diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index ec64ca5f5ae..25fad78ed09 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -e0c4194d510e4fa60fbdc026d3734b462c2a6220 +8128ec05cf75d8af4f0b4e422106cef4adf9b3a4 diff --git a/app/models/project_services/asana_service.rb b/app/models/project_services/asana_service.rb index cd8e92f183c..7e11e43170c 100644 --- a/app/models/project_services/asana_service.rb +++ b/app/models/project_services/asana_service.rb @@ -13,7 +13,7 @@ class AsanaService < Service end def description - s_('AsanaService|Add commit messages as comments to Asana tasks') + s_('AsanaService|Add commit messages as comments to Asana tasks.') end def help diff --git a/app/models/project_services/buildkite_service.rb b/app/models/project_services/buildkite_service.rb index 53bb7b47b41..f2ea5066e37 100644 --- a/app/models/project_services/buildkite_service.rb +++ b/app/models/project_services/buildkite_service.rb @@ -68,7 +68,7 @@ class BuildkiteService < CiService end def description - 'Buildkite is a platform for running fast, secure, and scalable continuous integration pipelines on your own infrastructure' + 'Run CI/CD pipelines with Buildkite.' end def self.to_param diff --git a/app/models/project_services/campfire_service.rb b/app/models/project_services/campfire_service.rb index ad26e42a21b..9b3aed9e0f7 100644 --- a/app/models/project_services/campfire_service.rb +++ b/app/models/project_services/campfire_service.rb @@ -9,7 +9,7 @@ class CampfireService < Service end def description - 'Simple web-based real-time group chat' + 'Send notifications about push events to Campfire chat rooms.' end def self.to_param diff --git a/app/models/project_services/custom_issue_tracker_service.rb b/app/models/project_services/custom_issue_tracker_service.rb index b510df13ecb..6f99d104904 100644 --- a/app/models/project_services/custom_issue_tracker_service.rb +++ b/app/models/project_services/custom_issue_tracker_service.rb @@ -9,7 +9,7 @@ class CustomIssueTrackerService < IssueTrackerService end def description - s_('IssueTracker|Use a custom issue tracker.') + s_("IssueTracker|Use a custom issue tracker as this project's issue tracker.") end def help diff --git a/app/models/project_services/irker_service.rb b/app/models/project_services/irker_service.rb index 07b8b554ec0..9c59a788b82 100644 --- a/app/models/project_services/irker_service.rb +++ b/app/models/project_services/irker_service.rb @@ -15,8 +15,7 @@ class IrkerService < Service end def description - 'Send IRC messages, on update, to a list of recipients through an Irker '\ - 'gateway.' + 'Send IRC messages.' end def self.to_param diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb index 7d8019d7027..5c4b1564914 100644 --- a/app/models/project_services/jira_service.rb +++ b/app/models/project_services/jira_service.rb @@ -116,7 +116,7 @@ class JiraService < IssueTrackerService end def description - s_('JiraService|Track issues in Jira') + s_("JiraService|Use Jira as this project's issue tracker.") end def self.to_param diff --git a/app/models/project_services/microsoft_teams_service.rb b/app/models/project_services/microsoft_teams_service.rb index 803c1255195..1d2067067da 100644 --- a/app/models/project_services/microsoft_teams_service.rb +++ b/app/models/project_services/microsoft_teams_service.rb @@ -6,7 +6,7 @@ class MicrosoftTeamsService < ChatNotificationService end def description - 'Receive event notifications in Microsoft Teams' + 'Send notifications about project events to Microsoft Teams.' end def self.to_param diff --git a/app/models/project_services/packagist_service.rb b/app/models/project_services/packagist_service.rb index 21f0a2b2463..12ef64edeed 100644 --- a/app/models/project_services/packagist_service.rb +++ b/app/models/project_services/packagist_service.rb @@ -16,7 +16,7 @@ class PackagistService < Service end def description - s_('Integrations|Update your projects on Packagist, the main Composer repository') + s_('Integrations|Update your Packagist projects.') end def self.to_param diff --git a/app/models/project_services/pivotaltracker_service.rb b/app/models/project_services/pivotaltracker_service.rb index d3fff100964..466e7ba69d3 100644 --- a/app/models/project_services/pivotaltracker_service.rb +++ b/app/models/project_services/pivotaltracker_service.rb @@ -11,7 +11,7 @@ class PivotaltrackerService < Service end def description - s_('PivotalTrackerService|Project Management Software (Source Commits Endpoint)') + s_('PivotalTrackerService|Add commit messages as comments to PivotalTracker stories.') end def self.to_param diff --git a/app/models/project_services/pushover_service.rb b/app/models/project_services/pushover_service.rb index 1781ec7456d..62c0ed38b76 100644 --- a/app/models/project_services/pushover_service.rb +++ b/app/models/project_services/pushover_service.rb @@ -11,7 +11,7 @@ class PushoverService < Service end def description - s_('PushoverService|Pushover makes it easy to get real-time notifications on your Android device, iPhone, iPad, and Desktop.') + s_('PushoverService|Get real-time notifications on your device.') end def self.to_param diff --git a/app/models/project_services/redmine_service.rb