Add latest changes from gitlab-org/gitlab@master

2022-07-13 03:08:10 +00:00 · 2022-07-13 03:08:10 +00:00 · 58f103ba8f
parent f7ccc56576
commit 58f103ba8f
154 changed files with 3561 additions and 208 deletions
--- a/app/assets/javascripts/projects/pipelines/charts/components/app.vue
+++ b/app/assets/javascripts/projects/pipelines/charts/components/app.vue
@ -22,6 +22,7 @@ export default {
  deploymentFrequencyTabEvent: 'p_analytics_ci_cd_deployment_frequency',
  leadTimeTabEvent: 'p_analytics_ci_cd_lead_time',
  timeToRestoreServiceTabEvent: 'p_analytics_ci_cd_time_to_restore_service',
+  changeFailureRateTabEvent: 'p_analytics_ci_cd_change_failure_rate',
  inject: {
    shouldRenderDoraCharts: {
      type: Boolean,
@ -115,6 +116,7 @@ export default {
        <gl-tab
          :title="s__('DORA4Metrics|Change failure rate')"
          data-testid="change-failure-rate-tab"
+          @click="trackTabClick($options.changeFailureRateTabEvent)"
        >
          <change-failure-rate-charts />
        </gl-tab>
--- a/app/assets/javascripts/sidebar/mount_sidebar.js
+++ b/app/assets/javascripts/sidebar/mount_sidebar.js
@ -73,12 +73,14 @@ function mountSidebarToDoWidget() {
        props: {
          fullPath: projectPath,
          issuableId:
-            isInIssuePage() || isInDesignPage()
+            isInIssuePage() || isInIncidentPage() || isInDesignPage()
              ? convertToGraphQLId(TYPE_ISSUE, id)
              : convertToGraphQLId(TYPE_MERGE_REQUEST, id),
          issuableIid: iid,
          issuableType:
-            isInIssuePage() || isInDesignPage() ? IssuableType.Issue : IssuableType.MergeRequest,
+            isInIssuePage() || isInIncidentPage() || isInDesignPage()
+              ? IssuableType.Issue
+              : IssuableType.MergeRequest,
        },
      }),
  });
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@ -39,6 +39,7 @@ class Projects::PipelinesController < Projects::ApplicationController
  track_redis_hll_event :charts, name: 'p_analytics_ci_cd_deployment_frequency', if: -> { should_track_ci_cd_deployment_frequency? }
  track_redis_hll_event :charts, name: 'p_analytics_ci_cd_lead_time', if: -> { should_track_ci_cd_lead_time? }
  track_redis_hll_event :charts, name: 'p_analytics_ci_cd_time_to_restore_service', if: -> { should_track_ci_cd_time_to_restore_service? }
+  track_redis_hll_event :charts, name: 'p_analytics_ci_cd_change_failure_rate', if: -> { should_track_ci_cd_change_failure_rate? }

  wrap_parameters Ci::Pipeline

@ -366,6 +367,10 @@ class Projects::PipelinesController < Projects::ApplicationController
  def should_track_ci_cd_time_to_restore_service?
    params[:chart] == 'time-to-restore-service'
  end
+
+  def should_track_ci_cd_change_failure_rate?
+    params[:chart] == 'change-failure-rate'
+  end
 end

 Projects::PipelinesController.prepend_mod_with('Projects::PipelinesController')
--- a/app/views/groups/_import_group_from_file_panel.html.haml
+++ b/app/views/groups/_import_group_from_file_panel.html.haml
@ -2,7 +2,7 @@
 - group_path = root_url
 - group_path << parent.full_path + '/' if parent

