Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
1785d4e4aa
commit
926b29e5fa
|
@ -1 +1 @@
|
|||
e0c4194d510e4fa60fbdc026d3734b462c2a6220
|
||||
8128ec05cf75d8af4f0b4e422106cef4adf9b3a4
|
||||
|
|
|
@ -13,7 +13,7 @@ class AsanaService < Service
|
|||
end
|
||||
|
||||
def description
|
||||
s_('AsanaService|Add commit messages as comments to Asana tasks')
|
||||
s_('AsanaService|Add commit messages as comments to Asana tasks.')
|
||||
end
|
||||
|
||||
def help
|
||||
|
|
|
@ -68,7 +68,7 @@ class BuildkiteService < CiService
|
|||
end
|
||||
|
||||
def description
|
||||
'Buildkite is a platform for running fast, secure, and scalable continuous integration pipelines on your own infrastructure'
|
||||
'Run CI/CD pipelines with Buildkite.'
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -9,7 +9,7 @@ class CampfireService < Service
|
|||
end
|
||||
|
||||
def description
|
||||
'Simple web-based real-time group chat'
|
||||
'Send notifications about push events to Campfire chat rooms.'
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -9,7 +9,7 @@ class CustomIssueTrackerService < IssueTrackerService
|
|||
end
|
||||
|
||||
def description
|
||||
s_('IssueTracker|Use a custom issue tracker.')
|
||||
s_("IssueTracker|Use a custom issue tracker as this project's issue tracker.")
|
||||
end
|
||||
|
||||
def help
|
||||
|
|
|
@ -15,8 +15,7 @@ class IrkerService < Service
|
|||
end
|
||||
|
||||
def description
|
||||
'Send IRC messages, on update, to a list of recipients through an Irker '\
|
||||
'gateway.'
|
||||
'Send IRC messages.'
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -116,7 +116,7 @@ class JiraService < IssueTrackerService
|
|||
end
|
||||
|
||||
def description
|
||||
s_('JiraService|Track issues in Jira')
|
||||
s_("JiraService|Use Jira as this project's issue tracker.")
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -6,7 +6,7 @@ class MicrosoftTeamsService < ChatNotificationService
|
|||
end
|
||||
|
||||
def description
|
||||
'Receive event notifications in Microsoft Teams'
|
||||
'Send notifications about project events to Microsoft Teams.'
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -16,7 +16,7 @@ class PackagistService < Service
|
|||
end
|
||||
|
||||
def description
|
||||
s_('Integrations|Update your projects on Packagist, the main Composer repository')
|
||||
s_('Integrations|Update your Packagist projects.')
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -11,7 +11,7 @@ class PivotaltrackerService < Service
|
|||
end
|
||||
|
||||
def description
|
||||
s_('PivotalTrackerService|Project Management Software (Source Commits Endpoint)')
|
||||
s_('PivotalTrackerService|Add commit messages as comments to PivotalTracker stories.')
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -11,7 +11,7 @@ class PushoverService < Service
|
|||
end
|
||||
|
||||
def description
|
||||
s_('PushoverService|Pushover makes it easy to get real-time notifications on your Android device, iPhone, iPad, and Desktop.')
|
||||
s_('PushoverService|Get real-time notifications on your device.')
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -9,7 +9,7 @@ class RedmineService < IssueTrackerService
|
|||
end
|
||||
|
||||
def description
|
||||
s_('IssueTracker|Use Redmine as the issue tracker.')
|
||||
s_("IssueTracker|Use Redmine as this project's issue tracker.")
|
||||
end
|
||||
|
||||
def help
|
||||
|
|
|
@ -6,7 +6,7 @@ class UnifyCircuitService < ChatNotificationService
|
|||
end
|
||||
|
||||
def description
|
||||
'Receive event notifications in Unify Circuit'
|
||||
s_('Integrations|Send notifications about project events to Unify Circuit.')
|
||||
end
|
||||
|
||||
def self.to_param
|
||||
|
|
|
@ -88,7 +88,7 @@ module AlertManagement
|
|||
def process_incident_issues
|
||||
return if alert.issue || alert.resolved?
|
||||
|
||||
::IncidentManagement::ProcessAlertWorker.perform_async(nil, nil, alert.id)
|
||||
::IncidentManagement::ProcessAlertWorkerV2.perform_async(alert.id)
|
||||
end
|
||||
|
||||
def send_alert_email
|
||||
|
|
|
@ -1056,6 +1056,15 @@
|
|||
:weight: 2
|
||||
:idempotent:
|
||||
:tags: []
|
||||
- :name: incident_management:incident_management_process_alert_worker_v2
|
||||
:worker_name: IncidentManagement::ProcessAlertWorkerV2
|
||||
:feature_category: :incident_management
|
||||
:has_external_dependencies:
|
||||
:urgency: :low
|
||||
:resource_boundary: :unknown
|
||||
:weight: 2
|
||||
:idempotent: true
|
||||
:tags: []
|
||||
- :name: incident_management:incident_management_process_prometheus_alert
|
||||
:worker_name: IncidentManagement::ProcessPrometheusAlertWorker
|
||||
:feature_category: :incident_management
|
||||
|
|
|
@ -10,6 +10,12 @@ module IncidentManagement
|
|||
# `project_id` and `alert_payload` are deprecated and can be removed
|
||||
# starting from 14.0 release
|
||||
# https://gitlab.com/gitlab-org/gitlab/-/issues/224500
|
||||
#
|
||||
# This worker is not scheduled anymore since
|
||||
# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60285
|
||||
# and will be removed completely via
|
||||
# https://gitlab.com/gitlab-org/gitlab/-/issues/224500
|
||||
# in 14.0.
|
||||
def perform(_project_id = nil, _alert_payload = nil, alert_id = nil)
|
||||
return unless alert_id
|
||||
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module IncidentManagement
|
||||
class ProcessAlertWorkerV2 # rubocop:disable Scalability/IdempotentWorker
|
||||
include ApplicationWorker
|
||||
|
||||
queue_namespace :incident_management
|
||||
feature_category :incident_management
|
||||
|
||||
idempotent!
|
||||
|
||||
def perform(alert_id)
|
||||
return unless alert_id
|
||||
|
||||
alert = find_alert(alert_id)
|
||||
return unless alert
|
||||
|
||||
result = create_issue_for(alert)
|
||||
return if result.success?
|
||||
|
||||
log_warning(alert, result)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def find_alert(alert_id)
|
||||
AlertManagement::Alert.find_by_id(alert_id)
|
||||
end
|
||||
|
||||
def create_issue_for(alert)
|
||||
AlertManagement::CreateAlertIssueService
|
||||
.new(alert, User.alert_bot)
|
||||
.execute
|
||||
end
|
||||
|
||||
def log_warning(alert, result)
|
||||
issue_id = result.payload[:issue]&.id
|
||||
|
||||
Gitlab::AppLogger.warn(
|
||||
message: 'Cannot process an Incident',
|
||||
issue_id: issue_id,
|
||||
alert_id: alert.id,
|
||||
errors: result.message
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Review and revise project integration descriptions
|
||||
merge_request: 60510
|
||||
author:
|
||||
type: other
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Update to question-o from question icon in user stats
|
||||
merge_request: 59135
|
||||
author: Yogi (@yo)
|
||||
type: changed
|
|
@ -157,6 +157,11 @@ on adding these events into GitLab:
|
|||
- [Group settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/475)
|
||||
- [Instance-level settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/476)
|
||||
|
||||
Don't see the event you want in any of the epics linked above? You can use the **Audit Event
|
||||
Proposal** issue template to
|
||||
[create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Audit%20Event%20Proposal)
|
||||
to request it.
|
||||
|
||||
### Disabled events
|
||||
|
||||
#### Repository push
|
||||
|
|
|
@ -131,7 +131,7 @@ forks use the object pool for shared objects. For more information, see
|
|||
[How Git object deduplication works in GitLab](../development/git_object_deduplication.md).
|
||||
|
||||
Objects are moved from the source project to the object pool when housekeeping is run on the source
|
||||
project. Object pool repositories are stored similarly to regular repositories:
|
||||
project. Object pool repositories are stored similarly to regular repositories in a directory called `@pools` instead of `@hashed`
|
||||
|
||||
```ruby
|
||||
# object pool paths
|
||||
|
@ -139,8 +139,8 @@ project. Object pool repositories are stored similarly to regular repositories:
|
|||
```
|
||||
|
||||
WARNING:
|
||||
Do not run `git prune` or `git gc` in object pool repositories. This can cause data loss in the
|
||||
regular repositories that depend on the object pool.
|
||||
Do not run `git prune` or `git gc` in object pool repositories, which are stored in the `@pools` directory.
|
||||
This can cause data loss in the regular repositories that depend on the object pool.
|
||||
|
||||
### Object storage support
|
||||
|
||||
|
|
|
@ -35,9 +35,9 @@ to work, it is of course critical that **no objects ever get deleted from
|
|||
B** because A might need them.
|
||||
|
||||
WARNING:
|
||||
Do not run `git prune` or `git gc` in pool repositories! This can
|
||||
cause data loss in "real" repositories that depend on the pool in
|
||||
question.
|
||||
Do not run `git prune` or `git gc` in object pool repositories, which are
|
||||
stored in the `@pools` directory. This can cause data loss in the regular
|
||||
repositories that depend on the object pool.