b/app/models/project_services/redmine_service.rb index 26a6cf86bf4..7a0f500209c 100644 --- a/app/models/project_services/redmine_service.rb +++ b/app/models/project_services/redmine_service.rb @@ -9,7 +9,7 @@ class RedmineService < IssueTrackerService end def description - s_('IssueTracker|Use Redmine as the issue tracker.') + s_("IssueTracker|Use Redmine as this project's issue tracker.") end def help diff --git a/app/models/project_services/unify_circuit_service.rb b/app/models/project_services/unify_circuit_service.rb index 1a0eebe7d64..5f43388e1c9 100644 --- a/app/models/project_services/unify_circuit_service.rb +++ b/app/models/project_services/unify_circuit_service.rb @@ -6,7 +6,7 @@ class UnifyCircuitService < ChatNotificationService end def description - 'Receive event notifications in Unify Circuit' + s_('Integrations|Send notifications about project events to Unify Circuit.') end def self.to_param diff --git a/app/services/concerns/alert_management/alert_processing.rb b/app/services/concerns/alert_management/alert_processing.rb index 7b6f681fe3e..d6403181f86 100644 --- a/app/services/concerns/alert_management/alert_processing.rb +++ b/app/services/concerns/alert_management/alert_processing.rb @@ -88,7 +88,7 @@ module AlertManagement def process_incident_issues return if alert.issue || alert.resolved? - ::IncidentManagement::ProcessAlertWorker.perform_async(nil, nil, alert.id) + ::IncidentManagement::ProcessAlertWorkerV2.perform_async(alert.id) end def send_alert_email diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml index dc34b879308..f663bab950c 100644 --- a/app/workers/all_queues.yml +++ b/app/workers/all_queues.yml @@ -1056,6 +1056,15 @@ :weight: 2 :idempotent: :tags: [] +- :name: incident_management:incident_management_process_alert_worker_v2 + :worker_name: IncidentManagement::ProcessAlertWorkerV2 + :feature_category: :incident_management + :has_external_dependencies: + :urgency: :low + :resource_boundary: :unknown + :weight: 2 + :idempotent: true + :tags: [] - :name: incident_management:incident_management_process_prometheus_alert :worker_name: IncidentManagement::ProcessPrometheusAlertWorker :feature_category: :incident_management diff --git a/app/workers/incident_management/process_alert_worker.rb b/app/workers/incident_management/process_alert_worker.rb index 59464b81d1b..c848c67241e 100644 --- a/app/workers/incident_management/process_alert_worker.rb +++ b/app/workers/incident_management/process_alert_worker.rb @@ -10,6 +10,12 @@ module IncidentManagement # `project_id` and `alert_payload` are deprecated and can be removed # starting from 14.0 release # https://gitlab.com/gitlab-org/gitlab/-/issues/224500 + # + # This worker is not scheduled anymore since + # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60285 + # and will be removed completely via + # https://gitlab.com/gitlab-org/gitlab/-/issues/224500 + # in 14.0. def perform(_project_id = nil, _alert_payload = nil, alert_id = nil) return unless alert_id diff --git a/app/workers/incident_management/process_alert_worker_v2.rb b/app/workers/incident_management/process_alert_worker_v2.rb new file mode 100644 index 00000000000..04bf6970578 --- /dev/null +++ b/app/workers/incident_management/process_alert_worker_v2.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +module IncidentManagement + class ProcessAlertWorkerV2 # rubocop:disable Scalability/IdempotentWorker + include ApplicationWorker + + queue_namespace :incident_management + feature_category :incident_management + + idempotent! + + def perform(alert_id) + return unless alert_id + + alert = find_alert(alert_id) + return unless alert + + result = create_issue_for(alert) + return if result.success? + + log_warning(alert, result) + end + + private + + def find_alert(alert_id) + AlertManagement::Alert.find_by_id(alert_id) + end + + def create_issue_for(alert) + AlertManagement::CreateAlertIssueService + .new(alert, User.alert_bot) + .execute + end + + def log_warning(alert, result) + issue_id = result.payload[:issue]&.id + + Gitlab::AppLogger.warn( + message: 'Cannot process an Incident', + issue_id: issue_id, + alert_id: alert.id, + errors: result.message + ) + end + end +end diff --git a/changelogs/unreleased/msj-integrations-top-page.yml b/changelogs/unreleased/msj-integrations-top-page.yml new file mode 100644 index 00000000000..6a1a3a171c3 --- /dev/null +++ b/changelogs/unreleased/msj-integrations-top-page.yml @@ -0,0 +1,5 @@ +--- +title: Review and revise project integration descriptions +merge_request: 60510 +author: +type: other diff --git a/changelogs/unreleased/yogi-question-o-admin-user-stats.yml b/changelogs/unreleased/yogi-question-o-admin-user-stats.yml new file mode 100644 index 00000000000..5a0aa480753 --- /dev/null +++ b/changelogs/unreleased/yogi-question-o-admin-user-stats.yml @@ -0,0 +1,5 @@ +--- +title: Update to question-o from question icon in user stats +merge_request: 59135 +author: Yogi (@yo) +type: changed diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index 9aa533d54f6..7e199904a8b 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -157,6 +157,11 @@ on adding these events into GitLab: - [Group settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/475) - [Instance-level settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/476) +Don't see the event you want in any of the epics linked above? You can use the **Audit Event +Proposal** issue template to +[create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Audit%20Event%20Proposal) +to request it. + ### Disabled events #### Repository push diff --git a/doc/administration/repository_storage_types.md b/doc/administration/repository_storage_types.md index 29e31fcb6ef..21bb11226ce 100644 --- a/doc/administration/repository_storage_types.md +++ b/doc/administration/repository_storage_types.md @@ -131,7 +131,7 @@ forks use the object pool for shared objects. For more information, see [How Git object deduplication works in GitLab](../development/git_object_deduplication.md). Objects are moved from the source project to the object pool when housekeeping is run on the source -project. Object pool repositories are stored similarly to regular repositories: +project. Object pool repositories are stored similarly to regular repositories in a directory called `@pools` instead of `@hashed` ```ruby # object pool paths @@ -139,8 +139,8 @@ project. Object pool repositories are stored similarly to regular repositories: ``` WARNING: -Do not run `git prune` or `git gc` in object pool repositories. This can cause data loss in the -regular repositories that depend on the object pool. +Do not run `git prune` or `git gc` in object pool repositories, which are stored in the `@pools` directory. +This can cause data loss in the regular repositories that depend on the object pool. ### Object storage support diff --git a/doc/development/git_object_deduplication.md b/doc/development/git_object_deduplication.md index d9ff88aef60..1607f3e7a12 100644 --- a/doc/development/git_object_deduplication.md +++ b/doc/development/git_object_deduplication.md @@ -35,9 +35,9 @@ to work, it is of course critical that **no objects ever get deleted from B** because A might need them. WARNING: -Do not run `git prune` or `git gc` in pool repositories! This can -cause data loss in "real" repositories that depend on the pool in -question. +Do not run `git prune` or `git gc` in object pool repositories, which are +stored in the `@pools` directory. This can cause data loss in the regular +repositories that depend on the object pool. The danger lies in `git prune`, and `git gc` calls `git prune`. The problem is that `git prune`, when running in a pool repository, cannot @@ -45,8 +45,8 @@ reliable decide if an object is no longer needed. ### Git alternates in GitLab: pool repositories -GitLab organizes this object borrowing by creating special **pool -repositories** which are hidden from the user. We then use Git +GitLab organizes this object borrowing by [creating special **pool +repositories**](../administration/repository_storage_types.md) which are hidden from the user. We then use Git alternates to let a collection of project repositories borrow from a single pool repository. We call such a collection of project repositories a pool. Pools form star-shaped networks of repositories diff --git a/doc/development/integrations/secure.md b/doc/development/integrations/secure.md index ae4e952d063..52d623144c3 100644 --- a/doc/development/integrations/secure.md +++ b/doc/development/integrations/secure.md @@ -548,7 +548,7 @@ of the available SAST Analyzers and what data is currently available. The `remediations` field of the report is an array of remediation objects. Each remediation describes a patch that can be applied to -[automatically fix](../../user/application_security/#apply-an-automatic-remediation-for-a-vulnerability) +[automatically fix](../../user/application_security/vulnerabilities/index.md#remediate-a-vulnerability-automatically) a set of vulnerabilities. Here is an example of a report that contains remediations. diff --git a/doc/development/integrations/secure_partner_integration.md b/doc/development/integrations/secure_partner_integration.md index e02d6cef9a0..fedd424309d 100644 --- a/doc/development/integrations/secure_partner_integration.md +++ b/doc/development/integrations/secure_partner_integration.md @@ -101,7 +101,7 @@ and complete an integration with the Secure stage. - Users can interact with the findings from your artifact within their workflow. They can dismiss the findings or accept them and create a backlog issue. - To automatically create issues without user interaction, use the [issue API](../../api/issues.md). 1. Optional: Provide auto-remediation steps: - - If you specified `remediations` in your artifact, it is proposed through our [automatic remediation](../../user/application_security/index.md#apply-an-automatic-remediation-for-a-vulnerability) + - If you specified `remediations` in your artifact, it is proposed through our [automatic remediation](../../user/application_security/vulnerabilities/index.md#remediate-a-vulnerability-automatically) interface. 