-= form_for '', url: import_gitlab_group_path, namespace: ('import_group' if Feature::enabled?(:group_name_path_vue, current_user)), class: 'group-form gl-show-field-errors', multipart: true do |f|
+= form_for '', url: import_gitlab_group_path, namespace: 'import_group', class: 'group-form gl-show-field-errors', multipart: true do |f|
  .gl-border-l-solid.gl-border-r-solid.gl-border-gray-100.gl-border-1.gl-p-5
    %h4
      = _('Import group from file')
@ -13,38 +13,7 @@
        - docs_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('user/group/import/index.md') }
        - link_end = '</a>'.html_safe
        = s_('GroupsNew|This feature is deprecated and replaced by %{docs_link_start}group migration%{docs_link_end}.').html_safe % { docs_link_start: docs_link_start, docs_link_end: link_end }
-    - if Feature::enabled?(:group_name_path_vue, current_user)
-      = render 'shared/groups/group_name_and_path_fields', f: f
-    - else
-      .form-group.gl-display-flex.gl-flex-direction-column.gl-mt-5
-        = f.label :name, _('New group name'), for: 'import_group_name'
-        = f.text_field :name, placeholder: s_('GroupsNew|My Awesome Group'), class: 'js-autofill-group-name gl-form-input col-xs-12 col-sm-8',
-          required: true,
-          title: _('Please fill in a descriptive name for your group.'),
-          autofocus: true,
-          id: 'import_group_name'
-
-      .form-group.gl-display-flex.gl-flex-direction-column
-        = f.label :import_group_path, _('New group URL'), for: 'import_group_path'
-        .input-group.gl-field-error-anchor.col-xs-12.col-sm-8.gl-p-0
-          .group-root-path.input-group-prepend.has-tooltip{ title: group_path, :'data-placement' => 'bottom' }
-            .input-group-text
-              %span
-                = root_url
-              - if parent
-                %strong= parent.full_path + '/'
-          = f.hidden_field :parent_id, value: parent&.id
-          = f.text_field :path, placeholder: 'my-awesome-group', class: 'form-control js-validate-group-path js-autofill-group-path',
-            id: 'import_group_path',
-            required: true,
-            pattern: Gitlab::PathRegex::NAMESPACE_FORMAT_REGEX_JS,
-            title: group_url_error_message,
-            maxlength: ::Namespace::URL_MAX_LENGTH,
-            "data-bind-in" => "#{'create_chat_team' if Gitlab.config.mattermost.enabled}"
-        %p.validation-error.gl-field-error.field-validation.hide
-          = _("Group path is already taken. We've suggested one that is available.")
-        %p.validation-success.gl-field-success.field-validation.hide= _('Group path is available.')
-        %p.validation-pending.gl-field-error-ignore.field-validation.hide= _('Checking group path availability...')
+    = render 'shared/groups/group_name_and_path_fields', f: f
    .form-group
      = f.label :file, s_('GroupsNew|Upload file')
      .gl-font-weight-normal
--- a/app/views/shared/_group_form.html.haml
+++ b/app/views/shared/_group_form.html.haml
@ -3,53 +3,4 @@
 - group_path << parent.full_path + '/' if parent