|
||||
|
||||
The danger lies in `git prune`, and `git gc` calls `git prune`. The
|
||||
problem is that `git prune`, when running in a pool repository, cannot
|
||||
|
@ -45,8 +45,8 @@ reliable decide if an object is no longer needed.
|
|||
|
||||
### Git alternates in GitLab: pool repositories
|
||||
|
||||
GitLab organizes this object borrowing by creating special **pool
|
||||
repositories** which are hidden from the user. We then use Git
|
||||
GitLab organizes this object borrowing by [creating special **pool
|
||||
repositories**](../administration/repository_storage_types.md) which are hidden from the user. We then use Git
|
||||
alternates to let a collection of project repositories borrow from a
|
||||
single pool repository. We call such a collection of project
|
||||
repositories a pool. Pools form star-shaped networks of repositories
|
||||
|
|
|
@ -548,7 +548,7 @@ of the available SAST Analyzers and what data is currently available.
|
|||
|
||||
The `remediations` field of the report is an array of remediation objects.
|
||||
Each remediation describes a patch that can be applied to
|
||||
[automatically fix](../../user/application_security/#apply-an-automatic-remediation-for-a-vulnerability)
|
||||
[automatically fix](../../user/application_security/vulnerabilities/index.md#remediate-a-vulnerability-automatically)
|
||||
a set of vulnerabilities.
|
||||
|
||||
Here is an example of a report that contains remediations.
|
||||
|
|
|
@ -101,7 +101,7 @@ and complete an integration with the Secure stage.
|
|||
- Users can interact with the findings from your artifact within their workflow. They can dismiss the findings or accept them and create a backlog issue.
|
||||
- To automatically create issues without user interaction, use the [issue API](../../api/issues.md).
|
||||
1. Optional: Provide auto-remediation steps:
|
||||
- If you specified `remediations` in your artifact, it is proposed through our [automatic remediation](../../user/application_security/index.md#apply-an-automatic-remediation-for-a-vulnerability)
|
||||
- If you specified `remediations` in your artifact, it is proposed through our [automatic remediation](../../user/application_security/vulnerabilities/index.md#remediate-a-vulnerability-automatically)
|
||||
interface.
|
||||
1. Demo the integration to GitLab:
|
||||
- After you have tested and are ready to demo your integration please
|
||||
|
|
|
@ -996,7 +996,7 @@ pipelines. For more information, see the [Security Dashboard documentation](../s
|
|||
|
||||
Fuzzing faults show up as vulnerabilities with a severity of Unknown.
|
||||
Once a fault is found, you can interact with it. Read more on how to
|
||||
[address the vulnerabilities](../index.md#addressing-vulnerabilities).
|
||||
[address the vulnerabilities](../vulnerabilities/index.md).
|
||||
|
||||
## Handling False Positives
|
||||
|
||||
|
|
|
@ -694,7 +694,7 @@ If you're using Klar and want more information about the vulnerabilities databas
|
|||
|
||||
## Interacting with the vulnerabilities
|
||||
|
||||
After a vulnerability is found, you can [address it](../index.md#addressing-vulnerabilities).
|
||||
After a vulnerability is found, you can [address it](../vulnerabilities/index.md).
|
||||
|
||||
## Solutions for vulnerabilities (auto-remediation)
|
||||
|
||||
|
@ -708,7 +708,7 @@ file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/runners/README.m
|
|||
your `.gitlab-ci.yml` file by following the instructions described in this document's
|
||||
[overriding the container scanning template](#overriding-the-container-scanning-template) section.
|
||||
|
||||
Read more about the [solutions for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability).
|
||||
Read more about the [solutions for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically).
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
|
|
|
@ -237,7 +237,7 @@ The `covfuzz-ci.yml` is the same as that in the [original synchronous example](h
|
|||
|
||||
## Interacting with the vulnerabilities
|
||||
|
||||
After a vulnerability is found, you can [address it](../index.md#addressing-vulnerabilities).
|
||||
After a vulnerability is found, you can [address it](../vulnerabilities/index.md).
|
||||
The merge request widget lists the vulnerability and contains a button for downloading the fuzzing
|
||||
artifacts. By clicking one of the detected vulnerabilities, you can see its details.
|
||||
|
||||
|
|
|
@ -228,13 +228,13 @@ Read more on [how to use private Maven repositories](../index.md#using-private-m
|
|||
## Interacting with the vulnerabilities
|
||||
|
||||
Once a vulnerability is found, you can interact with it. Read more on how to
|
||||
[address the vulnerabilities](../index.md#addressing-vulnerabilities).
|
||||
[address the vulnerabilities](../vulnerabilities/index.md).
|
||||
|
||||
## Solutions for vulnerabilities (auto-remediation)
|
||||
|
||||
Some vulnerabilities can be fixed by applying the solution that GitLab
|
||||
automatically generates. Read more about the
|
||||
[solutions for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability).