1. Demo the integration to GitLab: - After you have tested and are ready to demo your integration please diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md index ecd185221d9..86df0e580d0 100644 --- a/doc/user/application_security/api_fuzzing/index.md +++ b/doc/user/application_security/api_fuzzing/index.md @@ -996,7 +996,7 @@ pipelines. For more information, see the [Security Dashboard documentation](../s Fuzzing faults show up as vulnerabilities with a severity of Unknown. Once a fault is found, you can interact with it. Read more on how to -[address the vulnerabilities](../index.md#addressing-vulnerabilities). +[address the vulnerabilities](../vulnerabilities/index.md). ## Handling False Positives diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index 3ee1da29c2d..9f77a6ab6de 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -694,7 +694,7 @@ If you're using Klar and want more information about the vulnerabilities databas ## Interacting with the vulnerabilities -After a vulnerability is found, you can [address it](../index.md#addressing-vulnerabilities). +After a vulnerability is found, you can [address it](../vulnerabilities/index.md). ## Solutions for vulnerabilities (auto-remediation) @@ -708,7 +708,7 @@ file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/runners/README.m your `.gitlab-ci.yml` file by following the instructions described in this document's [overriding the container scanning template](#overriding-the-container-scanning-template) section. -Read more about the [solutions for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability). +Read more about the [solutions for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically). ## Troubleshooting diff --git a/doc/user/application_security/coverage_fuzzing/index.md b/doc/user/application_security/coverage_fuzzing/index.md index e9097836d83..8b0a84eae4b 100644 --- a/doc/user/application_security/coverage_fuzzing/index.md +++ b/doc/user/application_security/coverage_fuzzing/index.md @@ -237,7 +237,7 @@ The `covfuzz-ci.yml` is the same as that in the [original synchronous example](h ## Interacting with the vulnerabilities -After a vulnerability is found, you can [address it](../index.md#addressing-vulnerabilities). +After a vulnerability is found, you can [address it](../vulnerabilities/index.md). The merge request widget lists the vulnerability and contains a button for downloading the fuzzing artifacts. By clicking one of the detected vulnerabilities, you can see its details. diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index c6f00d1cffd..3349d7ac423 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -228,13 +228,13 @@ Read more on [how to use private Maven repositories](../index.md#using-private-m ## Interacting with the vulnerabilities Once a vulnerability is found, you can interact with it. Read more on how to -[address the vulnerabilities](../index.md#addressing-vulnerabilities). +[address the vulnerabilities](../vulnerabilities/index.md). ## Solutions for vulnerabilities (auto-remediation) Some vulnerabilities can be fixed by applying the solution that GitLab automatically generates. Read more about the -[solutions for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability). +[solutions for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically). ## Security Dashboard diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 45cc89c2208..d188927cd58 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -119,99 +119,6 @@ reports are available to download. To download a report, click on the ![Security widget](img/security_widget_v13_7.png) -## Addressing vulnerabilities - -> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.8. - -For each security vulnerability in a merge request or [Vulnerability Report](vulnerability_report/index.md), -you can: - -- [Dismiss the vulnerability](#dismiss-a-vulnerability). -- Create a [confidential](../project/issues/confidential_issues.md) - [issue](vulnerabilities/index.md#create-a-gitlab-issue-for-a-vulnerability). -- Apply an [automatically remediation](#apply-an-automatic-remediation-for-a-vulnerability). - -### Dismiss a vulnerability - -> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0, a dismissal reason. - -You can dismiss a vulnerability for the entire project. - -1. Select the vulnerability in the Security Dashboard. -1. In the top-right, from the **Status** selector menu, select **Dismissed**. -1. Optional. Add a reason for the dismissal and select **Save comment**. - -To undo this action, select a different status from the same menu. - -#### Dismiss multiple vulnerabilities - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. - -You can dismiss multiple vulnerabilities at once. - -1. In the list of vulnerabilities, select the checkbox for each vulnerability you want to dismiss. - To select all, select the checkbox in the table header. -1. Above the table, select a dismissal reason. -1. Select **Dismiss Selected**. - -### Create an issue for a vulnerability - -You can create a GitLab or Jira issue for a vulnerability. For details, see [Vulnerability Pages](vulnerabilities/index.md). - -#### Link to an existing issue - -If you already have an open issue, you can link to it from the vulnerability. - -- The vulnerability page shows related issues, but the issue page doesn't show the vulnerability it's related to. -- An issue can only be related to one vulnerability at