kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-04-30 00:10:28 +00:00
parent 1785d4e4aa
commit 926b29e5fa
38 changed files with 320 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
GITALY_SERVER_VERSION
View File

@ -1 +1 @@
e0c4194d510e4fa60fbdc026d3734b462c2a6220
8128ec05cf75d8af4f0b4e422106cef4adf9b3a4

2
app/models/project_services/asana_service.rb
View File

@ -13,7 +13,7 @@ class AsanaService < Service
end
def description
s_('AsanaService|Add commit messages as comments to Asana tasks')
s_('AsanaService|Add commit messages as comments to Asana tasks.')
end
def help

2
app/models/project_services/buildkite_service.rb
View File

@ -68,7 +68,7 @@ class BuildkiteService < CiService
end
def description
'Buildkite is a platform for running fast, secure, and scalable continuous integration pipelines on your own infrastructure'
'Run CI/CD pipelines with Buildkite.'
end
def self.to_param

2
app/models/project_services/campfire_service.rb
View File

@ -9,7 +9,7 @@ class CampfireService < Service
end
def description
'Simple web-based real-time group chat'
'Send notifications about push events to Campfire chat rooms.'
end
def self.to_param

2
app/models/project_services/custom_issue_tracker_service.rb
View File

@ -9,7 +9,7 @@ class CustomIssueTrackerService < IssueTrackerService
end
def description
s_('IssueTracker|Use a custom issue tracker.')
s_("IssueTracker|Use a custom issue tracker as this project's issue tracker.")
end
def help

3
app/models/project_services/irker_service.rb
View File

@ -15,8 +15,7 @@ class IrkerService < Service
end
def description
'Send IRC messages, on update, to a list of recipients through an Irker '\
'gateway.'
'Send IRC messages.'
end
def self.to_param

2
app/models/project_services/jira_service.rb
View File

@ -116,7 +116,7 @@ class JiraService < IssueTrackerService
end
def description
s_('JiraService|Track issues in Jira')
s_("JiraService|Use Jira as this project's issue tracker.")
end
def self.to_param

2
app/models/project_services/microsoft_teams_service.rb
View File

@ -6,7 +6,7 @@ class MicrosoftTeamsService < ChatNotificationService
end
def description
'Receive event notifications in Microsoft Teams'
'Send notifications about project events to Microsoft Teams.'
end
def self.to_param

2
app/models/project_services/packagist_service.rb
View File

@ -16,7 +16,7 @@ class PackagistService < Service
end
def description
s_('Integrations|Update your projects on Packagist, the main Composer repository')
s_('Integrations|Update your Packagist projects.')
end
def self.to_param

2
app/models/project_services/pivotaltracker_service.rb
View File

@ -11,7 +11,7 @@ class PivotaltrackerService < Service
end
def description
s_('PivotalTrackerService|Project Management Software (Source Commits Endpoint)')
s_('PivotalTrackerService|Add commit messages as comments to PivotalTracker stories.')
end
def self.to_param

2
app/models/project_services/pushover_service.rb
View File

@ -11,7 +11,7 @@ class PushoverService < Service
end
def description
s_('PushoverService|Pushover makes it easy to get real-time notifications on your Android device, iPhone, iPad, and Desktop.')
s_('PushoverService|Get real-time notifications on your device.')
end
def self.to_param

2
app/models/project_services/redmine_service.rb
View File

@ -9,7 +9,7 @@ class RedmineService < IssueTrackerService
end
def description
s_('IssueTracker|Use Redmine as the issue tracker.')
s_("IssueTracker|Use Redmine as this project's issue tracker.")
end
def help

2
app/models/project_services/unify_circuit_service.rb
View File

@ -6,7 +6,7 @@ class UnifyCircuitService < ChatNotificationService
end
def description
'Receive event notifications in Unify Circuit'
s_('Integrations|Send notifications about project events to Unify Circuit.')
end
def self.to_param