|
||||
[solutions for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically).
|
||||
|
||||
## Security Dashboard
|
||||
|
||||
|
|
|
@ -119,99 +119,6 @@ reports are available to download. To download a report, click on the
|
|||
|
||||
![Security widget](img/security_widget_v13_7.png)
|
||||
|
||||
## Addressing vulnerabilities
|
||||
|
||||
> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.8.
|
||||
|
||||
For each security vulnerability in a merge request or [Vulnerability Report](vulnerability_report/index.md),
|
||||
you can:
|
||||
|
||||
- [Dismiss the vulnerability](#dismiss-a-vulnerability).
|
||||
- Create a [confidential](../project/issues/confidential_issues.md)
|
||||
[issue](vulnerabilities/index.md#create-a-gitlab-issue-for-a-vulnerability).
|
||||
- Apply an [automatically remediation](#apply-an-automatic-remediation-for-a-vulnerability).
|
||||
|
||||
### Dismiss a vulnerability
|
||||
|
||||
> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0, a dismissal reason.
|
||||
|
||||
You can dismiss a vulnerability for the entire project.
|
||||
|
||||
1. Select the vulnerability in the Security Dashboard.
|
||||
1. In the top-right, from the **Status** selector menu, select **Dismissed**.
|
||||
1. Optional. Add a reason for the dismissal and select **Save comment**.
|
||||
|
||||
To undo this action, select a different status from the same menu.
|
||||
|
||||
#### Dismiss multiple vulnerabilities
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
|
||||
|
||||
You can dismiss multiple vulnerabilities at once.
|
||||
|
||||
1. In the list of vulnerabilities, select the checkbox for each vulnerability you want to dismiss.
|
||||
To select all, select the checkbox in the table header.
|
||||
1. Above the table, select a dismissal reason.
|
||||
1. Select **Dismiss Selected**.
|
||||
|
||||
### Create an issue for a vulnerability
|
||||
|
||||
You can create a GitLab or Jira issue for a vulnerability. For details, see [Vulnerability Pages](vulnerabilities/index.md).
|
||||
|
||||
#### Link to an existing issue
|
||||
|
||||
If you already have an open issue, you can link to it from the vulnerability.
|
||||
|
||||
- The vulnerability page shows related issues, but the issue page doesn't show the vulnerability it's related to.
|
||||
- An issue can only be related to one vulnerability at a time.
|
||||
- Issues can be linked across groups and projects.
|
||||
|
||||
To link to an existing issue:
|
||||
|
||||
1. Open the vulnerability.
|
||||
1. [Add a linked issue](../project/issues/related_issues.md).
|
||||
|
||||
### Apply an automatic remediation for a vulnerability
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.7.
|
||||
|
||||
Some vulnerabilities can be fixed by applying the solution that GitLab automatically generates.
|
||||
The following scanners are supported:
|
||||
|
||||
- [Dependency Scanning](dependency_scanning/index.md).
|
||||
Automatic Patch creation is only available for Node.js projects managed with
|
||||
`yarn`.
|
||||
- [Container Scanning](container_scanning/index.md).
|
||||
|
||||
#### Manually apply the suggested patch
|
||||
|
||||
To manually apply the patch that GitLab generated for a vulnerability:
|
||||
|
||||
1. Select the **Resolve with merge request** dropdown, then select **Download patch to resolve**:
|
||||
|
||||
![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png)
|
||||
|
||||
1. Ensure your local project has the same commit checked out that was used to generate the patch.
|
||||
1. Run `git apply remediation.patch`.
|
||||
1. Verify and commit the changes to your branch.
|
||||
|
||||
#### Create a merge request with the suggested patch
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9.
|
||||
|
||||
In some cases, you can create a merge request that automatically remediates the
|
||||
vulnerability. Any vulnerability that has a
|
||||
[solution](#apply-an-automatic-remediation-for-a-vulnerability) can have a merge
|
||||
request created to automatically solve the issue.
|
||||
|
||||
If this action is available:
|
||||
|
||||
1. Select the **Resolve with merge request** dropdown, then select **Resolve with merge request**.
|
||||
|
||||
![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png)
|
||||
|
||||
A merge request is created. It that applies the solution to the source branch.
|
||||
|
||||
## Security approvals in merge requests
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.2.
|
||||
|
|
|
@ -59,14 +59,14 @@ mirroring the packages inside your own offline network.
|
|||
### Interacting with the vulnerabilities
|
||||
|
||||
Once a vulnerability is found, you can interact with it. Read more on how to
|
||||
[address the vulnerabilities](../index.md#addressing-vulnerabilities).
|
||||
[address the vulnerabilities](../vulnerabilities/index.md).