a time. -- Issues can be linked across groups and projects. - -To link to an existing issue: - -1. Open the vulnerability. -1. [Add a linked issue](../project/issues/related_issues.md). - -### Apply an automatic remediation for a vulnerability - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.7. - -Some vulnerabilities can be fixed by applying the solution that GitLab automatically generates. -The following scanners are supported: - -- [Dependency Scanning](dependency_scanning/index.md). - Automatic Patch creation is only available for Node.js projects managed with - `yarn`. -- [Container Scanning](container_scanning/index.md). - -#### Manually apply the suggested patch - -To manually apply the patch that GitLab generated for a vulnerability: - -1. Select the **Resolve with merge request** dropdown, then select **Download patch to resolve**: - - ![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png) - -1. Ensure your local project has the same commit checked out that was used to generate the patch. -1. Run `git apply remediation.patch`. -1. Verify and commit the changes to your branch. - -#### Create a merge request with the suggested patch - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9. - -In some cases, you can create a merge request that automatically remediates the -vulnerability. Any vulnerability that has a -[solution](#apply-an-automatic-remediation-for-a-vulnerability) can have a merge -request created to automatically solve the issue. - -If this action is available: - -1. Select the **Resolve with merge request** dropdown, then select **Resolve with merge request**. - - ![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png) - -A merge request is created. It that applies the solution to the source branch. - ## Security approvals in merge requests > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.2. diff --git a/doc/user/application_security/offline_deployments/index.md b/doc/user/application_security/offline_deployments/index.md index 7c013a2a9de..c9c65e94b32 100644 --- a/doc/user/application_security/offline_deployments/index.md +++ b/doc/user/application_security/offline_deployments/index.md @@ -59,14 +59,14 @@ mirroring the packages inside your own offline network. ### Interacting with the vulnerabilities Once a vulnerability is found, you can interact with it. Read more on how to -[address the vulnerabilities](../index.md#addressing-vulnerabilities). +[address the vulnerabilities](../vulnerabilities/index.md). Please note that in some cases the reported vulnerabilities provide metadata that can contain external links exposed in the UI. These links might not be accessible within an offline environment. ### Automatic remediation for vulnerabilities -The [automatic remediation for vulnerabilities](../index.md#apply-an-automatic-remediation-for-a-vulnerability) feature is available for offline Dependency Scanning and Container Scanning, but may not work +The [automatic remediation for vulnerabilities](../vulnerabilities/index.md#remediate-a-vulnerability-automatically) feature is available for offline Dependency Scanning and Container Scanning, but may not work depending on your instance's configuration. We can only suggest solutions, which are generally more current versions that have been patched, when we are able to access up-to-date registry services hosting the latest versions of that dependency or image. diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index d9b182d0830..fe5a85cf0b0 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -134,16 +134,16 @@ All open source (OSS) analyzers have been moved to the GitLab Free tier as of Gi Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/), as shown in the following table: -| Capability | In Free | In Ultimate | -|:-------------------------------------------------------------------------------------------------------------|:--------------------|:-------------------| -| [Configure SAST Scanners](#configuration) | **{check-circle}** | **{check-circle}** | -| [Customize SAST Settings](#customizing-the-sast-settings) | **{check-circle}** | **{check-circle}** | -| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** | -| Presentation of JSON Report in Merge Request | **{dotted-circle}** | **{check-circle}** | -| [Address vulnerabilities](../../application_security/index.md#addressing-vulnerabilities) | **{dotted-circle}** | **{check-circle}** | -| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | -| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** | -| [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** | +| Capability | In Free | In Ultimate | +|:---------------------------------------------------------------------------------------|:--------------------|:-------------------| +| [Configure SAST Scanners](#configuration) | **{check-circle}** | **{check-circle}** | +| [Customize SAST Settings](#customizing-the-sast-settings) | **{check-circle}** | **{check-circle}** | +| View [JSON Report](#reports-json-format) | **{check-circle}** | **{check-circle}** | +| Presentation of JSON Report in Merge Request | **{dotted-circle}** | **{check-circle}** | +| [Address