- if Feature::enabled?(:group_name_path_vue, current_user)
-  = render 'shared/groups/group_name_and_path_fields', f: f
- else
-  .row
-    .form-group.group-name-holder.col-sm-12
-      = f.label :name, class: 'label-bold' do
-        = s_('Groups|Group name')
-      = f.text_field :name, placeholder: _('My awesome group'), class: 'js-autofill-group-name form-control input-lg', data: { qa_selector: 'group_name_field' },
-        required: true,
-        title: s_('Groups|Enter a descriptive name for your group.'),
-        autofocus: true
-      .text-muted
-        = s_('Groups|Must start with letter, digit, emoji, or underscore. Can also contain periods, dashes, spaces, and parentheses.')
-
-  .row
-    .form-group.col-xs-12.col-sm-8
-      = f.label :path, class: 'label-bold' do
-        = s_('Groups|Group URL')
-      .input-group.gl-field-error-anchor
-        .group-root-path.input-group-prepend.has-tooltip{ title: group_path, :'data-placement' => 'bottom' }
-          .input-group-text
-            %span>= root_url
-            - if parent
-              %strong= parent.full_path + '/'
-        = f.hidden_field :parent_id
-        = f.text_field :path, placeholder: _('my-awesome-group'), class: 'form-control js-validate-group-path js-autofill-group-path', data: { qa_selector: 'group_path_field' },
-          autofocus: local_assigns[:autofocus] || false, required: true,
-          pattern: Gitlab::PathRegex::NAMESPACE_FORMAT_REGEX_JS,
-          title: group_url_error_message,
-          maxlength: ::Namespace::URL_MAX_LENGTH,
-          "data-bind-in" => "#{'create_chat_team' if Gitlab.config.mattermost.enabled}"
-      %p.validation-error.gl-field-error.field-validation.hide
-        = s_('Groups|Group path is unavailable. Path has been replaced with a suggested available path.')
-      %p.validation-success.gl-field-success.field-validation.hide= s_('Groups|Group path is available.')
-      %p.validation-pending.gl-field-error-ignore.field-validation.hide= s_('Groups|Checking group URL availability...')
-
-    - if @group.persisted?
-      .gl-alert.gl-alert-warning.gl-mt-3.gl-mb-3
-        = sprite_icon('warning', size: 16, css_class: 'gl-icon gl-alert-icon gl-alert-icon-no-title')
-        .gl-alert-body
-          = s_('Groups|Changing group URL can have unintended side effects.')
-          = succeed '.' do
-            = link_to s_('Groups|Learn more'), help_page_path('user/group/index', anchor: 'change-a-groups-path'), target: '_blank', class: 'gl-link'
-
-  - if @group.persisted?
-    .row
-      .form-group.group-name-holder.col-sm-8
-        = f.label :id, class: 'label-bold' do
-          = s_('Groups|Group ID')
-        = f.text_field :id, class: 'form-control', readonly: true
+= render 'shared/groups/group_name_and_path_fields', f: f
--- a/config/feature_flags/development/group_name_path_vue.yml
+++ b/config/feature_flags/development/group_name_path_vue.yml
@ -1,8 +0,0 @@
---
-name: group_name_path_vue
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/88085
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/363623
-milestone: '15.1'
-type: development
-group: group::workspace
-default_enabled: true
--- a/config/metrics/counts_28d/20210216174910_analytics_unique_visits_for_any_target_monthly.yml
+++ b/config/metrics/counts_28d/20210216174910_analytics_unique_visits_for_any_target_monthly.yml
@ -34,10 +34,12 @@ options:
  - p_analytics_ci_cd_deployment_frequency
  - p_analytics_ci_cd_lead_time
  - p_analytics_ci_cd_time_to_restore_service
+  - p_analytics_ci_cd_change_failure_rate
  - g_analytics_ci_cd_release_statistics
  - g_analytics_ci_cd_deployment_frequency
  - g_analytics_ci_cd_lead_time
  - g_analytics_ci_cd_time_to_restore_service
+  - g_analytics_ci_cd_change_failure_rate
 distribution:
 - ce
 - ee
--- a/config/metrics/counts_28d/20220707054530_p_analytics_ci_cd_change_failure_rate_monthly.yml
+++ b/config/metrics/counts_28d/20220707054530_p_analytics_ci_cd_change_failure_rate_monthly.yml
@ -0,0 +1,26 @@
+---
+key_path: redis_hll_counters.analytics.p_analytics_ci_cd_change_failure_rate_monthly
+name: p_analytics_ci_cd_change_failure_rate_monthly
+description: Count of unique visits to the project level CI/CD Analytics Change failure rate tab
+product_section: dev
+product_stage: manage
+product_group: optimize
+product_category:
+value_type: number
+status: active
+milestone: "15.2"
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91726
+time_frame: 28d
+data_source: redis_hll
+data_category: operational
+instrumentation_class: RedisHLLMetric
+performance_indicator_type: []
+distribution:
+- ce
+- ee
+tier:
+- premium
+- ultimate
+options:
+  events:
+    - p_analytics_ci_cd_change_failure_rate
--- a/config/metrics/counts_7d/20220707054526_p_analytics_ci_cd_change_failure_rate_weekly.yml
+++ b/config/metrics/counts_7d/20220707054526_p_analytics_ci_cd_change_failure_rate_weekly.yml
@ -0,0 +1,26 @@
+---
+key_path: redis_hll_counters.analytics.p_analytics_ci_cd_change_failure_rate_weekly
+name: p_analytics_ci_cd_change_failure_rate_weekly
+description: Count of unique visits to the project level CI/CD Analytics Change failure rate tab
+product_section: dev
+product_stage: manage
+product_group: optimize
+product_category:
+value_type: number
+status: active
+milestone: "15.2"
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91726
+time_frame: 7d
+data_source: redis_hll
+data_category: operational
+instrumentation_class: RedisHLLMetric
+performance_indicator_type: []
+distribution:
+- ce
+- ee
+tier:
+- premium
+- ultimate
+options:
+  events:
+    - p_analytics_ci_cd_change_failure_rate
--- a/doc/update/index.md
+++ b/doc/update/index.md
@ -387,8 +387,8 @@ Additional steps between the mentioned versions are possible. We list the minima