2
app/services/concerns/alert_management/alert_processing.rb
View File

@ -88,7 +88,7 @@ module AlertManagement
def process_incident_issues
return if alert.issue || alert.resolved?
::IncidentManagement::ProcessAlertWorker.perform_async(nil, nil, alert.id)
::IncidentManagement::ProcessAlertWorkerV2.perform_async(alert.id)
end
def send_alert_email

9
app/workers/all_queues.yml
View File

@ -1056,6 +1056,15 @@
:weight: 2
:idempotent:
:tags: []
- :name: incident_management:incident_management_process_alert_worker_v2
:worker_name: IncidentManagement::ProcessAlertWorkerV2
:feature_category: :incident_management
:has_external_dependencies:
:urgency: :low
:resource_boundary: :unknown
:weight: 2
:idempotent: true
:tags: []
- :name: incident_management:incident_management_process_prometheus_alert
:worker_name: IncidentManagement::ProcessPrometheusAlertWorker
:feature_category: :incident_management

6
app/workers/incident_management/process_alert_worker.rb
View File

@ -10,6 +10,12 @@ module IncidentManagement
# `project_id` and `alert_payload` are deprecated and can be removed
# starting from 14.0 release
# https://gitlab.com/gitlab-org/gitlab/-/issues/224500
#
# This worker is not scheduled anymore since
# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60285
# and will be removed completely via
# https://gitlab.com/gitlab-org/gitlab/-/issues/224500
# in 14.0.
def perform(_project_id = nil, _alert_payload = nil, alert_id = nil)
return unless alert_id

47
app/workers/incident_management/process_alert_worker_v2.rb Normal file
View File

@ -0,0 +1,47 @@
# frozen_string_literal: true
module IncidentManagement
class ProcessAlertWorkerV2 # rubocop:disable Scalability/IdempotentWorker
include ApplicationWorker
queue_namespace :incident_management
feature_category :incident_management
idempotent!
def perform(alert_id)
return unless alert_id
alert = find_alert(alert_id)
return unless alert
result = create_issue_for(alert)
return if result.success?
log_warning(alert, result)
end
private
def find_alert(alert_id)
AlertManagement::Alert.find_by_id(alert_id)
end
def create_issue_for(alert)
AlertManagement::CreateAlertIssueService
.new(alert, User.alert_bot)
.execute
end
def log_warning(alert, result)
issue_id = result.payload[:issue]&.id
Gitlab::AppLogger.warn(
message: 'Cannot process an Incident',
issue_id: issue_id,
alert_id: alert.id,
errors: result.message
)
end
end
end

5
changelogs/unreleased/msj-integrations-top-page.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Review and revise project integration descriptions
merge_request: 60510
author:
type: other

5
changelogs/unreleased/yogi-question-o-admin-user-stats.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Update to question-o from question icon in user stats
merge_request: 59135
author: Yogi (@yo)
type: changed

5
doc/administration/audit_events.md
View File

@ -157,6 +157,11 @@ on adding these events into GitLab:
- [Group settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/475)
- [Instance-level settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/476)
Don't see the event you want in any of the epics linked above? You can use the **Audit Event
Proposal** issue template to
[create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Audit%20Event%20Proposal)
to request it.
### Disabled events
#### Repository push

6
doc/administration/repository_storage_types.md
View File

@ -131,7 +131,7 @@ forks use the object pool for shared objects. For more information, see
[How Git object deduplication works in GitLab](../development/git_object_deduplication.md).
Objects are moved from the source project to the object pool when housekeeping is run on the source
project. Object pool repositories are stored similarly to regular repositories:
project. Object pool repositories are stored similarly to regular repositories in a directory called `@pools` instead of `@hashed`
```ruby
# object pool paths
@ -139,8 +139,8 @@ project. Object pool repositories are stored similarly to regular repositories:
```
WARNING:
Do not run `git prune` or `git gc` in object pool repositories. This can cause data loss in the
regular repositories that depend on the object pool.
Do not run `git prune` or `git gc` in object pool repositories, which are stored in the `@pools` directory.
This can cause data loss in the regular repositories that depend on the object pool.
### Object storage support

