug-level logging -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10880) in GitLab 13.1. - -Set the logging level to `debug` when you need diagnostic information in a Secret Detection job log. - -WARNING: -Debug logging can be a serious security risk. The output may contain the content of environment -variables and other secrets available to the job. The output is uploaded to the GitLab server and -visible in job logs. - -1. In the `.gitlab-ci.yml` file, set the `SECURE_LOG_LEVEL` CI/CD variable to `debug`. -1. Run the Secret Detection job. -1. Analyze the content of the Secret Detection job. -1. In the `.gitlab-ci.yml` file, set the `SECURE_LOG_LEVEL` CI/CD variable to `info` (default). +Debug-level logging can help when troubleshooting. For details, see +[debug-level logging](../index.md#debug-level-logging). ### Warning: `gl-secret-detection-report.json: no matching files` @@ -661,8 +650,8 @@ For example, you could have a pipeline triggered from a merge request containing clone is not deep enough to contain all of the relevant commits. To verify the current value, see [pipeline configuration](../../../ci/pipelines/settings.md#limit-the-number-of-changes-fetched-during-clone). -To confirm this as the cause of the error, set the [logging level](#set-the-logging-level) to -`debug`, then rerun the pipeline. The logs should look similar to the following example. The text +To confirm this as the cause of the error, enable [debug-level logging](../index.md#debug-level-logging), +then rerun the pipeline. The logs should look similar to the following example. The text "object not found" is a symptom of this error. ```plaintext diff --git a/doc/user/search/command_palette.md b/doc/user/search/command_palette.md new file mode 100644 index 00000000000..138c19be778 --- /dev/null +++ b/doc/user/search/command_palette.md @@ -0,0 +1,28 @@ +--- +stage: Manage +group: Foundations +info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments" +type: reference +--- + +# Command palette **(FREE)** + +> Introduced in GitLab 16.2 [with a flag](../../administration/feature_flags.md) named `command_palette`. Disabled by default. + +You can use command palette to narrow down the scope of your search or to +find an object more quickly. + +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to enable the feature flag named `command_palette`. On GitLab.com, this feature is not available. + +## Open the command palette + +To open the command palette: + +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**). +1. Type one of the special characters: + + - <kbd>></kbd> - Use to create a new object or to find a menu item. + - <kbd>@</kbd> - Search for user. + - <kbd>:</kbd> - Search for project. + - <kbd>/</kbd> - Search for project files in the default repository branch. |