Add documentation for Dependency Scanning feature
This commit is contained in:
parent
9ce6169aa7
commit
25b4682055
2 changed files with 20 additions and 2 deletions
|
@ -49,6 +49,10 @@ There's also a collection of repositories with [example projects](https://gitlab
|
|||
|
||||
**(Ultimate)** [Scan your code for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/sast.html)
|
||||
|
||||
## Dependency Scanning
|
||||
|
||||
**(Ultimate)** [Scan your dependencies for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/dependency_scanning.html)
|
||||
|
||||
## Container Scanning
|
||||
|
||||
[Scan your Docker images for vulnerabilities](container_scanning.md)
|
||||
|
|
|
@ -20,6 +20,7 @@ project in an easy and automatic way:
|
|||
1. [Auto Test](#auto-test)
|
||||
1. [Auto Code Quality](#auto-code-quality)
|
||||
1. [Auto SAST (Static Application Security Testing)](#auto-sast)
|
||||
1. [Auto Dependency Scanning](#auto-dependency-scanning)
|
||||
1. [Auto Container Scanning](#auto-container-scanning)
|
||||
1. [Auto Review Apps](#auto-review-apps)
|
||||
1. [Auto DAST (Dynamic Application Security Testing)](#auto-dast)
|
||||
|
@ -95,7 +96,7 @@ Auto Deploy, and Auto Monitoring will be silently skipped.
|
|||
|
||||
The Auto DevOps base domain is required if you want to make use of [Auto
|
||||
Review Apps](#auto-review-apps) and [Auto Deploy](#auto-deploy). It is defined
|
||||
either under the project's CI/CD settings while
|
||||
either under the project's CI/CD settings while
|
||||
[enabling Auto DevOps](#enabling-auto-devops) or in instance-wide settings in
|
||||
the CI/CD section.
|
||||
It can also be set at the project or group level as a variable, `AUTO_DEVOPS_DOMAIN`.
|
||||
|
@ -209,7 +210,7 @@ target branches are also
|
|||
> Introduced in [GitLab Ultimate][ee] 10.3.
|
||||
|
||||
Static Application Security Testing (SAST) uses the
|
||||
[gl-sast Docker image](https://gitlab.com/gitlab-org/gl-sast) to run static
|
||||
[SAST Docker image](https://gitlab.com/gitlab-org/security-products/sast) to run static
|
||||
analysis on the current code and checks for potential security issues. Once the
|
||||
report is created, it's uploaded as an artifact which you can later download and
|
||||
check out.
|
||||
|
@ -217,6 +218,19 @@ check out.
|
|||
In GitLab Ultimate, any security warnings are also
|
||||
[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html).
|
||||
|
||||
### Auto Dependency Scanning
|
||||
|
||||
> Introduced in [GitLab Ultimate][ee] 10.7.
|
||||
|
||||
Dependency Scanning uses the
|
||||
[Dependency Scanning Docker image](https://gitlab.com/gitlab-org/security-products/dependency-scanning)
|
||||
to run analysis on the project dependencies and checks for potential security issues. Once the
|
||||
report is created, it's uploaded as an artifact which you can later download and
|
||||
check out.
|
||||
|
||||
In GitLab Ultimate, any security warnings are also
|
||||
[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/dependency_scanning.html).
|
||||
|
||||
### Auto Container Scanning
|
||||
|
||||
> Introduced in GitLab 10.4.
|
||||
|
|
Loading…
Reference in a new issue