10
doc/development/git_object_deduplication.md
View File

@ -35,9 +35,9 @@ to work, it is of course critical that **no objects ever get deleted from
B** because A might need them.
WARNING:
Do not run `git prune` or `git gc` in pool repositories! This can
cause data loss in "real" repositories that depend on the pool in
question.
Do not run `git prune` or `git gc` in object pool repositories, which are
stored in the `@pools` directory. This can cause data loss in the regular
repositories that depend on the object pool.
The danger lies in `git prune`, and `git gc` calls `git prune`. The
problem is that `git prune`, when running in a pool repository, cannot
@ -45,8 +45,8 @@ reliable decide if an object is no longer needed.
### Git alternates in GitLab: pool repositories
GitLab organizes this object borrowing by creating special **pool
repositories** which are hidden from the user. We then use Git
GitLab organizes this object borrowing by [creating special **pool
repositories**](../administration/repository_storage_types.md) which are hidden from the user. We then use Git
alternates to let a collection of project repositories borrow from a
single pool repository. We call such a collection of project
repositories a pool. Pools form star-shaped networks of repositories

2
doc/development/integrations/secure.md
View File

@ -548,7 +548,7 @@ of the available SAST Analyzers and what data is currently available.
The `remediations` field of the report is an array of remediation objects.
Each remediation describes a patch that can be applied to
[automatically fix](../../user/application_security/#apply-an-automatic-remediation-for-a-vulnerability)
[automatically fix](../../user/application_security/vulnerabilities/index.md#remediate-a-vulnerability-automatically)
a set of vulnerabilities.
Here is an example of a report that contains remediations.

2
doc/development/integrations/secure_partner_integration.md
View File

@ -101,7 +101,7 @@ and complete an integration with the Secure stage.
- Users can interact with the findings from your artifact within their workflow. They can dismiss the findings or accept them and create a backlog issue.
- To automatically create issues without user interaction, use the [issue API](../../api/issues.md).
1. Optional: Provide auto-remediation steps:
- If you specified `remediations` in your artifact, it is proposed through our [automatic remediation](../../user/application_security/index.md#apply-an-automatic-remediation-for-a-vulnerability)
- If you specified `remediations` in your artifact, it is proposed through our [automatic remediation](../../user/application_security/vulnerabilities/index.md#remediate-a-vulnerability-automatically)
interface.
1. Demo the integration to GitLab:
- After you have tested and are ready to demo your integration please

2
doc/user/application_security/api_fuzzing/index.md
View File

@ -996,7 +996,7 @@ pipelines. For more information, see the [Security Dashboard documentation](../s
Fuzzing faults show up as vulnerabilities with a severity of Unknown.
Once a fault is found, you can interact with it. Read more on how to
[address the vulnerabilities](../index.md#addressing-vulnerabilities).
[address the vulnerabilities](../vulnerabilities/index.md).
## Handling False Positives

4
doc/user/application_security/container_scanning/index.md
View File

@ -694,7 +694,7 @@ If you're using Klar and want more information about the vulnerabilities databas
## Interacting with the vulnerabilities
After a vulnerability is found, you can [address it](../index.md#addressing-vulnerabilities).
After a vulnerability is found, you can [address it](../vulnerabilities/index.md).
## Solutions for vulnerabilities (auto-remediation)
@ -708,7 +708,7 @@ file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/runners/README.m
your `.gitlab-ci.yml` file by following the instructions described in this document's
[overriding the container scanning template](#overriding-the-container-scanning-template) section.
Read more about the [solutions for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability).
Read more about the [solutions for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically).
## Troubleshooting

2
doc/user/application_security/coverage_fuzzing/index.md
View File

@ -237,7 +237,7 @@ The `covfuzz-ci.yml` is the same as that in the [original synchronous example](h
## Interacting with the vulnerabilities
After a vulnerability is found, you can [address it](../index.md#addressing-vulnerabilities).
After a vulnerability is found, you can [address it](../vulnerabilities/index.md).
The merge request widget lists the vulnerability and contains a button for downloading the fuzzing
artifacts. By clicking one of the detected vulnerabilities, you can see its details.

4
doc/user/application_security/dependency_scanning/index.md
View File

@ -228,13 +228,13 @@ Read more on [how to use private Maven repositories](../index.md#using-private-m
## Interacting with the vulnerabilities
Once a vulnerability is found, you can interact with it. Read more on how to
[address the vulnerabilities](../index.md#addressing-vulnerabilities).
[address the vulnerabilities](../vulnerabilities/index.md).
## Solutions for vulnerabilities (auto-remediation)
Some vulnerabilities can be fixed by applying the solution that GitLab
automatically generates. Read more about the
[solutions for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability).
[solutions for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically).
## Security Dashboard

93
doc/user/application_security/index.md
View File

@ -119,99 +119,6 @@ reports are available to download. To download a report, click on the
![Security widget](img/security_widget_v13_7.png)
## Addressing vulnerabilities
> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.8.
For each security vulnerability in a merge request or [Vulnerability Report](vulnerability_report/index.md),
you can:
- [Dismiss the vulnerability](#dismiss-a-vulnerability).
- Create a [confidential](../project/issues/confidential_issues.md)
[issue](vulnerabilities/index.md#create-a-gitlab-issue-for-a-vulnerability).
- Apply an [automatically remediation](#apply-an-automatic-remediation-for-a-vulnerability).
### Dismiss a vulnerability
> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0, a dismissal reason.
You can dismiss a vulnerability for the entire project.
1. Select the vulnerability in the Security Dashboard.
1. In the top-right, from the **Status** selector menu, select **Dismissed**.
1. Optional. Add a reason for the dismissal and select **Save comment**.
To undo this action, select a different status from the same menu.
#### Dismiss multiple vulnerabilities
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
You can dismiss multiple vulnerabilities at once.
1. In the list of vulnerabilities, select the checkbox for each vulnerability you want to dismiss.
To select all, select the checkbox in the table header.
1. Above the table, select a dismissal reason.
1. Select **Dismiss Selected**.
### Create an issue for a vulnerability
You can create a GitLab or Jira issue for a vulnerability. For details, see [Vulnerability Pages](vulnerabilities/index.md).
#### Link to an existing issue
If you already have an open issue, you can link to it from the vulnerability.
- The vulnerability page shows related issues, but the issue page doesn't show the vulnerability it's related to.
- An issue can only be related to one vulnerability at a time.
- Issues can be linked across groups and projects.
To link to an existing issue:
1. Open the vulnerability.
1. [Add a linked issue](../project/issues/related_issues.md).
### Apply an automatic remediation for a vulnerability
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.7.
Some vulnerabilities can be fixed by applying the solution that GitLab automatically generates.
The following scanners are supported:
- [Dependency Scanning](dependency_scanning/index.md).
Automatic Patch creation is only available for Node.js projects managed with
`yarn`.
- [Container Scanning](container_scanning/index.md).
#### Manually apply the suggested patch
To manually apply the patch that GitLab generated for a vulnerability:
1. Select the **Resolve with merge request** dropdown, then select **Download patch to resolve**:
![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png)
1. Ensure your local project has the same commit checked out that was used to generate the patch.
1. Run `git apply remediation.patch`.
1. Verify and commit the changes to your branch.
#### Create a merge request with the suggested patch
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9.
In some cases, you can create a merge request that automatically remediates the
vulnerability. Any vulnerability that has a
[solution](#apply-an-automatic-remediation-for-a-vulnerability) can have a merge
request created to automatically solve the issue.
If this action is available:
1. Select the **Resolve with merge request** dropdown, then select **Resolve with merge request**.
![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png)
A merge request is created. It that applies the solution to the source branch.
## Security approvals in merge requests
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.2.

