Add latest changes from gitlab-org/gitlab@master

2021-07-09 21:09:20 +00:00 · 2021-07-09 21:09:20 +00:00 · 1c1719d8be
commit 1c1719d8be
parent 6a05cc3fd5
7 changed files with 39 additions and 8 deletions
--- a/2
+++ b/2
@ -258,7 +258,7 @@ gem 'asana', '~> 0.10.3'
 gem 'ruby-fogbugz', '~> 0.2.1'

 # Kubernetes integration
-gem 'kubeclient', '~> 4.9.1'
+gem 'kubeclient', '~> 4.9.2'

 # Sanitize user input
 gem 'sanitize', '~> 5.2.1'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -675,9 +675,8 @@ GEM
      hana (~> 1.3)
      regexp_parser (~> 1.5)
      uri_template (~> 0.7)
-    jsonpath (1.0.5)
+    jsonpath (1.1.0)
      multi_json
-      to_regexp (~> 0.2.1)
    jwt (2.1.0)
    kaminari (1.2.1)
      activesupport (>= 4.1.0)
@ -699,7 +698,7 @@ GEM
      rexml
    kramdown-parser-gfm (1.1.0)
      kramdown (~> 2.0)
-    kubeclient (4.9.1)
+    kubeclient (4.9.2)
      http (>= 3.0, < 5.0)
      jsonpath (~> 1.0)
      recursive-open-struct (~> 1.1, >= 1.1.1)
@ -1028,7 +1027,7 @@ GEM
    re2 (1.2.0)
    recaptcha (4.13.1)
      json
-    recursive-open-struct (1.1.2)
+    recursive-open-struct (1.1.3)
    redis (4.1.4)
    redis-actionpack (5.2.0)
      actionpack (>= 5, < 7)
@ -1286,7 +1285,6 @@ GEM
    timecop (0.9.1)
    timeliness (0.3.10)
    timfel-krb5-auth (0.8.3)
-    to_regexp (0.2.1)
    toml (0.2.0)
      parslet (~> 1.8.0)
    toml-rb (2.0.1)
@ -1536,7 +1534,7 @@ DEPENDENCIES
  kas-grpc (~> 0.0.2)
  knapsack (~> 1.21.1)
  kramdown (~> 2.3.1)
-  kubeclient (~> 4.9.1)
+  kubeclient (~> 4.9.2)
  lefthook (~> 0.7.0)
  letter_opener_web (~> 1.4.0)
  license_finder (~> 6.0)
--- a/db/migrate/20210708124229_add_security_scans_created_at_index.rb
+++ b/db/migrate/20210708124229_add_security_scans_created_at_index.rb
@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class AddSecurityScansCreatedAtIndex < ActiveRecord::Migration[6.1]
+  include Gitlab::Database::MigrationHelpers
+
+  disable_ddl_transaction!
+
+  INDEX_NAME = 'index_security_scans_on_created_at'
+
+  def up
+    add_concurrent_index(:security_scans, :created_at, name: INDEX_NAME)
+  end
+
+  def down
+    remove_concurrent_index_by_name(:security_scans, INDEX_NAME)
+  end
+end
--- a/db/schema_migrations/20210708124229
+++ b/db/schema_migrations/20210708124229
@ -0,0 +1 @@
+18f7a9a0e9f0b331028951adf2bf6ca9a9fc4a62872f5307ee9d74761ae06deb
--- a/db/structure.sql
+++ b/db/structure.sql
@ -24798,6 +24798,8 @@ CREATE INDEX index_security_findings_on_severity ON security_findings USING btre

 CREATE UNIQUE INDEX index_security_findings_on_uuid_and_scan_id ON security_findings USING btree (uuid, scan_id);

+CREATE INDEX index_security_scans_on_created_at ON security_scans USING btree (created_at);
+
 CREATE INDEX index_security_scans_on_date_created_at_and_id ON security_scans USING btree (date(timezone('UTC'::text, created_at)), id);

 CREATE INDEX index_self_managed_prometheus_alert_events_on_environment_id ON self_managed_prometheus_alert_events USING btree (environment_id);
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@ -172,6 +172,19 @@ Support depends on the scanner:
 - [Grype](https://github.com/anchore/grype#grype)
 - [Trivy](https://aquasecurity.github.io/trivy/latest/vuln-detection/os/) (Default).

+#### UBI-based images
+
+GitLab also offers [Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image)
+versions of the container-scanning images. You can therefore replace standard images with UBI-based
+images. To configure the images, set the `CS_ANALYZER_IMAGE` variable to the standard tag plus the
+`-ubi` extension.
+
+| Scanner name    | `CS_ANALYZER_IMAGE` |
+| --------------- | ------------------- |
+| Default (Trivy) | `registry.gitlab.com/security-products/container-scanning:4-ubi` |
+| Grype           | `registry.gitlab.com/security-products/container-scanning/grype:4-ubi` |
+| Trivy           | `registry.gitlab.com/security-products/container-scanning/trivy:4-ubi` |
+
 ### Overriding the container scanning template

 If you want to override the job definition (for example, to change properties like `variables`), you
--- a/doc/user/packages/helm_repository/index.md
+++ b/doc/user/packages/helm_repository/index.md
@ -65,7 +65,7 @@ Once built, a chart can be uploaded to the `stable` channel with `curl` or `helm

  ```shell
  helm repo add --username <username> --password <personal_access_token> project-1 https://gitlab.example.com/api/v4/projects/1/packages/helm/stable
-  helm push mychart.tgz project-1
+  helm push mychart-0.1.0.tgz project-1
  ```

 ## Install a package
				`@ -0,0 +1 @@`
				`18f7a9a0e9f0b331028951adf2bf6ca9a9fc4a62872f5307ee9d74761ae06deb`