|
||||
|
||||
Please note that in some cases the reported vulnerabilities provide metadata that can contain
|
||||
external links exposed in the UI. These links might not be accessible within an offline environment.
|
||||
|
||||
### Automatic remediation for vulnerabilities
|
||||
|
||||
The [automatic remediation for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability) feature is available for offline Dependency Scanning and Container Scanning, but may not work
|
||||
The [automatic remediation for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically) feature is available for offline Dependency Scanning and Container Scanning, but may not work
|
||||
depending on your instance's configuration. We can only suggest solutions, which are generally more
|
||||
current versions that have been patched, when we are able to access up-to-date registry services
|
||||
hosting the latest versions of that dependency or image.
|
||||
|
|
|
@ -134,16 +134,16 @@ All open source (OSS) analyzers have been moved to the GitLab Free tier as of Gi
|
|||
Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/),
|
||||
as shown in the following table:
|
||||
|
||||
| Capability | In Free | In Ultimate |
|
||||
|:-------------------------------------------------------------------------------------------------------------|:--------------------|:-------------------|
|
||||
| [Configure SAST Scanners](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| [Customize SAST Settings](#customizing-the-sast-settings) | **{check-circle}** | **{check-circle}** |
|
||||
| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| Presentation of JSON Report in Merge Request | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Address vulnerabilities](../../application_security/index.md#addressing-vulnerabilities) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** |
|
||||
| Capability | In Free | In Ultimate |
|
||||
|:---------------------------------------------------------------------------------------|:--------------------|:-------------------|
|
||||
| [Configure SAST Scanners](#configuration) | **{check-circle}** | **{check-circle}** |
|
||||
| [Customize SAST Settings](#customizing-the-sast-settings) | **{check-circle}** | **{check-circle}** |
|
||||
| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
|
||||
| Presentation of JSON Report in Merge Request | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Address vulnerabilities](../../application_security/vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** |
|
||||
| [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** |
|
||||
|
||||
## Contribute your scanner
|
||||
|
||||
|
|
|
@ -211,4 +211,4 @@ Each scenario can be a third-level heading, e.g. `### Getting error message X`.
|
|||
If you have none to add when creating a doc, leave this section in place
|
||||
but commented out to help encourage others to add to it in the future. -->
|
||||
|
||||
Read more on how to [address the vulnerabilities](../index.md#addressing-vulnerabilities).
|
||||
Read more on how to [address the vulnerabilities](../vulnerabilities/index.md).
|
||||
|
|
Before Width: | Height: | Size: 16 KiB After Width: | Height: | Size: 16 KiB |
|
@ -12,7 +12,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
|||
Each security vulnerability in a project's [Vulnerability Report](../vulnerability_report/index.md) has an individual page which includes:
|
||||
|
||||
- Details of the vulnerability.
|
||||
- The status of the vulnerability within the project.
|
||||
- The status of the vulnerability in the project.
|
||||
- Available actions for the vulnerability.
|
||||
- Any issues related to the vulnerability.
|
||||
|
||||
|
@ -21,8 +21,10 @@ On the vulnerability's page, you can:
|
|||
- [Change the vulnerability's status](#change-vulnerability-status).
|
||||
- [Create an issue](#create-an-issue-for-a-vulnerability).
|
||||
- [Link issues to the vulnerability](#link-gitlab-issues-to-the-vulnerability).
|
||||
- [Automatically remediate the vulnerability](#automatically-remediate-the-vulnerability), if an
|
||||
- [Remediate a vulnerability automatically](#remediate-a-vulnerability-automatically), if an
|
||||
automatic solution is available.
|
||||
- [Remediate a vulnerability manually](#remediate-a-vulnerability-manually), if a solution is
|
||||
available.
|
||||
|
||||
## Change vulnerability status
|
||||
|
||||
|
@ -60,7 +62,7 @@ To create a GitLab issue for a vulnerability:
|
|||
1. In GitLab, go to the vulnerability's page.
|
||||
1. Select **Create issue**.
|
||||
|
||||
An issue is created in the project, prepopulated with information from the vulnerability report.
|
||||
An issue is created in the project, pre-populated with information from the vulnerability report.
|
||||
The issue is then opened so you can take further action.
|
||||
|
||||
### Create a Jira issue for a vulnerability
|
||||
|
@ -120,10 +122,59 @@ that the resolution of one issue would resolve multiple vulnerabilities.
|
|||
|
||||
Linked issues are shown in the Vulnerability Report and the vulnerability's page.
|
||||
|
||||
## Automatically remediate the vulnerability
|
||||
## Link to an existing issue
|
||||
|
||||
You can fix some vulnerabilities by applying the solution that GitLab automatically
|
||||
generates for you. [Read more about the automatic remediation for vulnerabilities feature](../index.md#apply-an-automatic-remediation-for-a-vulnerability).