4
doc/user/application_security/offline_deployments/index.md
View File

@ -59,14 +59,14 @@ mirroring the packages inside your own offline network.
### Interacting with the vulnerabilities
Once a vulnerability is found, you can interact with it. Read more on how to
[address the vulnerabilities](../index.md#addressing-vulnerabilities).
[address the vulnerabilities](../vulnerabilities/index.md).
Please note that in some cases the reported vulnerabilities provide metadata that can contain
external links exposed in the UI. These links might not be accessible within an offline environment.
### Automatic remediation for vulnerabilities
The [automatic remediation for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability) feature is available for offline Dependency Scanning and Container Scanning, but may not work
The [automatic remediation for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically) feature is available for offline Dependency Scanning and Container Scanning, but may not work
depending on your instance's configuration. We can only suggest solutions, which are generally more
current versions that have been patched, when we are able to access up-to-date registry services
hosting the latest versions of that dependency or image.

20
doc/user/application_security/sast/index.md
View File

@ -134,16 +134,16 @@ All open source (OSS) analyzers have been moved to the GitLab Free tier as of Gi
Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/),
as shown in the following table:
| Capability | In Free | In Ultimate |
|:-------------------------------------------------------------------------------------------------------------|:--------------------|:-------------------|
| [Configure SAST Scanners](#configuration) | **{check-circle}** | **{check-circle}** |
| [Customize SAST Settings](#customizing-the-sast-settings) | **{check-circle}** | **{check-circle}** |
| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
| Presentation of JSON Report in Merge Request | **{dotted-circle}** | **{check-circle}** |
| [Address vulnerabilities](../../application_security/index.md#addressing-vulnerabilities) | **{dotted-circle}** | **{check-circle}** |
| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** |
| [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** |
| Capability | In Free | In Ultimate |
|:---------------------------------------------------------------------------------------|:--------------------|:-------------------|
| [Configure SAST Scanners](#configuration) | **{check-circle}** | **{check-circle}** |
| [Customize SAST Settings](#customizing-the-sast-settings) | **{check-circle}** | **{check-circle}** |
| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** |
| Presentation of JSON Report in Merge Request | **{dotted-circle}** | **{check-circle}** |
| [Address vulnerabilities](../../application_security/vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** |
| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** |
| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** |
| [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** |
## Contribute your scanner

2
doc/user/application_security/security_dashboard/index.md
View File

@ -211,4 +211,4 @@ Each scenario can be a third-level heading, e.g. `### Getting error message X`.
If you have none to add when creating a doc, leave this section in place
but commented out to help encourage others to add to it in the future. -->
Read more on how to [address the vulnerabilities](../index.md#addressing-vulnerabilities).
Read more on how to [address the vulnerabilities](../vulnerabilities/index.md).

0
doc/user/application_security/img/create_mr_from_vulnerability_v13_4.png → doc/user/application_security/vulnerabilities/img/create_mr_from_vulnerability_v13_4.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