 | Target version | Your version | Supported upgrade path                                                                               | Note                                                                                                                              |
 | -------------- | ------------ | ---------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
-| `15.1.0`       | `14.6.2`     | `14.6.2` -> `14.9.5` -> `14.10.4` -> `15.0.2` -> `15.1.0`                                            | Three intermediate versions are required: `14.9` and `14.10`, `15.0`, then `15.1.0`.                                              |
-| `15.0.0`       | `14.6.2`     | `14.6.2` -> `14.9.5` -> `14.10.4` -> `15.0.2`                                                        | Two intermediate versions are required: `14.9` and `14.10`, then `15.0.0`.                                                        |
+| `15.1.0`       | `14.6.2`     | `14.6.2` -> `14.9.5` -> `14.10.5` -> `15.0.2` -> `15.1.0`                                            | Three intermediate versions are required: `14.9` and `14.10`, `15.0`, then `15.1.0`.                                              |
+| `15.0.0`       | `14.6.2`     | `14.6.2` -> `14.9.5` -> `14.10.5` -> `15.0.2`                                                        | Two intermediate versions are required: `14.9` and `14.10`, then `15.0.0`.                                                        |
 | `14.6.2`       | `13.10.2`    | `13.10.2` -> `13.12.15` -> `14.0.12` -> `14.3.6` => `14.6.2`                                         | Three intermediate versions are required: `13.12` and `14.0`, `14.3`, then `14.6.2`.                                                        |
 | `14.1.8`       | `13.9.2`     | `13.9.2` -> `13.12.15` -> `14.0.12` -> `14.1.8`                                                      | Two intermediate versions are required: `13.12` and `14.0`, then `14.1.8`.                                                        |
 | `13.12.15`     | `12.9.2`     | `12.9.2` -> `12.10.14` -> `13.0.14`  -> `13.1.11` -> `13.8.8` -> `13.12.15`                          | Four intermediate versions are required: `12.10`, `13.0`, `13.1` and `13.8.8`, then `13.12.15`.                                   |
--- a/doc/user/application_security/dast/checks/1004.1.md
+++ b/doc/user/application_security/dast/checks/1004.1.md
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 ## Description

-The {cookie_name} cookie was transmitted in a `Set-Cookie` header without the `HttpOnly` attribute set.
+The cookie was transmitted in a `Set-Cookie` header without the `HttpOnly` attribute set.
 To prevent JavaScript being able to access the cookie value - usually via `document.cookies` - all
 cookies that are used for authorization should have the `HttpOnly` attribute
 set.
--- a/doc/user/application_security/dast/checks/16.3.md
+++ b/doc/user/application_security/dast/checks/16.3.md
@ -32,4 +32,4 @@ information from the `X-Powered-By` header.
 ## Links

 - [CWE](https://cwe.mitre.org/data/definitions/16.html)
- [PHP `expose_php`](https://www.php.net/manual/en/ini.core.php#ini.expose-php)
+- [PHP expose_php](https://www.php.net/manual/en/ini.core.php#ini.expose-php)
--- a/doc/user/application_security/dast/checks/16.5.md
+++ b/doc/user/application_security/dast/checks/16.5.md
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 ## Description

