Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
ed5add1c2f
commit
98692a8dd5
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Improve SAST NO_DIND file detection with proper boundary conditions
|
||||
merge_request: 28036
|
||||
author:
|
||||
type: fixed
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Refactor projects/:id/packages API to supply only necessary params to PackagesFinder
|
||||
merge_request: 29052
|
||||
author: Sashi Kumar
|
||||
type: other
|
|
@ -62,8 +62,8 @@ puts Readline::HISTORY.to_a
|
|||
|
||||
## Using the Rails Runner
|
||||
|
||||
If you need to run some Ruby code in thex context of your GitLab production
|
||||
environment, you can do so using the [Rails Runner](https://guides.rubyonrails.org/command_line.html#rails-runner).
|
||||
If you need to run some Ruby code in the context of your GitLab production
|
||||
environment, you can do so using the [Rails Runner](https://guides.rubyonrails.org/command_line.html#rails-runner). When executing a script file, the script must be accessible by the `git` user.
|
||||
|
||||
**For Omnibus installations**
|
||||
|
||||
|
@ -72,6 +72,9 @@ sudo gitlab-rails runner "RAILS_COMMAND"
|
|||
|
||||
# Example with a two-line Ruby script
|
||||
sudo gitlab-rails runner "user = User.first; puts user.username"
|
||||
|
||||
# Example with a ruby script file
|
||||
sudo gitlab-rails runner /path/to/script.rb
|
||||
```
|
||||
|
||||
**For installations from source**
|
||||
|
@ -81,6 +84,9 @@ sudo -u git -H bundle exec rails runner -e production "RAILS_COMMAND"
|
|||
|
||||
# Example with a two-line Ruby script
|
||||
sudo -u git -H bundle exec rails runner -e production "user = User.first; puts user.username"
|
||||
|
||||
# Example with a ruby script file
|
||||
sudo -u git -H bundle exec rails runner -e production /path/to/script.rb
|
||||
```
|
||||
|
||||
## Mail not working
|
||||
|
|
|
@ -7174,6 +7174,51 @@ type Query {
|
|||
"""
|
||||
visibility: VisibilityScopesEnum
|
||||
): SnippetConnection
|
||||
|
||||
"""
|
||||
Vulnerabilities reported on projects on the current user's instance security dashboard
|
||||
"""
|
||||
vulnerabilities(
|
||||
"""
|
||||
Returns the elements in the list that come after the specified cursor.
|
||||
"""
|
||||
after: String
|
||||
|
||||
"""
|
||||
Returns the elements in the list that come before the specified cursor.
|
||||
"""
|
||||
before: String
|
||||
|
||||
"""
|
||||
Returns the first _n_ elements from the list.
|
||||
"""
|
||||
first: Int
|
||||
|
||||
"""
|
||||
Returns the last _n_ elements from the list.
|
||||
"""
|
||||
last: Int
|
||||
|
||||
"""
|
||||
Filter vulnerabilities by project
|
||||
"""
|
||||
projectId: [ID!]
|
||||
|
||||
"""
|
||||
Filter vulnerabilities by report type
|
||||
"""
|
||||
reportType: [VulnerabilityReportType!]
|
||||
|
||||
"""
|
||||
Filter vulnerabilities by severity
|
||||
"""
|
||||
severity: [VulnerabilitySeverity!]
|
||||
|
||||
"""
|
||||
Filter vulnerabilities by state
|
||||
"""
|
||||
state: [VulnerabilityState!]
|
||||
): VulnerabilityConnection
|
||||
}
|
||||
|
||||
"""
|
||||
|
|
|
@ -21480,6 +21480,131 @@
|
|||
},
|
||||
"isDeprecated": false,
|
||||
"deprecationReason": null
|
||||
},
|
||||
{
|
||||
"name": "vulnerabilities",
|
||||
"description": "Vulnerabilities reported on projects on the current user's instance security dashboard",
|
||||
"args": [
|
||||
{
|
||||
"name": "projectId",
|
||||
"description": "Filter vulnerabilities by project",
|
||||
"type": {
|
||||
"kind": "LIST",
|
||||
"name": null,
|
||||
"ofType": {
|
||||
"kind": "NON_NULL",
|
||||
"name": null,
|
||||
"ofType": {
|
||||
"kind": "SCALAR",
|
||||
"name": "ID",
|
||||
"ofType": null
|
||||
}
|
||||
}
|
||||
},
|
||||
"defaultValue": null
|
||||
},
|
||||
{
|
||||
"name": "reportType",
|
||||
"description": "Filter vulnerabilities by report type",
|
||||
"type": {
|
||||
"kind": "LIST",
|
||||
"name": null,
|
||||
"ofType": {
|
||||
"kind": "NON_NULL",
|
||||
"name": null,
|
||||
"ofType": {
|
||||
"kind": "ENUM",
|
||||
"name": "VulnerabilityReportType",
|
||||
"ofType": null
|
||||
}
|
||||
}
|
||||
},
|
||||
"defaultValue": null
|
||||
},
|
||||
{
|
||||
"name": "severity",
|
||||
"description": "Filter vulnerabilities by severity",
|
||||
"type": {
|
||||
"kind": "LIST",
|
||||
"name": null,
|
||||
"ofType": {
|
||||
"kind": "NON_NULL",
|
||||
"name": null,
|
||||
"ofType": {
|
||||
"kind": "ENUM",
|
||||
"name": "VulnerabilitySeverity",
|
||||
"ofType": null
|
||||
}
|
||||
}
|
||||
},
|
||||
"defaultValue": null
|
||||
},
|
||||
{
|
||||
"name": "state",
|
||||
"description": "Filter vulnerabilities by state",
|
||||
"type": {
|
||||
"kind": "LIST",
|
||||
"name": null,
|
||||
"ofType": {
|
||||
"kind": "NON_NULL",
|
||||
"name": null,
|
||||
"ofType": {
|
||||
"kind": "ENUM",
|
||||
"name": "VulnerabilityState",
|
||||
"ofType": null
|
||||
}
|
||||
}
|
||||
},
|
||||
"defaultValue": null
|
||||
},
|
||||
{
|
||||
"name": "after",
|
||||
"description": "Returns the elements in the list that come after the specified cursor.",
|
||||
"type": {
|
||||
"kind": "SCALAR",
|
||||
"name": "String",
|
||||
"ofType": null
|
||||
},
|
||||
"defaultValue": null
|
||||
},
|
||||
{
|
||||
"name": "before",
|
||||
"description": "Returns the elements in the list that come before the specified cursor.",
|
||||
"type": {
|
||||
"kind": "SCALAR",
|
||||
"name": "String",
|
||||
"ofType": null
|
||||
},
|
||||
"defaultValue": null
|
||||
},
|
||||
{
|
||||
"name": "first",
|
||||
"description": "Returns the first _n_ elements from the list.",
|
||||
"type": {
|
||||
"kind": "SCALAR",
|
||||
"name": "Int",
|
||||
"ofType": null
|
||||
},
|
||||
"defaultValue": null
|
||||
},
|
||||
{
|
||||
"name": "last",
|
||||
"description": "Returns the last _n_ elements from the list.",
|
||||
"type": {
|
||||
"kind": "SCALAR",
|
||||
"name": "Int",
|
||||
"ofType": null
|
||||
},
|
||||
"defaultValue": null
|
||||
}
|
||||
],
|
||||
"type": {
|
||||
"kind": "OBJECT",
|
||||
"name": "VulnerabilityConnection",
|
||||
"ofType": null
|
||||
},
|
||||
"isDeprecated": false,
|
||||
"deprecationReason": null
|
||||
}
|
||||
],
|
||||
"inputFields": null,
|
||||
|
|
|
@ -449,7 +449,7 @@ It's common to discover technical debt during development of a new feature. In
|
|||
the spirit of "minimum viable change", resolution is often deferred to a
|
||||
follow-up issue. However, this cannot be used as an excuse to merge poor-quality
|
||||
code that would otherwise not pass review, or to overlook trivial matters that
|
||||
don't deserve the be scheduled independently, and would be best resolved in the
|
||||
don't deserve to be scheduled independently, and would be best resolved in the
|
||||
original merge request - or not tracked at all!
|
||||
|
||||
The overheads of scheduling, and rate of change in the GitLab codebase, mean
|
||||
|
|
|
@ -76,6 +76,6 @@ Each individual scanner may be slightly different than the steps described
|
|||
above. You can find more information at each of the pages below:
|
||||
|
||||
- [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-environment)
|
||||
- [SAST offline directions](../sast/index.md#gitlab-sast-in-an-offline-environment)
|
||||
- [SAST offline directions](../sast/index.md#running-sast-in-an-offline-environment)
|
||||
- [DAST offline directions](../dast/index.md#running-dast-in-an-offline-environment)
|
||||
- [License Compliance offline directions](../../compliance/license_compliance/index.md#running-license-compliance-in-an-offline-environment)
|
||||
|
|
|
@ -504,16 +504,17 @@ Once a vulnerability is found, you can interact with it. Read more on how to
|
|||
For more information about the vulnerabilities database update, check the
|
||||
[maintenance table](../index.md#maintenance-and-update-of-the-vulnerabilities-database).
|
||||
|
||||
## GitLab SAST in an offline environment
|
||||
## Running SAST in an offline environment
|
||||
|
||||
For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
|
||||
to external resources through the internet, some adjustments are required for the SAST job to
|
||||
successfully run.
|
||||
successfully run. For more information, see [Offline environments](../offline_deployments/index.md).
|
||||
|
||||
### Requirements for offline SAST
|
||||
|
||||
To use SAST in an offline environment, you need:
|
||||
|
||||
- [Disable Docker-In-Docker](#disabling-docker-in-docker-for-sast)
|
||||
- GitLab Runner with the [`docker` or `kubernetes` executor](#requirements).
|
||||
- Docker Container Registry with locally available copies of SAST [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images.
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@ bandit-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /bandit/&&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /python/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bpython\b/
|
||||
|
||||
brakeman-sast:
|
||||
extends: .sast-analyzer
|
||||
|
@ -75,7 +75,7 @@ brakeman-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /brakeman/ &&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /ruby/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bruby\b/
|
||||
|
||||
eslint-sast:
|
||||
extends: .sast-analyzer
|
||||
|
@ -85,7 +85,7 @@ eslint-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /eslint/ &&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjavascript\b/
|
||||
|
||||
flawfinder-sast:
|
||||
extends: .sast-analyzer
|
||||
|
@ -95,7 +95,7 @@ flawfinder-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /flawfinder/ &&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\b(c\+\+|c)\b/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /(c(\+\+)?,)|(c(\+\+)?$)/
|
||||
|
||||
kubesec-sast:
|
||||
extends: .sast-analyzer
|
||||
|
@ -125,7 +125,7 @@ nodejs-scan-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/ &&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /javascript/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bjavascript\b/
|
||||
|
||||
phpcs-security-audit-sast:
|
||||
extends: .sast-analyzer
|
||||
|
@ -135,7 +135,7 @@ phpcs-security-audit-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /phpcs-security-audit/ &&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /php/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bphp\b/
|
||||
|
||||
pmd-apex-sast:
|
||||
extends: .sast-analyzer
|
||||
|
@ -145,7 +145,7 @@ pmd-apex-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /pmd-apex/ &&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /apex/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\bapex\b/
|
||||
|
||||
secrets-sast:
|
||||
extends: .sast-analyzer
|
||||
|
@ -174,7 +174,7 @@ sobelow-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /sobelow/ &&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /elixir/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\belixir\b/
|
||||
|
||||
spotbugs-sast:
|
||||
extends: .sast-analyzer
|
||||
|
@ -194,4 +194,4 @@ tslint-sast:
|
|||
variables:
|
||||
- $GITLAB_FEATURES =~ /\bsast\b/ &&
|
||||
$SAST_DEFAULT_ANALYZERS =~ /tslint/ &&
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /typescript/
|
||||
$CI_PROJECT_REPOSITORY_LANGUAGES =~ /\btypescript\b/
|
||||
|
|
Loading…
Reference in New Issue