63
doc/user/application_security/vulnerabilities/index.md
View File

@ -12,7 +12,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
Each security vulnerability in a project's [Vulnerability Report](../vulnerability_report/index.md) has an individual page which includes:
- Details of the vulnerability.
- The status of the vulnerability within the project.
- The status of the vulnerability in the project.
- Available actions for the vulnerability.
- Any issues related to the vulnerability.
@ -21,8 +21,10 @@ On the vulnerability's page, you can:
- [Change the vulnerability's status](#change-vulnerability-status).
- [Create an issue](#create-an-issue-for-a-vulnerability).
- [Link issues to the vulnerability](#link-gitlab-issues-to-the-vulnerability).
- [Automatically remediate the vulnerability](#automatically-remediate-the-vulnerability), if an
- [Remediate a vulnerability automatically](#remediate-a-vulnerability-automatically), if an
automatic solution is available.
- [Remediate a vulnerability manually](#remediate-a-vulnerability-manually), if a solution is
available.
## Change vulnerability status
@ -60,7 +62,7 @@ To create a GitLab issue for a vulnerability:
1. In GitLab, go to the vulnerability's page.
1. Select **Create issue**.
An issue is created in the project, prepopulated with information from the vulnerability report.
An issue is created in the project, pre-populated with information from the vulnerability report.
The issue is then opened so you can take further action.
### Create a Jira issue for a vulnerability
@ -120,10 +122,59 @@ that the resolution of one issue would resolve multiple vulnerabilities.
Linked issues are shown in the Vulnerability Report and the vulnerability's page.
## Automatically remediate the vulnerability
## Link to an existing issue
You can fix some vulnerabilities by applying the solution that GitLab automatically
generates for you. [Read more about the automatic remediation for vulnerabilities feature](../index.md#apply-an-automatic-remediation-for-a-vulnerability).
If you already have an open issue, you can link to it from the vulnerability.
- The vulnerability page shows related issues, but the issue page doesn't show the vulnerability it's related to.
- An issue can only be related to one vulnerability at a time.
- Issues can be linked across groups and projects.
To link to an existing issue:
1. Open the vulnerability.
1. [Add a linked issue](../../project/issues/related_issues.md).
## Remediate a vulnerability automatically
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.7.
Some vulnerabilities can be fixed by applying the solution that GitLab automatically generates.
The following scanners are supported:
- [Dependency Scanning](../dependency_scanning/index.md).
Automatic Patch creation is only available for Node.js projects managed with
`yarn`.
- [Container Scanning](../container_scanning/index.md).
### Remediate a vulnerability manually
To manually apply the patch that GitLab generated for a vulnerability:
1. Select the **Resolve with merge request** dropdown, then select **Download patch to resolve**:
![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png)
1. Ensure your local project has the same commit checked out that was used to generate the patch.
1. Run `git apply remediation.patch`.
1. Verify and commit the changes to your branch.
### Create a merge request with the suggested patch
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9.
In some cases, you can create a merge request that automatically remediates the
vulnerability. Any vulnerability that has a
[solution](#remediate-a-vulnerability-automatically) can have a merge
request created to automatically solve the issue.
If this action is available:
1. Select the **Resolve with merge request** dropdown, then select **Resolve with merge request**.
![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png)
A merge request is created. It applies the solution to the source branch.
## Vulnerability scanner maintenance

23
doc/user/application_security/vulnerability_report/index.md
View File

@ -162,3 +162,26 @@ computer.
NOTE:
It may take several minutes for the download to start if your project contains
thousands of vulnerabilities. Don't close the page until the download finishes.
## Dismiss a vulnerability
> The option of adding a dismissal reason was introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0.
You can dismiss a vulnerability for the entire project:
1. Select the vulnerability in the Security Dashboard.
1. In the top-right, from the **Status** selector menu, select **Dismissed**.
1. Optional. Add a reason for the dismissal and select **Save comment**.
To undo this action, select a different status from the same menu.
### Dismiss multiple vulnerabilities
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9.
You can dismiss multiple vulnerabilities at once:
1. In the list of vulnerabilities, select the checkbox for each vulnerability you want to dismiss.
To select all, select the checkbox in the table header.
1. Above the table, select a dismissal reason.
1. Select **Dismiss Selected**.