-The target website returns AspNet headers and version information of this website. By
+The target website returns AspNet header(s) and version information of this website. By
 exposing these values attackers may attempt to identify if the target software is vulnerable to known
 vulnerabilities, or catalog known sites running particular versions to exploit in the future when a
 vulnerability is identified in the particular version.
--- a/doc/user/application_security/dast/checks/16.6.md
+++ b/doc/user/application_security/dast/checks/16.6.md
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 ## Description

-The target website returns AspNet headers along with version information of this website. By
+The target website returns AspNet header(s) along with version information of this website. By
 exposing these values attackers may attempt to identify if the target software is vulnerable to known
 vulnerabilities. Or catalog known sites running particular versions to exploit in the future when a
 vulnerability is identified in the particular version.
--- a/doc/user/application_security/dast/checks/16.9.md
+++ b/doc/user/application_security/dast/checks/16.9.md
@ -15,7 +15,7 @@ site.
 ## Remediation

 Follow the recommendations to determine if any actions are necessary to harden this `Content-Security-Policy-Report-Only`.
-After all alerts have been resolved, we recommended that this header be changed to `Content-Security-Policy`.
+After all alerts have been resolved, we recommend that this header be changed to `Content-Security-Policy`.

 ## Details

--- a/doc/user/application_security/dast/checks/209.1.md
+++ b/doc/user/application_security/dast/checks/209.1.md
@ -9,17 +9,17 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 ## Description

 The application was found to return error data such as stack traces. Depending on the data contained within the error message,
-this information could be used by an attacker to conduct further attacks. While stack traces are helpful during development
-and debugging, they should not be presented to users when an error occurs.
+this information could be used by an attacker to conduct further attacks. While stack traces are helpful during development 
+and debugging, they should not be presented to users when an error occurs. 

 ## Remediation

 Applications should handle exception conditions internally and map known failure types to error codes that can be displayed
 to a user. These error codes should be customized to the application and returned along with the relevant HTTP error code.

-When an error occurs, the application identifies the error type or class, and displays a numerical value to the
-user. Requests should also be tracked so when a user is presented with an error code, it has a corresponding request ID.
-Support teams can then correlate the HTTP error, the customized error code, and the request ID in the log files to
+When an error occurs, the application identifies the error type or class, and displays a numerical value to the 
+user. Requests should also be tracked so when a user is presented with an error code, it has a corresponding request ID. 
+Support teams can then correlate the HTTP error, the customized error code, and the request ID in the log files to 
 determine the root cause of the error without leaking details to the end user.

 Example of returning customized errors:
--- a/doc/user/application_security/dast/checks/614.1.md
+++ b/doc/user/application_security/dast/checks/614.1.md
@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 ## Description

-The {cookie_name} cookie was transmitted in a `Set-Cookie` response without the `Secure` attribute set.
+The cookie was transmitted in a `Set-Cookie` response without the `Secure` attribute set.
 To prevent sensitive cookie values being accidentally transmitted over clear-text HTTP we
 recommended that cookies are declared with the `Secure` attribute.