vulnerabilities](../../application_security/vulnerabilities/index.md) | **{dotted-circle}** | **{check-circle}** | +| [Access to Security Dashboard](../../application_security/security_dashboard/index.md) | **{dotted-circle}** | **{check-circle}** | +| [Configure SAST in the UI](#configure-sast-in-the-ui) | **{dotted-circle}** | **{check-circle}** | +| [Customize SAST Rulesets](#customize-rulesets) | **{dotted-circle}** | **{check-circle}** | ## Contribute your scanner diff --git a/doc/user/application_security/security_dashboard/index.md b/doc/user/application_security/security_dashboard/index.md index 6372bb3702c..6c03a6aea25 100644 --- a/doc/user/application_security/security_dashboard/index.md +++ b/doc/user/application_security/security_dashboard/index.md @@ -211,4 +211,4 @@ Each scenario can be a third-level heading, e.g. `### Getting error message X`. If you have none to add when creating a doc, leave this section in place but commented out to help encourage others to add to it in the future. --> -Read more on how to [address the vulnerabilities](../index.md#addressing-vulnerabilities). +Read more on how to [address the vulnerabilities](../vulnerabilities/index.md). diff --git a/doc/user/application_security/img/create_mr_from_vulnerability_v13_4.png b/doc/user/application_security/vulnerabilities/img/create_mr_from_vulnerability_v13_4.png similarity index 100% rename from doc/user/application_security/img/create_mr_from_vulnerability_v13_4.png rename to doc/user/application_security/vulnerabilities/img/create_mr_from_vulnerability_v13_4.png diff --git a/doc/user/application_security/vulnerabilities/index.md b/doc/user/application_security/vulnerabilities/index.md index 85bb11cd446..b96451fa67d 100644 --- a/doc/user/application_security/vulnerabilities/index.md +++ b/doc/user/application_security/vulnerabilities/index.md @@ -12,7 +12,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w Each security vulnerability in a project's [Vulnerability Report](../vulnerability_report/index.md) has an individual page which includes: - Details of the vulnerability. -- The status of the vulnerability within the project. +- The status of the vulnerability in the project. - Available actions for the vulnerability. - Any issues related to the vulnerability. @@ -21,8 +21,10 @@ On the vulnerability's page, you can: - [Change the vulnerability's status](#change-vulnerability-status). - [Create an issue](#create-an-issue-for-a-vulnerability). - [Link issues to the vulnerability](#link-gitlab-issues-to-the-vulnerability). -- [Automatically remediate the vulnerability](#automatically-remediate-the-vulnerability), if an +- [Remediate a vulnerability automatically](#remediate-a-vulnerability-automatically), if an automatic solution is available. +- [Remediate a vulnerability manually](#remediate-a-vulnerability-manually), if a solution is + available. ## Change vulnerability status @@ -60,7 +62,7 @@ To create a GitLab issue for a vulnerability: 1. In GitLab, go to the vulnerability's page. 1. Select **Create issue**. -An issue is created in the project, prepopulated with information from the vulnerability report. +An issue is created in the project, pre-populated with information from the vulnerability report. The issue is then opened so you can take further action. ### Create a Jira issue for a vulnerability @@ -120,10 +122,59 @@ that the resolution of one issue would resolve multiple vulnerabilities. Linked issues are shown in the Vulnerability Report and the vulnerability's page. -## Automatically remediate the vulnerability +## Link to an existing issue -You can fix some vulnerabilities by applying the solution that GitLab automatically -generates for you. [Read more about the automatic remediation for vulnerabilities feature](../index.md#apply-an-automatic-remediation-for-a-vulnerability). +If you already have an open issue, you can link to it from the vulnerability. + +- The vulnerability page shows related issues, but the issue page doesn't show the vulnerability it's related to. +- An issue can only be related to one vulnerability at a time. +- Issues can be linked across groups and projects. + +To link to an existing issue: + +1. Open the vulnerability. +1. [Add a linked issue](../../project/issues/related_issues.md). + +## Remediate a vulnerability automatically + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.7. + +Some vulnerabilities can be fixed by applying the solution that GitLab automatically generates. +The following scanners are supported: + +- [Dependency Scanning](../dependency_scanning/index.md). + Automatic Patch creation is only available for Node.js projects managed with + `yarn`. +- [Container Scanning](../container_scanning/index.md). + +### Remediate a vulnerability manually + +To manually apply the patch that GitLab generated for a vulnerability: + +1. Select the **Resolve with merge request** dropdown, then select **Download patch to resolve**: + + ![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png) + +1. Ensure your local project has the same commit checked out that was used to generate the patch. +1. Run `git apply remediation.patch`. +1. Verify and commit the changes to your branch. + +### Create a merge request