|
||||
If you already have an open issue, you can link to it from the vulnerability.
|
||||
|
||||
- The vulnerability page shows related issues, but the issue page doesn't show the vulnerability it's related to.
|
||||
- An issue can only be related to one vulnerability at a time.
|
||||
- Issues can be linked across groups and projects.
|
||||
|
||||
To link to an existing issue:
|
||||
|
||||
1. Open the vulnerability.
|
||||
1. [Add a linked issue](../../project/issues/related_issues.md).
|
||||
|
||||
## Remediate a vulnerability automatically
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.7.
|
||||
|
||||
Some vulnerabilities can be fixed by applying the solution that GitLab automatically generates.
|
||||
The following scanners are supported:
|
||||
|
||||
- [Dependency Scanning](../dependency_scanning/index.md).
|
||||
Automatic Patch creation is only available for Node.js projects managed with
|
||||
`yarn`.
|
||||
- [Container Scanning](../container_scanning/index.md).
|
||||
|
||||
### Remediate a vulnerability manually
|
||||
|
||||
To manually apply the patch that GitLab generated for a vulnerability:
|
||||
|
||||
1. Select the **Resolve with merge request** dropdown, then select **Download patch to resolve**:
|
||||
|
||||
![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png)
|
||||
|
||||
1. Ensure your local project has the same commit checked out that was used to generate the patch.
|
||||
1. Run `git apply remediation.patch`.
|
||||
1. Verify and commit the changes to your branch.
|
||||
|
||||
### Create a merge request with the suggested patch
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9.
|
||||
|
||||
In some cases, you can create a merge request that automatically remediates the
|
||||
vulnerability. Any vulnerability that has a
|
||||
[solution](#remediate-a-vulnerability-automatically) can have a merge
|
||||
request created to automatically solve the issue.
|
||||
|
||||
If this action is available:
|
||||
|
||||
1. Select the **Resolve with merge request** dropdown, then select **Resolve with merge request**.
|
||||
|
||||
![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png)
|
||||
|
||||
A merge request is created. It applies the solution to the source branch.
|
||||
|
||||
## Vulnerability scanner maintenance
|
||||
|
||||
|
|
|
@ -162,3 +162,26 @@ computer.
|
|||
NOTE:
|
||||
It may take several minutes for the download to start if your project contains
|
||||
thousands of vulnerabilities. Don't close the page until the download finishes.
|
||||
|
||||
## Dismiss a vulnerability
|
||||
|
||||
> The option of adding a dismissal reason was introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0.
|
||||
|
||||
You can dismiss a vulnerability for the entire project:
|
||||
|
||||
1. Select the vulnerability in the Security Dashboard.
|
||||
1. In the top-right, from the **Status** selector menu, select **Dismissed**.
|
||||
1. Optional. Add a reason for the dismissal and select **Save comment**.
|
||||
|
||||
To undo this action, select a different status from the same menu.
|
||||
|
||||
### Dismiss multiple vulnerabilities
|
||||
|
||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
|
||||
|
||||
You can dismiss multiple vulnerabilities at once:
|
||||
|
||||
1. In the list of vulnerabilities, select the checkbox for each vulnerability you want to dismiss.
|
||||
To select all, select the checkbox in the table header.
|
||||
1. Above the table, select a dismissal reason.
|
||||
1. Select **Dismiss Selected**.
|
||||
|
|
|
@ -4349,7 +4349,7 @@ msgstr ""
|
|||
msgid "AsanaService|%{user} pushed to branch %{branch} of %{project_name} ( %{commit_url} ):"
|
||||
msgstr ""
|
||||
|
||||
msgid "AsanaService|Add commit messages as comments to Asana tasks"
|
||||
msgid "AsanaService|Add commit messages as comments to Asana tasks."
|
||||
msgstr ""
|
||||
|
||||
msgid "AsanaService|Comma-separated list of branches to be automatically inspected. Leave blank to include all branches."
|
||||
|
@ -17478,6 +17478,9 @@ msgstr ""
|
|||
msgid "Integrations|Default settings are inherited from the instance level."
|
||||
msgstr ""
|
||||
|
||||
msgid "Integrations|Enable GitLab.com slash commands in a Slack workspace."
|
||||
msgstr ""
|
||||
|
||||
msgid "Integrations|Enable comments"
|
||||
msgstr ""
|
||||
|
||||
|
@ -17547,6 +17550,9 @@ msgstr ""
|
|||
msgid "Integrations|Search Jira issues"
|
||||
msgstr ""
|
||||
|
||||
msgid "Integrations|Send notifications about project events to Unify Circuit."