39
locale/gitlab.pot
View File

@ -4349,7 +4349,7 @@ msgstr ""
msgid "AsanaService|%{user} pushed to branch %{branch} of %{project_name} ( %{commit_url} ):"
msgstr ""
msgid "AsanaService|Add commit messages as comments to Asana tasks"
msgid "AsanaService|Add commit messages as comments to Asana tasks."
msgstr ""
msgid "AsanaService|Comma-separated list of branches to be automatically inspected. Leave blank to include all branches."
@ -17478,6 +17478,9 @@ msgstr ""
msgid "Integrations|Default settings are inherited from the instance level."
msgstr ""
msgid "Integrations|Enable GitLab.com slash commands in a Slack workspace."
msgstr ""
msgid "Integrations|Enable comments"
msgstr ""
@ -17547,6 +17550,9 @@ msgstr ""
msgid "Integrations|Search Jira issues"
msgstr ""
msgid "Integrations|Send notifications about project events to Unify Circuit."
msgstr ""
msgid "Integrations|Sign in to add namespaces"
msgstr ""
@ -17559,7 +17565,7 @@ msgstr ""
msgid "Integrations|To keep this project going, create a new issue."
msgstr ""
msgid "Integrations|Update your projects on Packagist, the main Composer repository"
msgid "Integrations|Update your Packagist projects."
msgstr ""
msgid "Integrations|Use custom settings"
@ -17568,9 +17574,6 @@ msgstr ""
msgid "Integrations|Use default settings"
msgstr ""
msgid "Integrations|Use the GitLab Slack application"
msgstr ""
msgid "Integrations|When a Jira issue is mentioned in a commit or merge request a remote link and comment (if enabled) is created."
msgstr ""
@ -18105,10 +18108,10 @@ msgstr ""
msgid "IssueTracker|Use IBM Engineering Workflow Management as this project's issue tracker. %{docs_link}"
msgstr ""
msgid "IssueTracker|Use Redmine as the issue tracker."
msgid "IssueTracker|Use Redmine as the issue tracker. %{docs_link}"
msgstr ""
msgid "IssueTracker|Use Redmine as the issue tracker. %{docs_link}"
msgid "IssueTracker|Use Redmine as this project's issue tracker."
msgstr ""
msgid "IssueTracker|Use YouTrack as this project's issue tracker."
@ -18117,10 +18120,10 @@ msgstr ""
msgid "IssueTracker|Use YouTrack as this project's issue tracker. %{docs_link}"
msgstr ""
msgid "IssueTracker|Use a custom issue tracker that is not in the integration list. %{docs_link}"
msgid "IssueTracker|Use a custom issue tracker as this project's issue tracker."
msgstr ""
msgid "IssueTracker|Use a custom issue tracker."
msgid "IssueTracker|Use a custom issue tracker that is not in the integration list. %{docs_link}"
msgstr ""
msgid "Issues"
@ -18411,15 +18414,15 @@ msgstr ""
msgid "JiraService|This issue is synchronized with Jira"
msgstr ""
msgid "JiraService|Track issues in Jira"
msgstr ""
msgid "JiraService|Transition Jira issues to their final state:"
msgstr ""
msgid "JiraService|Upgrade your plan to enable this feature of the Jira Integration."
msgstr ""
msgid "JiraService|Use Jira as this project's issue tracker."
msgstr ""
msgid "JiraService|Use a password for server version and an API token for cloud version."
msgstr ""
@ -23998,15 +24001,15 @@ msgstr ""
msgid "Pipeline|with stages"
msgstr ""
msgid "PivotalTrackerService|Add commit messages as comments to PivotalTracker stories."
msgstr ""
msgid "PivotalTrackerService|Comma-separated list of branches which will be automatically inspected. Leave blank to include all branches."
msgstr ""
msgid "PivotalTrackerService|Pivotal Tracker API token."
msgstr ""
msgid "PivotalTrackerService|Project Management Software (Source Commits Endpoint)"
msgstr ""
msgid "Plain diff"
msgstr ""
@ -26350,6 +26353,9 @@ msgstr ""
msgid "PushoverService|%{user_name} pushed new branch \"%{ref}\"."
msgstr ""
msgid "PushoverService|Get real-time notifications on your device."
msgstr ""
msgid "PushoverService|High Priority"
msgstr ""
@ -26365,9 +26371,6 @@ msgstr ""
msgid "PushoverService|Normal Priority"
msgstr ""
msgid "PushoverService|Pushover makes it easy to get real-time notifications on your Android device, iPhone, iPad, and Desktop."
msgstr ""
msgid "PushoverService|See project %{project_full_name}"
msgstr ""

