Add latest changes from gitlab-org/gitlab@master

lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml

@@ -6,7 +6,7 @@
 
 variables:
     FUZZAPI_PROFILE: Quick
-    FUZZAPI_VERSION: latest
+    FUZZAPI_VERSION: "1"
     FUZZAPI_CONFIG: .gitlab-api-fuzzing.yml
     FUZZAPI_TIMEOUT: 30
     FUZZAPI_REPORT: gl-api-fuzzing-report.json
@@ -16,7 +16,8 @@ variables:
     # available (non 500 response to HTTP(s))
     FUZZAPI_SERVICE_START_TIMEOUT: "300"
     #
-    FUZZAPI_IMAGE: registry.gitlab.com/gitlab-org/security-products/analyzers/api-fuzzing:${FUZZAPI_VERSION}-engine
+    SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
+    FUZZAPI_IMAGE: ${SECURE_ANALYZERS_PREFIX}/api-fuzzing:${FUZZAPI_VERSION}
     #
 
 apifuzzer_fuzz_unlicensed:
@@ -32,9 +33,7 @@ apifuzzer_fuzz_unlicensed:
 
 apifuzzer_fuzz:
     stage: fuzz
-    image:
-        name: $FUZZAPI_IMAGE
-        entrypoint: ["/bin/bash", "-l", "-c"]
+    image: $FUZZAPI_IMAGE
     variables:
         FUZZAPI_PROJECT: $CI_PROJECT_PATH
         FUZZAPI_API: http://localhost:80

lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml

@@ -23,17 +23,7 @@ variables:
   # (SAST, Dependency Scanning, ...)
   SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
   #
-  DAST_API_PROFILE: Full
-  DAST_API_VERSION: latest
-  DAST_API_CONFIG: .gitlab-dast-api.yml
-  DAST_API_TIMEOUT: 30
-  DAST_API_REPORT: gl-dast-api-report.json
-  DAST_API_REPORT_ASSET_PATH: assets
-  #
-  # Wait up to 5 minutes for API Security and target url to become
-  # available (non 500 response to HTTP(s))
-  DAST_API_SERVICE_START_TIMEOUT: "300"
-  #
+  DAST_API_VERSION: "1"
   DAST_API_IMAGE: registry.gitlab.com/gitlab-org/security-products/analyzers/api-fuzzing:${DAST_API_VERSION}-engine
 
 dast:
@@ -76,16 +66,7 @@ dast:
 
 dast_api:
   stage: dast
-  image:
-    name: $DAST_API_IMAGE
-    entrypoint: ["/bin/bash", "-l", "-c"]
-  variables:
-    API_SECURITY_MODE: DAST
-    DAST_API_NEW_REPORT: 1
-    DAST_API_PROJECT: $CI_PROJECT_PATH
-    DAST_API_API: http://127.0.0.1:5000
-    DAST_API_LOG_SCANNER: gl-dast-api-scanner.log
-    TZ: America/Los_Angeles
+  image: $DAST_API_IMAGE
   allow_failure: true
   rules:
     - if: $DAST_API_BETA == null
@@ -110,33 +91,12 @@ dast_api:
     - if: $CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bdast\b/
   script:
-    #
-    # Run user provided pre-script
-    - sh -c "$DAST_API_PRE_SCRIPT"
-    #
-    # Make sure asset path exists
-    - mkdir -p $DAST_API_REPORT_ASSET_PATH
-    #
-    # Start API Security background process
-    - dotnet /peach/Peach.Web.dll &> $DAST_API_LOG_SCANNER &
-    - APISEC_PID=$!
-    #
-    # Start scanning
-    - worker-entry
-    #
-    # Run user provided post-script
-    - sh -c "$DAST_API_POST_SCRIPT"
-    #
-    # Shutdown API Security
-    - kill $APISEC_PID
-    - wait $APISEC_PID
-    #
+    - /peach/analyzer-dast-api
   artifacts:
     when: always
     paths:
-      - $DAST_API_REPORT_ASSET_PATH
-      - $DAST_API_REPORT
-      - $DAST_API_LOG_SCANNER
+      - gl-assets
+      - gl-dast-api-report.json
       - gl-*.log
     reports:
-      dast: $DAST_API_REPORT
+      dast: gl-dast-api-report.json

spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb

@@ -661,7 +661,7 @@ RSpec.shared_examples 'workhorse package file upload endpoint' do
 end
 
 RSpec.shared_examples 'creates build_info when there is a job' do
-  context 'with job token' do
+  context 'with job token', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/294047' do
     let(:jwt) { build_jwt_from_job(job) }
 
     it 'creates a build_info record' do