|
||||
msgstr ""
|
||||
|
||||
msgid "Integrations|Sign in to add namespaces"
|
||||
msgstr ""
|
||||
|
||||
|
@ -17559,7 +17565,7 @@ msgstr ""
|
|||
msgid "Integrations|To keep this project going, create a new issue."
|
||||
msgstr ""
|
||||
|
||||
msgid "Integrations|Update your projects on Packagist, the main Composer repository"
|
||||
msgid "Integrations|Update your Packagist projects."
|
||||
msgstr ""
|
||||
|
||||
msgid "Integrations|Use custom settings"
|
||||
|
@ -17568,9 +17574,6 @@ msgstr ""
|
|||
msgid "Integrations|Use default settings"
|
||||
msgstr ""
|
||||
|
||||
msgid "Integrations|Use the GitLab Slack application"
|
||||
msgstr ""
|
||||
|
||||
msgid "Integrations|When a Jira issue is mentioned in a commit or merge request a remote link and comment (if enabled) is created."
|
||||
msgstr ""
|
||||
|
||||
|
@ -18105,10 +18108,10 @@ msgstr ""
|
|||
msgid "IssueTracker|Use IBM Engineering Workflow Management as this project's issue tracker. %{docs_link}"
|
||||
msgstr ""
|
||||
|
||||
msgid "IssueTracker|Use Redmine as the issue tracker."
|
||||
msgid "IssueTracker|Use Redmine as the issue tracker. %{docs_link}"
|
||||
msgstr ""
|
||||
|
||||
msgid "IssueTracker|Use Redmine as the issue tracker. %{docs_link}"
|
||||
msgid "IssueTracker|Use Redmine as this project's issue tracker."
|
||||
msgstr ""
|
||||
|
||||
msgid "IssueTracker|Use YouTrack as this project's issue tracker."
|
||||
|
@ -18117,10 +18120,10 @@ msgstr ""
|
|||
msgid "IssueTracker|Use YouTrack as this project's issue tracker. %{docs_link}"
|
||||
msgstr ""
|
||||
|
||||
msgid "IssueTracker|Use a custom issue tracker that is not in the integration list. %{docs_link}"
|
||||
msgid "IssueTracker|Use a custom issue tracker as this project's issue tracker."
|
||||
msgstr ""
|
||||
|
||||
msgid "IssueTracker|Use a custom issue tracker."
|
||||
msgid "IssueTracker|Use a custom issue tracker that is not in the integration list. %{docs_link}"
|
||||
msgstr ""
|
||||
|
||||
msgid "Issues"
|
||||
|
@ -18411,15 +18414,15 @@ msgstr ""
|
|||
msgid "JiraService|This issue is synchronized with Jira"
|
||||
msgstr ""
|
||||
|
||||
msgid "JiraService|Track issues in Jira"
|
||||
msgstr ""
|
||||
|
||||
msgid "JiraService|Transition Jira issues to their final state:"
|
||||
msgstr ""
|
||||
|
||||
msgid "JiraService|Upgrade your plan to enable this feature of the Jira Integration."
|
||||
msgstr ""
|
||||
|
||||
msgid "JiraService|Use Jira as this project's issue tracker."
|
||||
msgstr ""
|
||||
|
||||
msgid "JiraService|Use a password for server version and an API token for cloud version."
|
||||
msgstr ""
|
||||
|
||||
|
@ -23998,15 +24001,15 @@ msgstr ""
|
|||
msgid "Pipeline|with stages"
|
||||
msgstr ""
|
||||
|
||||
msgid "PivotalTrackerService|Add commit messages as comments to PivotalTracker stories."
|
||||
msgstr ""
|
||||
|
||||
msgid "PivotalTrackerService|Comma-separated list of branches which will be automatically inspected. Leave blank to include all branches."
|
||||
msgstr ""
|
||||
|
||||
msgid "PivotalTrackerService|Pivotal Tracker API token."
|
||||
msgstr ""
|
||||
|
||||
msgid "PivotalTrackerService|Project Management Software (Source Commits Endpoint)"
|
||||
msgstr ""
|
||||
|
||||
msgid "Plain diff"
|
||||
msgstr ""
|
||||
|
||||
|
@ -26350,6 +26353,9 @@ msgstr ""
|
|||
msgid "PushoverService|%{user_name} pushed new branch \"%{ref}\"."
|
||||
msgstr ""
|
||||
|
||||
msgid "PushoverService|Get real-time notifications on your device."
|
||||
msgstr ""
|
||||
|
||||
msgid "PushoverService|High Priority"
|
||||
msgstr ""
|
||||
|
||||
|
@ -26365,9 +26371,6 @@ msgstr ""
|
|||
msgid "PushoverService|Normal Priority"
|
||||
msgstr ""
|
||||
|
||||
msgid "PushoverService|Pushover makes it easy to get real-time notifications on your Android device, iPhone, iPad, and Desktop."