--- a/doc/user/application_security/dast/checks/798.1.md
+++ b/doc/user/application_security/dast/checks/798.1.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Adafruit API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Adafruit API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.1 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.10.md
+++ b/doc/user/application_security/dast/checks/798.10.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Asana Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Asana Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.10 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.100.md
+++ b/doc/user/application_security/dast/checks/798.100.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Sendbird Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Sendbird Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.100 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.101.md
+++ b/doc/user/application_security/dast/checks/798.101.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token SendGrid API token
+
+## Description
+
+The response body contains content that matches the pattern of a SendGrid API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.101 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.102.md
+++ b/doc/user/application_security/dast/checks/798.102.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Sendinblue API token
+
+## Description
+
+The response body contains content that matches the pattern of a Sendinblue API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.102 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.103.md
+++ b/doc/user/application_security/dast/checks/798.103.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Sentry Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Sentry Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.103 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.104.md
+++ b/doc/user/application_security/dast/checks/798.104.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shippo API token
+
+## Description
+
+The response body contains content that matches the pattern of a Shippo API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.104 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.105.md
+++ b/doc/user/application_security/dast/checks/798.105.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shopify access token
+
+## Description
+
+The response body contains content that matches the pattern of a Shopify access token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.105 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.106.md
+++ b/doc/user/application_security/dast/checks/798.106.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shopify custom access token
+
+## Description
+
+The response body contains content that matches the pattern of a Shopify custom access token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.106 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.107.md
+++ b/doc/user/application_security/dast/checks/798.107.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shopify private app access token
+
+## Description
+
+The response body contains content that matches the pattern of a Shopify private app access token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.107 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.108.md
+++ b/doc/user/application_security/dast/checks/798.108.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shopify shared secret
+
+## Description
+
+The response body contains content that matches the pattern of a Shopify shared secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.108 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.109.md
+++ b/doc/user/application_security/dast/checks/798.109.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Slack token
+
+## Description
+
+The response body contains content that matches the pattern of a Slack token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.109 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.11.md
+++ b/doc/user/application_security/dast/checks/798.11.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Atlassian API token
+
+## Description
+
+The response body contains content that matches the pattern of a Atlassian API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.11 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.110.md
+++ b/doc/user/application_security/dast/checks/798.110.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Slack Webhook
+
+## Description
+
+The response body contains content that matches the pattern of a Slack Webhook.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.110 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.111.md
+++ b/doc/user/application_security/dast/checks/798.111.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Stripe
+
+## Description
+
+The response body contains content that matches the pattern of a Stripe.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.111 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.112.md
+++ b/doc/user/application_security/dast/checks/798.112.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Square Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Square Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.112 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.113.md
+++ b/doc/user/application_security/dast/checks/798.113.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Squarespace Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Squarespace Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.113 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.114.md
+++ b/doc/user/application_security/dast/checks/798.114.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token SumoLogic Access ID
+
+## Description
+
+The response body contains content that matches the pattern of a SumoLogic Access ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.114 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.115.md
+++ b/doc/user/application_security/dast/checks/798.115.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token SumoLogic Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a SumoLogic Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.115 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.116.md
+++ b/doc/user/application_security/dast/checks/798.116.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Travis CI Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Travis CI Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.116 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.117.md
+++ b/doc/user/application_security/dast/checks/798.117.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twilio API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Twilio API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.117 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.118.md
+++ b/doc/user/application_security/dast/checks/798.118.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitch API token
+
+## Description
+
+The response body contains content that matches the pattern of a Twitch API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.118 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.119.md
+++ b/doc/user/application_security/dast/checks/798.119.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.119 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.12.md
+++ b/doc/user/application_security/dast/checks/798.12.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token AWS
+
+## Description
+
+The response body contains content that matches the pattern of a AWS.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.12 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.120.md
+++ b/doc/user/application_security/dast/checks/798.120.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter API Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter API Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.120 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.121.md
+++ b/doc/user/application_security/dast/checks/798.121.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.121 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.122.md
+++ b/doc/user/application_security/dast/checks/798.122.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter Access Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter Access Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.122 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.123.md
+++ b/doc/user/application_security/dast/checks/798.123.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter Bearer Token
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter Bearer Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.123 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.124.md