6
spec/support/shared_examples/services/alert_management/alert_processing/incident_creation_shared_examples.rb
View File

@ -25,9 +25,9 @@ RSpec.shared_examples 'processes incident issues' do |with_issue: false|
end
specify do
expect(IncidentManagement::ProcessAlertWorker)
expect(IncidentManagement::ProcessAlertWorkerV2)
.to receive(:perform_async)
.with(nil, nil, kind_of(Integer))
.with(kind_of(Integer))
Sidekiq::Testing.inline! do
expect(subject).to be_success
@ -45,7 +45,7 @@ end
RSpec.shared_examples 'does not process incident issues' do
specify do
expect(IncidentManagement::ProcessAlertWorker).not_to receive(:perform_async)
expect(IncidentManagement::ProcessAlertWorkerV2).not_to receive(:perform_async)
subject
end

96
spec/workers/incident_management/process_alert_worker_v2_spec.rb Normal file
View File

@ -0,0 +1,96 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe IncidentManagement::ProcessAlertWorkerV2 do
let_it_be(:project) { create(:project) }
let_it_be(:settings) { create(:project_incident_management_setting, project: project, create_issue: true) }
describe '#perform' do
let_it_be(:started_at) { Time.now.rfc3339 }
let_it_be(:payload) { { 'title' => 'title', 'start_time' => started_at } }
let_it_be(:alert) { create(:alert_management_alert, project: project, payload: payload, started_at: started_at) }
let(:created_issue) { Issue.last! }
subject(:perform_worker) { described_class.new.perform(alert.id) }
before do
allow(Gitlab::AppLogger).to receive(:warn).and_call_original
allow(AlertManagement::CreateAlertIssueService)
.to receive(:new).with(alert, User.alert_bot)
.and_call_original
end
shared_examples 'creates issue successfully' do
it 'creates an issue' do
expect(AlertManagement::CreateAlertIssueService)
.to receive(:new).with(alert, User.alert_bot)
expect { perform_worker }.to change { Issue.count }.by(1)
end
it 'updates AlertManagement::Alert#issue_id' do
perform_worker
expect(alert.reload.issue_id).to eq(created_issue.id)
end
it 'does not write a warning to log' do
perform_worker
expect(Gitlab::AppLogger).not_to have_received(:warn)
end
it_behaves_like 'an idempotent worker' do
let(:job_args) { [alert.id] }
it 'does not create a second issue' do
expect { perform_worker }.to change { Issue.count }.by(1)
end
end
end
context 'with valid alert' do
it_behaves_like 'creates issue successfully'
context 'when alert cannot be updated' do
let_it_be(:alert) { create(:alert_management_alert, :with_validation_errors, project: project, payload: payload) }
it 'updates AlertManagement::Alert#issue_id' do
expect { perform_worker }.not_to change { alert.reload.issue_id }
end
it 'logs a warning' do
perform_worker
expect(Gitlab::AppLogger).to have_received(:warn).with(
message: 'Cannot process an Incident',
issue_id: created_issue.id,
alert_id: alert.id,
errors: 'Hosts hosts array is over 255 chars'
)
end
end
context 'prometheus alert' do
let_it_be(:alert) { create(:alert_management_alert, :prometheus, project: project, started_at: started_at) }
it_behaves_like 'creates issue successfully'
end
end
context 'with invalid alert' do
let(:invalid_alert_id) { non_existing_record_id }
subject(:perform_worker) { described_class.new.perform(invalid_alert_id) }
it 'does not create issues' do
expect(AlertManagement::CreateAlertIssueService).not_to receive(:new)
expect { perform_worker }.not_to change { Issue.count }
end
end
end
end