Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
2345ff0d54
commit
b421c554c1
|
@ -1332,8 +1332,11 @@ Once added, reconfigure with `sudo gitlab-ctl reconfigure` and restart GitLab wi
|
||||||
|
|
||||||
### `The redirect URI included is not valid.` when using Pages Access Control
|
### `The redirect URI included is not valid.` when using Pages Access Control
|
||||||
|
|
||||||
Verify that the **Callback URL**/Redirect URI in the GitLab Pages [System OAuth application](../../integration/oauth_provider.md#instance-wide-applications)
|
You may see this error if `pages_external_url` was updated at some point of time. Verify the following:
|
||||||
|
|
||||||
|
1. The **Callback URL**/Redirect URI in the GitLab Pages [System OAuth application](../../integration/oauth_provider.md#instance-wide-applications)
|
||||||
is using the protocol (HTTP or HTTPS) that `pages_external_url` is configured to use.
|
is using the protocol (HTTP or HTTPS) that `pages_external_url` is configured to use.
|
||||||
|
1. The domain and path components of `Redirect URI` are valid: they should look like `projects.<pages_external_url>/auth`.
|
||||||
|
|
||||||
### 500 error `cannot serve from disk`
|
### 500 error `cannot serve from disk`
|
||||||
|
|
||||||
|
|
|
@ -6,8 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
||||||
|
|
||||||
# SAST Analyzers **(FREE)**
|
# SAST Analyzers **(FREE)**
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3.
|
> [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.
|
||||||
> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.
|
|
||||||
|
|
||||||
SAST relies on underlying third party tools that are wrapped into what we call
|
SAST relies on underlying third party tools that are wrapped into what we call
|
||||||
"Analyzers". An analyzer is a
|
"Analyzers". An analyzer is a
|
||||||
|
|
|
@ -2,13 +2,11 @@
|
||||||
stage: Secure
|
stage: Secure
|
||||||
group: Static Analysis
|
group: Static Analysis
|
||||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||||
type: reference, howto
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Static Application Security Testing (SAST) **(FREE)**
|
# Static Application Security Testing (SAST) **(FREE)**
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3.
|
> All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.
|
||||||
> - All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.
|
|
||||||
|
|
||||||
NOTE:
|
NOTE:
|
||||||
The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
|
The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
|
||||||
|
@ -168,10 +166,9 @@ To configure SAST for a project you can:
|
||||||
|
|
||||||
### Configure SAST manually
|
### Configure SAST manually
|
||||||
|
|
||||||
For GitLab 11.9 and later, to enable SAST you must [include](../../../ci/yaml/index.md#includetemplate)
|
To enable SAST you must [include](../../../ci/yaml/index.md#includetemplate)
|
||||||
the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
|
the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
|
||||||
provided as a part of your GitLab installation. For GitLab versions earlier than 11.9, you
|
provided as a part of your GitLab installation.
|
||||||
can copy and use the job as defined that template.
|
|
||||||
|
|
||||||
Add the following to your `.gitlab-ci.yml` file:
|
Add the following to your `.gitlab-ci.yml` file:
|
||||||
|
|
||||||
|
@ -269,7 +266,7 @@ versions are pulled, there are certain cases where it can be beneficial to pin
|
||||||
an analyzer to a specific release. To do so, override the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
|
an analyzer to a specific release. To do so, override the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
|
||||||
in the job template directly.
|
in the job template directly.
|
||||||
|
|
||||||
In the example below, we pin to a specific patch version of the `spotbugs` analyzer and minor version of the `semgrep` analyzer:
|
In the example below, we pin to a minor version of the `semgrep` analyzer and a specific patch version of the `brakeman` analyzer:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
include:
|
include:
|
||||||
|
@ -277,11 +274,11 @@ include:
|
||||||
|
|
||||||
semgrep-sast:
|
semgrep-sast:
|
||||||
variables:
|
variables:
|
||||||
SAST_ANALYZER_IMAGE_TAG: "2.12"
|
SAST_ANALYZER_IMAGE_TAG: "2.16"
|
||||||
|
|
||||||
spotbugs-sast:
|
brakeman-sast:
|
||||||
variables:
|
variables:
|
||||||
SAST_ANALYZER_IMAGE_TAG: "2.28.1"
|
SAST_ANALYZER_IMAGE_TAG: "2.21.1"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Customize rulesets **(ULTIMATE)**
|
### Customize rulesets **(ULTIMATE)**
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
type: reference, howto
|
|
||||||
stage: Secure
|
stage: Secure
|
||||||
group: Static Analysis
|
group: Static Analysis
|
||||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||||
|
@ -7,15 +6,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
||||||
|
|
||||||
# Secret Detection **(FREE)**
|
# Secret Detection **(FREE)**
|
||||||
|
|
||||||
> - [Introduced](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) in GitLab 11.9.
|
> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
|
||||||
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
|
|
||||||
|
|
||||||
A recurring problem when developing applications is that developers may unintentionally commit
|
A recurring problem when developing applications is that developers may unintentionally commit
|
||||||
secrets and credentials to their remote repositories. If other people have access to the source,
|
secrets and credentials to their remote repositories. If other people have access to the source,
|
||||||
or if the project is public, the sensitive information is then exposed and can be leveraged by
|
or if the project is public, the sensitive information is then exposed and can be leveraged by
|
||||||
malicious users to gain access to resources like deployment environments.
|
malicious users to gain access to resources like deployment environments.
|
||||||
|
|
||||||
GitLab 11.9 includes a new check called Secret Detection. It scans the content of the repository
|
GitLab includes a check called Secret Detection. It scans the content of the repository
|
||||||
to find API keys and other information that should not be there.
|
to find API keys and other information that should not be there.
|
||||||
|
|
||||||
GitLab displays identified secrets visibly in a few places:
|
GitLab displays identified secrets visibly in a few places:
|
||||||
|
|
|
@ -2,13 +2,11 @@
|
||||||
stage: Secure
|
stage: Secure
|
||||||
group: Static Analysis
|
group: Static Analysis
|
||||||
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
|
||||||
type: reference, howto
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Code Quality **(FREE)**
|
# Code Quality **(FREE)**
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in GitLab 9.3.
|
> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2.
|
||||||
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.
|
|
||||||
|
|
||||||
To ensure your project's code stays simple, readable, and easy to contribute to,
|
To ensure your project's code stays simple, readable, and easy to contribute to,
|
||||||
you can use [GitLab CI/CD](../../../ci/index.md) to analyze your source code quality.
|
you can use [GitLab CI/CD](../../../ci/index.md) to analyze your source code quality.
|
||||||
|
@ -32,8 +30,7 @@ Code Quality:
|
||||||
|
|
||||||
## Code Quality Widget
|
## Code Quality Widget
|
||||||
|
|
||||||
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in GitLab 9.3.
|
> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2.
|
||||||
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.
|
|
||||||
|
|
||||||
Going a step further, GitLab can show the Code Quality report right
|
Going a step further, GitLab can show the Code Quality report right
|
||||||
in the merge request widget area if a report from the target branch is available to compare to:
|
in the merge request widget area if a report from the target branch is available to compare to:
|
||||||
|
@ -69,9 +66,6 @@ the merge request's diff view displays an indicator next to lines with new Code
|
||||||
## Example configuration
|
## Example configuration
|
||||||
|
|
||||||
This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker.
|
This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker.
|
||||||
It requires GitLab 11.11 or later, and GitLab Runner 11.5 or later. If you are using
|
|
||||||
GitLab 11.4 or earlier, you can view the deprecated job definitions in the
|
|
||||||
[documentation archive](https://docs.gitlab.com/12.10/ee/user/project/merge_requests/code_quality.html#previous-job-definitions).
|
|
||||||
|
|
||||||
- Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker).
|
- Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker).
|
||||||
- Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently.
|
- Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently.
|
||||||
|
|
Loading…
Reference in New Issue