+++ b/doc/user/application_security/dast/checks/798.124.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Typeform API token
+
+## Description
+
+The response body contains content that matches the pattern of a Typeform API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.124 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.125.md
+++ b/doc/user/application_security/dast/checks/798.125.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Yandex API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Yandex API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.125 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.126.md
+++ b/doc/user/application_security/dast/checks/798.126.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Yandex AWS Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Yandex AWS Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.126 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.127.md
+++ b/doc/user/application_security/dast/checks/798.127.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Yandex Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Yandex Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.127 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.128.md
+++ b/doc/user/application_security/dast/checks/798.128.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Zendesk Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Zendesk Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.128 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.13.md
+++ b/doc/user/application_security/dast/checks/798.13.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Bitbucket Client ID
+
+## Description
+
+The response body contains content that matches the pattern of a Bitbucket Client ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.13 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.14.md
+++ b/doc/user/application_security/dast/checks/798.14.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Bitbucket Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Bitbucket Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.14 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.15.md
+++ b/doc/user/application_security/dast/checks/798.15.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Bittrex Access Key
+
+## Description
+
+The response body contains content that matches the pattern of a Bittrex Access Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.15 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.16.md
+++ b/doc/user/application_security/dast/checks/798.16.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Bittrex Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Bittrex Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.16 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.17.md
+++ b/doc/user/application_security/dast/checks/798.17.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Beamer API token
+
+## Description
+
+The response body contains content that matches the pattern of a Beamer API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.17 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.18.md
+++ b/doc/user/application_security/dast/checks/798.18.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Codecov Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Codecov Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.18 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.19.md
+++ b/doc/user/application_security/dast/checks/798.19.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Coinbase Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Coinbase Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.19 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.2.md
+++ b/doc/user/application_security/dast/checks/798.2.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Adobe Client ID (OAuth Web)
+
+## Description
+
+The response body contains content that matches the pattern of a Adobe Client ID (OAuth Web).
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.2 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.20.md
+++ b/doc/user/application_security/dast/checks/798.20.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Clojars API token
+
+## Description
+
+The response body contains content that matches the pattern of a Clojars API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.20 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.21.md
+++ b/doc/user/application_security/dast/checks/798.21.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Confluent Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Confluent Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.21 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.22.md
+++ b/doc/user/application_security/dast/checks/798.22.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Confluent Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Confluent Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.22 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.23.md
+++ b/doc/user/application_security/dast/checks/798.23.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Contentful delivery API token
+
+## Description
+
+The response body contains content that matches the pattern of a Contentful delivery API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.23 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.24.md
+++ b/doc/user/application_security/dast/checks/798.24.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Databricks API token
+
+## Description
+
+The response body contains content that matches the pattern of a Databricks API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.24 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.25.md
+++ b/doc/user/application_security/dast/checks/798.25.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Datadog Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Datadog Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.25 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.26.md
+++ b/doc/user/application_security/dast/checks/798.26.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Discord API key
+
+## Description
+
+The response body contains content that matches the pattern of a Discord API key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.26 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.27.md
+++ b/doc/user/application_security/dast/checks/798.27.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Discord client ID
+
+## Description
+
+The response body contains content that matches the pattern of a Discord client ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.27 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.28.md
+++ b/doc/user/application_security/dast/checks/798.28.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Discord client secret
+
+## Description
+
+The response body contains content that matches the pattern of a Discord client secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.28 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.29.md
+++ b/doc/user/application_security/dast/checks/798.29.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Doppler API token
+
+## Description
+
+The response body contains content that matches the pattern of a Doppler API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.29 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.3.md
+++ b/doc/user/application_security/dast/checks/798.3.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Adobe Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Adobe Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.3 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.30.md
+++ b/doc/user/application_security/dast/checks/798.30.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Dropbox API secret
+
+## Description
+
+The response body contains content that matches the pattern of a Dropbox API secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.30 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.31.md
+++ b/doc/user/application_security/dast/checks/798.31.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Dropbox long lived API token
+
+## Description
+
+The response body contains content that matches the pattern of a Dropbox long lived API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.31 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.32.md
+++ b/doc/user/application_security/dast/checks/798.32.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Dropbox short lived API token
+
+## Description
+
+The response body contains content that matches the pattern of a Dropbox short lived API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.32 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.33.md
+++ b/doc/user/application_security/dast/checks/798.33.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Droneci Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Droneci Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.33 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.34.md