with the suggested patch + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9. + +In some cases, you can create a merge request that automatically remediates the +vulnerability. Any vulnerability that has a +[solution](#remediate-a-vulnerability-automatically) can have a merge +request created to automatically solve the issue. + +If this action is available: + +1. Select the **Resolve with merge request** dropdown, then select **Resolve with merge request**. + + ![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png) + +A merge request is created. It applies the solution to the source branch. ## Vulnerability scanner maintenance diff --git a/doc/user/application_security/vulnerability_report/index.md b/doc/user/application_security/vulnerability_report/index.md index 8f7740f9bfc..012992c8a72 100644 --- a/doc/user/application_security/vulnerability_report/index.md +++ b/doc/user/application_security/vulnerability_report/index.md @@ -162,3 +162,26 @@ computer. NOTE: It may take several minutes for the download to start if your project contains thousands of vulnerabilities. Don't close the page until the download finishes. + +## Dismiss a vulnerability + +> The option of adding a dismissal reason was introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0. + +You can dismiss a vulnerability for the entire project: + +1. Select the vulnerability in the Security Dashboard. +1. In the top-right, from the **Status** selector menu, select **Dismissed**. +1. Optional. Add a reason for the dismissal and select **Save comment**. + +To undo this action, select a different status from the same menu. + +### Dismiss multiple vulnerabilities + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/35816) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. + +You can dismiss multiple vulnerabilities at once: + +1. In the list of vulnerabilities, select the checkbox for each vulnerability you want to dismiss. + To select all, select the checkbox in the table header. +1. Above the table, select a dismissal reason. +1. Select **Dismiss Selected**. diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 67717c94886..76816ee9a5f 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -4349,7 +4349,7 @@ msgstr "" msgid "AsanaService|%{user} pushed to branch %{branch} of %{project_name} ( %{commit_url} ):" msgstr "" -msgid "AsanaService|Add commit messages as comments to Asana tasks" +msgid "AsanaService|Add commit messages as comments to Asana tasks." msgstr "" msgid "AsanaService|Comma-separated list of branches to be automatically inspected. Leave blank to include all branches." @@ -17478,6 +17478,9 @@ msgstr "" msgid "Integrations|Default settings are inherited from the instance level." msgstr "" +msgid "Integrations|Enable GitLab.com slash commands in a Slack workspace." +msgstr "" + msgid "Integrations|Enable comments" msgstr "" @@ -17547,6 +17550,9 @@ msgstr "" msgid "Integrations|Search Jira issues" msgstr "" +msgid "Integrations|Send notifications about project events to Unify Circuit." +msgstr "" + msgid "Integrations|Sign in to add namespaces" msgstr "" @@ -17559,7 +17565,7 @@ msgstr "" msgid "Integrations|To keep this project going, create a new issue." msgstr "" -msgid "Integrations|Update your projects on Packagist, the main Composer repository" +msgid "Integrations|Update your Packagist projects." msgstr "" msgid "Integrations|Use custom settings" @@ -17568,9 +17574,6 @@ msgstr "" msgid "Integrations|Use default settings" msgstr "" -msgid "Integrations|Use the GitLab Slack application" -msgstr "" - msgid "Integrations|When a Jira issue is mentioned in a commit or merge request a remote link and comment (if enabled) is created." msgstr "" @@ -18105,10 +18108,10 @@ msgstr "" msgid "IssueTracker|Use IBM Engineering Workflow Management as this project's issue tracker. %{docs_link}" msgstr "" -msgid "IssueTracker|Use Redmine as the issue tracker." +msgid "IssueTracker|Use Redmine as the issue tracker. %{docs_link}" msgstr "" -msgid "IssueTracker|Use Redmine as the issue tracker. %{docs_link}" +msgid "IssueTracker|Use Redmine as this project's issue tracker." msgstr "" msgid "IssueTracker|Use YouTrack as this project's issue tracker." @@ -18117,10 +18120,10 @@ msgstr "" msgid "IssueTracker|Use YouTrack as this project's issue tracker. %{docs_link}" msgstr "" -msgid "IssueTracker|Use a custom issue tracker that is not in the integration list. %{docs_link}" +msgid "IssueTracker|Use a custom issue tracker as this project's issue tracker." msgstr "" -msgid "IssueTracker|Use a custom issue tracker." +msgid "IssueTracker|Use a custom issue tracker that is not in the integration list. %{docs_link}" msgstr "" msgid "Issues" @@ -18411,15 +18414,15 @@ msgstr "" msgid "JiraService|This issue is synchronized with Jira" msgstr "" -msgid "JiraService|Track issues in Jira" -msgstr "" - msgid "JiraService|Transition Jira issues to their final state:" msgstr "" msgid "JiraService|Upgrade your plan to enable this feature of the Jira Integration." msgstr "" +msgid "JiraService|Use Jira as this project's issue tracker." +msgstr "" + msgid "JiraService|Use a password for server version and an API token for cloud version." msgstr "" @@ -23998,15 +24001,15 @@ msgstr "" msgid "Pipeline|with stages" msgstr "" +msgid "PivotalTrackerService|Add commit messages as comments to PivotalTracker stories." +msgstr "" + msgid "PivotalTrackerService|Comma-separated list of branches which will be automatically inspected. Leave blank to include all branches." msgstr "" msgid "PivotalTrackerService|Pivotal Tracker API token." msgstr "" -msgid "PivotalTrackerService|Project Management Software (Source Commits Endpoint)" -msgstr "" - msgid "Plain diff" msgstr "" @@ -26350,6 +26353,9 @@ msgstr "" msgid "PushoverService|%{user_name} pushed new branch \"%{ref}\"." msgstr "" +msgid "PushoverService|Get real-time notifications on your device." +msgstr "" + msgid "PushoverService|High Priority" msgstr "" @@ -26365,9 +26371,6 @@ msgstr "" msgid "PushoverService|Normal Priority" msgstr "" -msgid "PushoverService|Pushover makes it easy to get real-time notifications on your Android device, iPhone, iPad, and Desktop." -msgstr "" - msgid "PushoverService|See project %{project_full_name}" msgstr "" diff --git a/spec/support/shared_examples/services/alert_management/alert_processing/incident_creation_shared_examples.rb b/spec/support/shared_examples/services/alert_management/alert_processing/incident_creation_shared_examples.rb index 186af49afde..c6ac07b6dd5 100644 --- a/spec/support/shared_examples/services/alert_management/alert_processing/incident_creation_shared_examples.rb +++ b/spec/support/shared_examples/services/alert_management/alert_processing/incident_creation_shared_examples.rb @@ -25,9 +25,9 @@ RSpec.shared_examples 'processes incident issues' do |with_issue: false| end specify do - expect(IncidentManagement::ProcessAlertWorker) + expect(IncidentManagement::ProcessAlertWorkerV2) .to receive(:perform_async) - .with(nil, nil, kind_of(Integer)) + .with(kind_of(Integer)) Sidekiq::Testing.inline! do expect(subject).to be_success @@ -45,7 +45,7 @@ end RSpec.shared_examples 'does not process incident issues' do specify do - expect(IncidentManagement::ProcessAlertWorker).not_to receive(:perform_async) + expect(IncidentManagement::ProcessAlertWorkerV2).not_to receive(:perform_async) subject end diff --git a/spec/workers/incident_management/process_alert_worker_v2_spec.rb b/spec/workers/incident_management/process_alert_worker_v2_spec.rb new file mode 100644 index 00000000000..6cde8b758fa --- /dev/null +++ b/spec/workers/incident_management/process_alert_worker_v2_spec.rb @@ -0,0 +1,96 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe IncidentManagement::ProcessAlertWorkerV2 do + let_it_be(:project) { create(:project) } + let_it_be(:settings) { create(:project_incident_management_setting, project: project, create_issue: true) } + + describe '#perform' do + let_it_be(:started_at) { Time.now.rfc3339 } + let_it_be(:payload) { { 'title' => 'title', 'start_time' => started_at } } + let_it_be(:alert) { create(:alert_management_alert, project: project, payload: payload, started_at: started_at) } + + let(:created_issue) { Issue.last! } + + subject(:perform_worker) { described_class.new.perform(alert.id) } + + before do + allow(Gitlab::AppLogger).to receive(:warn).and_call_original + + allow(AlertManagement::CreateAlertIssueService) + .to receive(:new).with(alert, User.alert_bot) + .and_call_original + end + + shared_examples 'creates issue successfully' do + it 'creates an issue' do + expect(AlertManagement::CreateAlertIssueService) + .to receive(:new).with(alert, User.alert_bot) + + expect { perform_worker }.to change { Issue.count }.by(1) + end + + it 'updates AlertManagement::Alert#issue_id' do + perform_worker + + expect(alert.reload.issue_id).to eq(created_issue.id) + end + + it 'does not write a warning to log' do + perform_worker + + expect(Gitlab::AppLogger).not_to have_received(:warn) + end + + it_behaves_like 'an idempotent worker' do + let(:job_args) { [alert.id] } + + it 'does not create a second issue' do + expect { perform_worker }.to change { Issue.count }.by(1) + end + end + end + + context 'with valid alert' do + it_behaves_like 'creates issue successfully' + + context 'when alert cannot be updated' do + let_it_be(:alert) { create(:alert_management_alert, :with_validation_errors, project: project, payload: payload) } + + it 'updates AlertManagement::Alert#issue_id' do + expect { perform_worker }.not_to change { alert.reload.issue_id } + end + + it 'logs a warning' do + perform_worker + + expect(Gitlab::AppLogger).to have_received(:warn).with( + message: 'Cannot process an Incident', + issue_id: created_issue.id, + alert_id: alert.id, + errors: 'Hosts hosts array is over 255 chars' + ) + end + end + + context 'prometheus alert' do + let_it_be(:alert) { create(:alert_management_alert, :prometheus, project: project, started_at: started_at) } + + it_behaves_like 'creates issue successfully' + end + end + + context 'with invalid alert' do + let(:invalid_alert_id) { non_existing_record_id } + + subject(:perform_worker) { described_class.new.perform(invalid_alert_id) } + + it 'does not create issues' do + expect(AlertManagement::CreateAlertIssueService).not_to receive(:new) + + expect { perform_worker }.not_to change { Issue.count } + end + end + end +end