Add latest changes from gitlab-org/gitlab@master

2020-11-08 21:08:49 +00:00 · 2020-11-08 21:08:49 +00:00 · db53c7d425
commit db53c7d425
parent ef08e16607
5 changed files with 38 additions and 2 deletions
--- a/changelogs/unreleased/add_msg_for_missing_license_covfuzz.yml
+++ b/changelogs/unreleased/add_msg_for_missing_license_covfuzz.yml
@ -0,0 +1,5 @@
+---
+title: Show error in pipeline when Coverage Fuzzing not licensed
+merge_request: 46652
+author:
+type: changed
--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@ -31,6 +31,29 @@ GitLab displays identified secrets visibly in a few places:
 - Detecting unintentional commit of secrets like keys, passwords, and API tokens.
 - Performing a single or recurring scan of the full history of your repository for secrets.

+## Supported secrets
+
+Secret Detection detects a variety of common secrets by default. You can also customize the secret detection patterns using [custom rulesets](#custom-rulesets).
+
+The [default ruleset provided by Gitleaks](https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks/gitleaks.toml) includes the following key types: 
+
+- Cloud services:
+  - Amazon Web Services (AWS)
+  - Google Cloud Platform (GCP) 
+Encryption keys:  
+  - PKCS8
+  - RSA
+  - SSH
+  - PGP
+- Social media platforms:
+  - Facebook API
+  - Twitter API
+- Cloud SaaS vendors: 
+  - GitHub API
+  - Slack Token
+  - Stripe API
+  - Generic API key strings starting with `api-`
+
 ## Requirements

 To run Secret Detection jobs, by default, you need GitLab Runner with the
--- a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml
@ -11,6 +11,14 @@ variables:
  COVFUZZ_URL_PREFIX: "https://gitlab.com/gitlab-org/security-products/analyzers/gitlab-cov-fuzz/-/raw"


+coverage_fuzzing_unlicensed:
+  stage: test
+  allow_failure: true
+  rules:
+    - if: $GITLAB_FEATURES !~ /\bcoverage_fuzzing\b/ && $COVFUZZ_DISABLED == null
+  script:
+    - echo "ERROR Your GitLab project is missing licensing for Coverage Fuzzing" && exit 1
+
 .fuzz_base:
  stage: fuzz
  allow_failure: true
--- a/lib/tasks/gitlab/gitaly.rake
+++ b/lib/tasks/gitlab/gitaly.rake
@ -22,7 +22,7 @@ Usage: rake "gitlab:gitaly:install[/installation/dir,/storage/path]")
      if Rails.env.test?
        command.push(
          'BUNDLE_FLAGS=--no-deployment',
-          "BUNDLE_PATH=#{Bundler.bundle_path}")
+          "GEM_HOME=#{Bundler.bundle_path}")
      end

      storage_paths = { 'default' => args.storage_path }
--- a/spec/tasks/gitlab/gitaly_rake_spec.rb
+++ b/spec/tasks/gitlab/gitaly_rake_spec.rb
@ -89,7 +89,7 @@ RSpec.describe 'gitlab:gitaly namespace rake task' do
          let(:command) do
            %W[make
               BUNDLE_FLAGS=--no-deployment
-               BUNDLE_PATH=#{Bundler.bundle_path}]
+               GEM_HOME=#{Bundler.bundle_path}]
          end

          before do