+++ b/doc/user/application_security/dast/checks/798.34.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Duffel API token
+
+## Description
+
+The response body contains content that matches the pattern of a Duffel API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.34 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.35.md
+++ b/doc/user/application_security/dast/checks/798.35.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Dynatrace API token
+
+## Description
+
+The response body contains content that matches the pattern of a Dynatrace API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.35 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.36.md
+++ b/doc/user/application_security/dast/checks/798.36.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token EasyPost API token
+
+## Description
+
+The response body contains content that matches the pattern of a EasyPost API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.36 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.37.md
+++ b/doc/user/application_security/dast/checks/798.37.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token EasyPost test API token
+
+## Description
+
+The response body contains content that matches the pattern of a EasyPost test API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.37 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.38.md
+++ b/doc/user/application_security/dast/checks/798.38.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Etsy Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Etsy Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.38 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.39.md
+++ b/doc/user/application_security/dast/checks/798.39.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Facebook
+
+## Description
+
+The response body contains content that matches the pattern of a Facebook.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.39 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.4.md
+++ b/doc/user/application_security/dast/checks/798.4.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Age secret key
+
+## Description
+
+The response body contains content that matches the pattern of a Age secret key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.4 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.40.md
+++ b/doc/user/application_security/dast/checks/798.40.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Fastly API key
+
+## Description
+
+The response body contains content that matches the pattern of a Fastly API key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.40 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.41.md
+++ b/doc/user/application_security/dast/checks/798.41.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Finicity Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Finicity Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.41 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.42.md
+++ b/doc/user/application_security/dast/checks/798.42.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Finicity API token
+
+## Description
+
+The response body contains content that matches the pattern of a Finicity API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.42 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.43.md
+++ b/doc/user/application_security/dast/checks/798.43.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Flickr Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Flickr Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.43 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.44.md
+++ b/doc/user/application_security/dast/checks/798.44.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Finnhub Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Finnhub Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.44 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.45.md
+++ b/doc/user/application_security/dast/checks/798.45.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Finicity Public Key
+
+## Description
+
+The response body contains content that matches the pattern of a Finicity Public Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.45 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.46.md
+++ b/doc/user/application_security/dast/checks/798.46.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Flutterwave Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Flutterwave Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.46 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.47.md
+++ b/doc/user/application_security/dast/checks/798.47.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Flutterwave Encryption Key
+
+## Description
+
+The response body contains content that matches the pattern of a Flutterwave Encryption Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.47 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.48.md
+++ b/doc/user/application_security/dast/checks/798.48.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Frame.io API token
+
+## Description
+
+The response body contains content that matches the pattern of a Frame.io API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.48 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.49.md
+++ b/doc/user/application_security/dast/checks/798.49.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Freshbooks Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Freshbooks Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.49 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.5.md
+++ b/doc/user/application_security/dast/checks/798.5.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Airtable API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Airtable API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.5 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.50.md
+++ b/doc/user/application_security/dast/checks/798.50.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GoCardless API token
+
+## Description
+
+The response body contains content that matches the pattern of a GoCardless API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.50 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.51.md
+++ b/doc/user/application_security/dast/checks/798.51.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GCP API key
+
+## Description
+
+The response body contains content that matches the pattern of a GCP API key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.51 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.52.md
+++ b/doc/user/application_security/dast/checks/798.52.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitHub Personal Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitHub Personal Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.52 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.53.md
+++ b/doc/user/application_security/dast/checks/798.53.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitHub OAuth Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitHub OAuth Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.53 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.54.md
+++ b/doc/user/application_security/dast/checks/798.54.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitHub App Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitHub App Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.54 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.55.md
+++ b/doc/user/application_security/dast/checks/798.55.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitHub Refresh Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitHub Refresh Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.55 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.56.md
+++ b/doc/user/application_security/dast/checks/798.56.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitLab Personal Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitLab Personal Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.56 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.57.md
+++ b/doc/user/application_security/dast/checks/798.57.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Gitter Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Gitter Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.57 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/doc/user/application_security/dast/checks/798.58.md
+++ b/doc/user/application_security/dast/checks/798.58.md
@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token HashiCorp Terraform user/org API token
+
+## Description
+
+The response body contains content that matches the pattern of a HashiCorp Terraform user/org API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.58 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
--- a/Show More
+++ b/Show More