|
||||
msgstr ""
|
||||
|
||||
msgid "PushoverService|See project %{project_full_name}"
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -25,9 +25,9 @@ RSpec.shared_examples 'processes incident issues' do |with_issue: false|
|
|||
end
|
||||
|
||||
specify do
|
||||
expect(IncidentManagement::ProcessAlertWorker)
|
||||
expect(IncidentManagement::ProcessAlertWorkerV2)
|
||||
.to receive(:perform_async)
|
||||
.with(nil, nil, kind_of(Integer))
|
||||
.with(kind_of(Integer))
|
||||
|
||||
Sidekiq::Testing.inline! do
|
||||
expect(subject).to be_success
|
||||
|
@ -45,7 +45,7 @@ end
|
|||
|
||||
RSpec.shared_examples 'does not process incident issues' do
|
||||
specify do
|
||||
expect(IncidentManagement::ProcessAlertWorker).not_to receive(:perform_async)
|
||||
expect(IncidentManagement::ProcessAlertWorkerV2).not_to receive(:perform_async)
|
||||
|
||||
subject
|
||||
end
|
||||
|
|
|
@ -0,0 +1,96 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
RSpec.describe IncidentManagement::ProcessAlertWorkerV2 do
|
||||
let_it_be(:project) { create(:project) }
|
||||
let_it_be(:settings) { create(:project_incident_management_setting, project: project, create_issue: true) }
|
||||
|
||||
describe '#perform' do
|
||||
let_it_be(:started_at) { Time.now.rfc3339 }
|
||||
let_it_be(:payload) { { 'title' => 'title', 'start_time' => started_at } }
|
||||
let_it_be(:alert) { create(:alert_management_alert, project: project, payload: payload, started_at: started_at) }
|
||||
|
||||
let(:created_issue) { Issue.last! }
|
||||
|
||||
subject(:perform_worker) { described_class.new.perform(alert.id) }
|
||||
|
||||
before do
|
||||
allow(Gitlab::AppLogger).to receive(:warn).and_call_original
|
||||
|
||||
allow(AlertManagement::CreateAlertIssueService)
|
||||
.to receive(:new).with(alert, User.alert_bot)
|
||||
.and_call_original
|
||||
end
|
||||
|
||||
shared_examples 'creates issue successfully' do
|
||||
it 'creates an issue' do
|
||||
expect(AlertManagement::CreateAlertIssueService)
|
||||
.to receive(:new).with(alert, User.alert_bot)
|
||||
|
||||
expect { perform_worker }.to change { Issue.count }.by(1)
|
||||
end
|
||||
|
||||
it 'updates AlertManagement::Alert#issue_id' do
|
||||
perform_worker
|
||||
|
||||
expect(alert.reload.issue_id).to eq(created_issue.id)
|
||||
end
|
||||
|
||||
it 'does not write a warning to log' do
|
||||
perform_worker
|
||||
|
||||
expect(Gitlab::AppLogger).not_to have_received(:warn)
|
||||
end
|
||||
|
||||
it_behaves_like 'an idempotent worker' do
|
||||
let(:job_args) { [alert.id] }
|
||||
|
||||
it 'does not create a second issue' do
|
||||
expect { perform_worker }.to change { Issue.count }.by(1)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'with valid alert' do
|
||||
it_behaves_like 'creates issue successfully'
|
||||
|
||||
context 'when alert cannot be updated' do
|
||||
let_it_be(:alert) { create(:alert_management_alert, :with_validation_errors, project: project, payload: payload) }
|
||||
|
||||
it 'updates AlertManagement::Alert#issue_id' do
|
||||
expect { perform_worker }.not_to change { alert.reload.issue_id }
|
||||
end
|
||||
|
||||
it 'logs a warning' do
|
||||
perform_worker
|
||||
|
||||
expect(Gitlab::AppLogger).to have_received(:warn).with(
|
||||
message: 'Cannot process an Incident',
|
||||
issue_id: created_issue.id,
|
||||
alert_id: alert.id,
|
||||
errors: 'Hosts hosts array is over 255 chars'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'prometheus alert' do
|
||||
let_it_be(:alert) { create(:alert_management_alert, :prometheus, project: project, started_at: started_at) }
|
||||
|
||||
it_behaves_like 'creates issue successfully'
|
||||
end
|
||||
end
|
||||
|
||||
context 'with invalid alert' do
|
||||
let(:invalid_alert_id) { non_existing_record_id }
|
||||
|
||||
subject(:perform_worker) { described_class.new.perform(invalid_alert_id) }
|
||||
|
||||
it 'does not create issues' do
|
||||
expect(AlertManagement::CreateAlertIssueService).not_to receive(:new)
|
||||
|
||||
expect { perform_worker }.not_to change { Issue.count }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue