kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2021-12-29 06:14:55 +00:00
parent 2345ff0d54
commit b421c554c1
5 changed files with 16 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/administration/pages/index.md
View File

@ -1332,8 +1332,11 @@ Once added, reconfigure with `sudo gitlab-ctl reconfigure` and restart GitLab wi
### `The redirect URI included is not valid.` when using Pages Access Control ### `The redirect URI included is not valid.` when using Pages Access Control
Verify that the **Callback URL**/Redirect URI in the GitLab Pages [System OAuth application](../../integration/oauth_provider.md#instance-wide-applications) You may see this error if `pages_external_url` was updated at some point of time. Verify the following:
1. The **Callback URL**/Redirect URI in the GitLab Pages [System OAuth application](../../integration/oauth_provider.md#instance-wide-applications)
is using the protocol (HTTP or HTTPS) that `pages_external_url` is configured to use. is using the protocol (HTTP or HTTPS) that `pages_external_url` is configured to use.
1. The domain and path components of `Redirect URI` are valid: they should look like `projects.<pages_external_url>/auth`.
### 500 error `cannot serve from disk` ### 500 error `cannot serve from disk`

3
doc/user/application_security/sast/analyzers.md
View File

@ -6,8 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# SAST Analyzers **(FREE)** # SAST Analyzers **(FREE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3. > [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.
> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.
SAST relies on underlying third party tools that are wrapped into what we call SAST relies on underlying third party tools that are wrapped into what we call
"Analyzers". An analyzer is a "Analyzers". An analyzer is a

17
doc/user/application_security/sast/index.md
View File

@ -2,13 +2,11 @@
stage: Secure stage: Secure
group: Static Analysis group: Static Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
type: reference, howto
--- ---
# Static Application Security Testing (SAST) **(FREE)** # Static Application Security Testing (SAST) **(FREE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3. > All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.
> - All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.
NOTE: NOTE:
The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/) The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
@ -168,10 +166,9 @@ To configure SAST for a project you can:
### Configure SAST manually ### Configure SAST manually
For GitLab 11.9 and later, to enable SAST you must [include](../../../ci/yaml/index.md#includetemplate) To enable SAST you must [include](../../../ci/yaml/index.md#includetemplate)
the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
provided as a part of your GitLab installation. For GitLab versions earlier than 11.9, you provided as a part of your GitLab installation.
can copy and use the job as defined that template.
Add the following to your `.gitlab-ci.yml` file: Add the following to your `.gitlab-ci.yml` file:
@ -269,7 +266,7 @@ versions are pulled, there are certain cases where it can be beneficial to pin
an analyzer to a specific release. To do so, override the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable an analyzer to a specific release. To do so, override the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
in the job template directly. in the job template directly.
In the example below, we pin to a specific patch version of the `spotbugs` analyzer and minor version of the `semgrep` analyzer: In the example below, we pin to a minor version of the `semgrep` analyzer and a specific patch version of the `brakeman` analyzer:
```yaml ```yaml
include: include:
@ -277,11 +274,11 @@ include:
semgrep-sast: semgrep-sast:
variables: variables:
SAST_ANALYZER_IMAGE_TAG: "2.12" SAST_ANALYZER_IMAGE_TAG: "2.16"
spotbugs-sast: brakeman-sast:
variables: variables:
SAST_ANALYZER_IMAGE_TAG: "2.28.1" SAST_ANALYZER_IMAGE_TAG: "2.21.1"
``` ```
### Customize rulesets **(ULTIMATE)** ### Customize rulesets **(ULTIMATE)**

6
doc/user/application_security/secret_detection/index.md
View File

@ -1,5 +1,4 @@
--- ---
type: reference, howto
stage: Secure stage: Secure
group: Static Analysis group: Static Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
@ -7,15 +6,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Secret Detection **(FREE)** # Secret Detection **(FREE)**
> - [Introduced](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) in GitLab 11.9. > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
A recurring problem when developing applications is that developers may unintentionally commit A recurring problem when developing applications is that developers may unintentionally commit
secrets and credentials to their remote repositories. If other people have access to the source, secrets and credentials to their remote repositories. If other people have access to the source,
or if the project is public, the sensitive information is then exposed and can be leveraged by or if the project is public, the sensitive information is then exposed and can be leveraged by
malicious users to gain access to resources like deployment environments. malicious users to gain access to resources like deployment environments.
GitLab 11.9 includes a new check called Secret Detection. It scans the content of the repository GitLab includes a check called Secret Detection. It scans the content of the repository
to find API keys and other information that should not be there. to find API keys and other information that should not be there.
GitLab displays identified secrets visibly in a few places: GitLab displays identified secrets visibly in a few places:

10
doc/user/project/merge_requests/code_quality.md
View File

@ -2,13 +2,11 @@
stage: Secure stage: Secure
group: Static Analysis group: Static Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
type: reference, howto
--- ---
# Code Quality **(FREE)** # Code Quality **(FREE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in GitLab 9.3. > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2.
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.
To ensure your project's code stays simple, readable, and easy to contribute to, To ensure your project's code stays simple, readable, and easy to contribute to,
you can use [GitLab CI/CD](../../../ci/index.md) to analyze your source code quality. you can use [GitLab CI/CD](../../../ci/index.md) to analyze your source code quality.
@ -32,8 +30,7 @@ Code Quality:
## Code Quality Widget ## Code Quality Widget
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in GitLab 9.3. > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2.
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.
Going a step further, GitLab can show the Code Quality report right Going a step further, GitLab can show the Code Quality report right
in the merge request widget area if a report from the target branch is available to compare to: in the merge request widget area if a report from the target branch is available to compare to:
@ -69,9 +66,6 @@ the merge request's diff view displays an indicator next to lines with new Code
## Example configuration ## Example configuration
This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker. This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker.
It requires GitLab 11.11 or later, and GitLab Runner 11.5 or later. If you are using
GitLab 11.4 or earlier, you can view the deprecated job definitions in the
[documentation archive](https://docs.gitlab.com/12.10/ee/user/project/merge_requests/code_quality.html#previous-job-definitions).
- Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker). - Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker).
- Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently. - Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently.