Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
146284d119
commit
fd340cdc68
|
@ -1,5 +1,7 @@
|
||||||
import MirrorRepos from '~/mirrors/mirror_repos';
|
import MirrorRepos from '~/mirrors/mirror_repos';
|
||||||
import mountBranchRules from '~/projects/settings/repository/branch_rules/mount_branch_rules';
|
import mountBranchRules from '~/projects/settings/repository/branch_rules/mount_branch_rules';
|
||||||
|
import mountDefaultBranchSelector from '~/projects/settings/mount_default_branch_selector';
|
||||||
|
|
||||||
import initForm from '../form';
|
import initForm from '../form';
|
||||||
|
|
||||||
initForm();
|
initForm();
|
||||||
|
@ -8,3 +10,4 @@ const mirrorReposContainer = document.querySelector('.js-mirror-settings');
|
||||||
if (mirrorReposContainer) new MirrorRepos(mirrorReposContainer).init();
|
if (mirrorReposContainer) new MirrorRepos(mirrorReposContainer).init();
|
||||||
|
|
||||||
mountBranchRules(document.getElementById('js-branch-rules'));
|
mountBranchRules(document.getElementById('js-branch-rules'));
|
||||||
|
mountDefaultBranchSelector(document.querySelector('.js-select-default-branch'));
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
<script>
|
||||||
|
import RefSelector from '~/ref/components/ref_selector.vue';
|
||||||
|
import { REF_TYPE_BRANCHES } from '~/ref/constants';
|
||||||
|
import { __ } from '~/locale';
|
||||||
|
|
||||||
|
export default {
|
||||||
|
components: {
|
||||||
|
RefSelector,
|
||||||
|
},
|
||||||
|
props: {
|
||||||
|
persistedDefaultBranch: {
|
||||||
|
type: String,
|
||||||
|
required: true,
|
||||||
|
},
|
||||||
|
projectId: {
|
||||||
|
type: String,
|
||||||
|
required: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
refTypes: [REF_TYPE_BRANCHES],
|
||||||
|
i18n: {
|
||||||
|
dropdownHeader: __('Select default branch'),
|
||||||
|
searchPlaceholder: __('Search branch'),
|
||||||
|
},
|
||||||
|
};
|
||||||
|
</script>
|
||||||
|
<template>
|
||||||
|
<ref-selector
|
||||||
|
:value="persistedDefaultBranch"
|
||||||
|
class="gl-w-full"
|
||||||
|
:project-id="projectId"
|
||||||
|
:enabled-ref-types="$options.refTypes"
|
||||||
|
:translations="$options.i18n"
|
||||||
|
name="project[default_branch]"
|
||||||
|
data-testid="default-branch-dropdown"
|
||||||
|
data-qa-selector="default_branch_dropdown"
|
||||||
|
/>
|
||||||
|
</template>
|
|
@ -0,0 +1,22 @@
|
||||||
|
import Vue from 'vue';
|
||||||
|
import DefaultBranchSelector from './components/default_branch_selector.vue';
|
||||||
|
|
||||||
|
export default (el) => {
|
||||||
|
if (!el) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const { projectId, defaultBranch } = el.dataset;
|
||||||
|
|
||||||
|
return new Vue({
|
||||||
|
el,
|
||||||
|
render(createElement) {
|
||||||
|
return createElement(DefaultBranchSelector, {
|
||||||
|
props: {
|
||||||
|
persistedDefaultBranch: defaultBranch,
|
||||||
|
projectId,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
},
|
||||||
|
});
|
||||||
|
};
|
|
@ -29,6 +29,7 @@ export default {
|
||||||
GlLoadingIcon,
|
GlLoadingIcon,
|
||||||
RefResultsSection,
|
RefResultsSection,
|
||||||
},
|
},
|
||||||
|
inheritAttrs: false,
|
||||||
props: {
|
props: {
|
||||||
enabledRefTypes: {
|
enabledRefTypes: {
|
||||||
type: Array,
|
type: Array,
|
||||||
|
@ -70,6 +71,15 @@ export default {
|
||||||
required: false,
|
required: false,
|
||||||
default: true,
|
default: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
/* Underlying form field name for scenarios where ref_selector
|
||||||
|
* is used as part of submitting an HTML form
|
||||||
|
*/
|
||||||
|
name: {
|
||||||
|
type: String,
|
||||||
|
required: false,
|
||||||
|
default: '',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
data() {
|
data() {
|
||||||
return {
|
return {
|
||||||
|
@ -213,89 +223,103 @@ export default {
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<template>
|
<template>
|
||||||
<gl-dropdown
|
<div>
|
||||||
:header-text="i18n.dropdownHeader"
|
<gl-dropdown
|
||||||
:toggle-class="toggleButtonClass"
|
:header-text="i18n.dropdownHeader"
|
||||||
:text="buttonText"
|
:toggle-class="toggleButtonClass"
|
||||||
class="ref-selector"
|
:text="buttonText"
|
||||||
v-bind="$attrs"
|
class="ref-selector gl-w-full"
|
||||||
v-on="$listeners"
|
v-bind="$attrs"
|
||||||
@shown="focusSearchBox"
|
v-on="$listeners"
|
||||||
>
|
@shown="focusSearchBox"
|
||||||
<template #header>
|
>
|
||||||
<gl-search-box-by-type
|
<template #header>
|
||||||
ref="searchBox"
|
<gl-search-box-by-type
|
||||||
v-model.trim="query"
|
ref="searchBox"
|
||||||
:placeholder="i18n.searchPlaceholder"
|
v-model.trim="query"
|
||||||
autocomplete="off"
|
:placeholder="i18n.searchPlaceholder"
|
||||||
@input="onSearchBoxInput"
|
autocomplete="off"
|
||||||
@keydown.enter.prevent="onSearchBoxEnter"
|
data-qa-selector="ref_selector_searchbox"
|
||||||
/>
|
@input="onSearchBoxInput"
|
||||||
</template>
|
@keydown.enter.prevent="onSearchBoxEnter"
|
||||||
|
/>
|
||||||
|
</template>
|
||||||
|
|
||||||
<gl-loading-icon v-if="isLoading" size="lg" class="gl-my-3" />
|
<gl-loading-icon v-if="isLoading" size="lg" class="gl-my-3" />
|
||||||
|
|
||||||
<div v-else-if="showNoResults" class="gl-text-center gl-mx-3 gl-py-3" data-testid="no-results">
|
<div
|
||||||
<gl-sprintf v-if="lastQuery" :message="i18n.noResultsWithQuery">
|
v-else-if="showNoResults"
|
||||||
<template #query>
|
class="gl-text-center gl-mx-3 gl-py-3"
|
||||||
<b class="gl-word-break-all">{{ lastQuery }}</b>
|
data-testid="no-results"
|
||||||
|
>
|
||||||
|
<gl-sprintf v-if="lastQuery" :message="i18n.noResultsWithQuery">
|
||||||
|
<template #query>
|
||||||
|
<b class="gl-word-break-all">{{ lastQuery }}</b>
|
||||||
|
</template>
|
||||||
|
</gl-sprintf>
|
||||||
|
|
||||||
|
<span v-else>{{ i18n.noResults }}</span>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<template v-else>
|
||||||
|
<template v-if="showBranchesSection">
|
||||||
|
<ref-results-section
|
||||||
|
:section-title="i18n.branches"
|
||||||
|
:total-count="matches.branches.totalCount"
|
||||||
|
:items="matches.branches.list"
|
||||||
|
:selected-ref="selectedRef"
|
||||||
|
:error="matches.branches.error"
|
||||||
|
:error-message="i18n.branchesErrorMessage"
|
||||||
|
:show-header="showSectionHeaders"
|
||||||
|
data-testid="branches-section"
|
||||||
|
data-qa-selector="branches_section"
|
||||||
|
@selected="selectRef($event)"
|
||||||
|
/>
|
||||||
|
|
||||||
|
<gl-dropdown-divider v-if="showTagsSection || showCommitsSection" />
|
||||||
</template>
|
</template>
|
||||||
</gl-sprintf>
|
|
||||||
|
|
||||||
<span v-else>{{ i18n.noResults }}</span>
|
<template v-if="showTagsSection">
|
||||||
</div>
|
<ref-results-section
|
||||||
|
:section-title="i18n.tags"
|
||||||
|
:total-count="matches.tags.totalCount"
|
||||||
|
:items="matches.tags.list"
|
||||||
|
:selected-ref="selectedRef"
|
||||||
|
:error="matches.tags.error"
|
||||||
|
:error-message="i18n.tagsErrorMessage"
|
||||||
|
:show-header="showSectionHeaders"
|
||||||
|
data-testid="tags-section"
|
||||||
|
@selected="selectRef($event)"
|
||||||
|
/>
|
||||||
|
|
||||||
<template v-else>
|
<gl-dropdown-divider v-if="showCommitsSection" />
|
||||||
<template v-if="showBranchesSection">
|
</template>
|
||||||
<ref-results-section
|
|
||||||
:section-title="i18n.branches"
|
|
||||||
:total-count="matches.branches.totalCount"
|
|
||||||
:items="matches.branches.list"
|
|
||||||
:selected-ref="selectedRef"
|
|
||||||
:error="matches.branches.error"
|
|
||||||
:error-message="i18n.branchesErrorMessage"
|
|
||||||
:show-header="showSectionHeaders"
|
|
||||||
data-testid="branches-section"
|
|
||||||
data-qa-selector="branches_section"
|
|
||||||
@selected="selectRef($event)"
|
|
||||||
/>
|
|
||||||
|
|
||||||
<gl-dropdown-divider v-if="showTagsSection || showCommitsSection" />
|
<template v-if="showCommitsSection">
|
||||||
|
<ref-results-section
|
||||||
|
:section-title="i18n.commits"
|
||||||
|
:total-count="matches.commits.totalCount"
|
||||||
|
:items="matches.commits.list"
|
||||||
|
:selected-ref="selectedRef"
|
||||||
|
:error="matches.commits.error"
|
||||||
|
:error-message="i18n.commitsErrorMessage"
|
||||||
|
:show-header="showSectionHeaders"
|
||||||
|
data-testid="commits-section"
|
||||||
|
@selected="selectRef($event)"
|
||||||
|
/>
|
||||||
|
</template>
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<template v-if="showTagsSection">
|
<template #footer>
|
||||||
<ref-results-section
|
<slot name="footer" v-bind="footerSlotProps"></slot>
|
||||||
:section-title="i18n.tags"
|
|
||||||
:total-count="matches.tags.totalCount"
|
|
||||||
:items="matches.tags.list"
|
|
||||||
:selected-ref="selectedRef"
|
|
||||||
:error="matches.tags.error"
|
|
||||||
:error-message="i18n.tagsErrorMessage"
|
|
||||||
:show-header="showSectionHeaders"
|
|
||||||
data-testid="tags-section"
|
|
||||||
@selected="selectRef($event)"
|
|
||||||
/>
|
|
||||||
|
|
||||||
<gl-dropdown-divider v-if="showCommitsSection" />
|
|
||||||
</template>
|
</template>
|
||||||
|
</gl-dropdown>
|
||||||
<template v-if="showCommitsSection">
|
<input
|
||||||
<ref-results-section
|
v-if="name"
|
||||||
:section-title="i18n.commits"
|
data-testid="selected-ref-form-field"
|
||||||
:total-count="matches.commits.totalCount"
|
type="hidden"
|
||||||
:items="matches.commits.list"
|
:value="selectedRef"
|
||||||
:selected-ref="selectedRef"
|
:name="name"
|
||||||
:error="matches.commits.error"
|
/>
|
||||||
:error-message="i18n.commitsErrorMessage"
|
</div>
|
||||||
:show-header="showSectionHeaders"
|
|
||||||
data-testid="commits-section"
|
|
||||||
@selected="selectRef($event)"
|
|
||||||
/>
|
|
||||||
</template>
|
|
||||||
</template>
|
|
||||||
|
|
||||||
<template #footer>
|
|
||||||
<slot name="footer" v-bind="footerSlotProps"></slot>
|
|
||||||
</template>
|
|
||||||
</gl-dropdown>
|
|
||||||
</template>
|
</template>
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
- else
|
- else
|
||||||
.form-group
|
.form-group
|
||||||
= f.label :default_branch, _("Default branch"), class: 'label-bold'
|
= f.label :default_branch, _("Default branch"), class: 'label-bold'
|
||||||
= f.select(:default_branch, @project.repository.branch_names, {}, {class: 'select2 select-wide', data: { qa_selector: 'default_branch_dropdown' }})
|
.js-select-default-branch{ data: { default_branch: @project.default_branch, project_id: @project.id } }
|
||||||
|
|
||||||
.form-group
|
.form-group
|
||||||
- help_text = _("When merge requests and commits in the default branch close, any issues they reference also close.")
|
- help_text = _("When merge requests and commits in the default branch close, any issues they reference also close.")
|
||||||
|
|
|
@ -545,7 +545,9 @@ To list the batched background migrations in the system, run this command:
|
||||||
This command supports the following options:
|
This command supports the following options:
|
||||||
|
|
||||||
- Database selection:
|
- Database selection:
|
||||||
- `--database DATABASE_NAME`: Connects to the given database.
|
- `--database DATABASE_NAME`: Connects to the given database:
|
||||||
|
- `main`: Uses the main database (default).
|
||||||
|
- `ci`: Uses the CI database.
|
||||||
- Environment selection:
|
- Environment selection:
|
||||||
- `--dev`: Uses the `dev` environment.
|
- `--dev`: Uses the `dev` environment.
|
||||||
- `--staging`: Uses the `staging` environment.
|
- `--staging`: Uses the `staging` environment.
|
||||||
|
@ -568,7 +570,9 @@ To see the status and progress of a specific batched background migration, run t
|
||||||
This command supports the following options:
|
This command supports the following options:
|
||||||
|
|
||||||
- Database selection:
|
- Database selection:
|
||||||
- `--database DATABASE_NAME`: Connects to the given database.
|
- `--database DATABASE_NAME`: Connects to the given database:
|
||||||
|
- `main`: Uses the main database (default)
|
||||||
|
- `ci`: Uses the CI database
|
||||||
- Environment selection:
|
- Environment selection:
|
||||||
- `--dev`: Uses the `dev` environment.
|
- `--dev`: Uses the `dev` environment.
|
||||||
- `--staging`: Uses the `staging` environment.
|
- `--staging`: Uses the `staging` environment.
|
||||||
|
@ -600,7 +604,9 @@ If you want to pause a batched background migration, you need to run the followi
|
||||||
This command supports the following options:
|
This command supports the following options:
|
||||||
|
|
||||||
- Database selection:
|
- Database selection:
|
||||||
- `--database DATABASE_NAME`: Connects to the given database.
|
- `--database DATABASE_NAME`: Connects to the given database:
|
||||||
|
- `main`: Uses the main database (default).
|
||||||
|
- `ci`: Uses the CI database.
|
||||||
- Environment selection:
|
- Environment selection:
|
||||||
- `--dev`: Uses the `dev` environment.
|
- `--dev`: Uses the `dev` environment.
|
||||||
- `--staging`: Uses the `staging` environment.
|
- `--staging`: Uses the `staging` environment.
|
||||||
|
@ -623,7 +629,9 @@ If you want to resume a batched background migration, you need to run the follow
|
||||||
This command supports the following options:
|
This command supports the following options:
|
||||||
|
|
||||||
- Database selection:
|
- Database selection:
|
||||||
- `--database DATABASE_NAME`: Connects to the given database.
|
- `--database DATABASE_NAME`: Connects to the given database:
|
||||||
|
- `main`: Uses the main database (default).
|
||||||
|
- `ci`: Uses the CI database.
|
||||||
- Environment selection:
|
- Environment selection:
|
||||||
- `--dev`: Uses the `dev` environment.
|
- `--dev`: Uses the `dev` environment.
|
||||||
- `--staging`: Uses the `staging` environment.
|
- `--staging`: Uses the `staging` environment.
|
||||||
|
|
|
@ -5,16 +5,17 @@ info: To determine the technical writer assigned to the Stage/Group associated w
|
||||||
type: reference
|
type: reference
|
||||||
---
|
---
|
||||||
|
|
||||||
# Secure and Protect terminology **(FREE)**
|
# Secure and Govern terminology **(FREE)**
|
||||||
|
|
||||||
This terminology list for GitLab Secure and Protect aims to:
|
The glossary of terms aims to achieve the following:
|
||||||
|
|
||||||
- Promote a ubiquitous language for discussing application security.
|
- Promote a ubiquitous language that can be used everywhere - with customers, on issues, in Slack, in code.
|
||||||
- Improve the effectiveness of communication regarding GitLab application security features.
|
- Improve the effectiveness of communication between team members.
|
||||||
- Get new contributors up to speed faster.
|
- Reduce the potential for miscommunication.
|
||||||
|
- Bring new team members and community contributors up to speed faster, reducing the time to productivity.
|
||||||
|
|
||||||
This document defines application security terms in the specific context of GitLab Secure and
|
The definitions of the terms outlined in this document are in the context of the GitLab
|
||||||
Protect features. Terms may therefore have different meanings outside that context.
|
products. Therefore, a term may have a different meaning to users outside of GitLab.
|
||||||
|
|
||||||
## Terms
|
## Terms
|
||||||
|
|
||||||
|
@ -28,9 +29,7 @@ an artifact after the job is complete. GitLab ingests this report, allowing user
|
||||||
manage found vulnerabilities. For more information, see [Security Scanner Integration](../../../development/integrations/secure.md).
|
manage found vulnerabilities. For more information, see [Security Scanner Integration](../../../development/integrations/secure.md).
|
||||||
|
|
||||||
Many GitLab analyzers follow a standard approach using Docker to run a wrapped scanner. For example,
|
Many GitLab analyzers follow a standard approach using Docker to run a wrapped scanner. For example,
|
||||||
the Docker image `bandit-sast` is an analyzer that wraps the scanner `Bandit`. You can optionally
|
the image `semgrep` is an analyzer that wraps the scanner `Semgrep`.
|
||||||
use the [Common library](https://gitlab.com/gitlab-org/security-products/analyzers/common)
|
|
||||||
to assist in building an Analyzer.
|
|
||||||
|
|
||||||
### Attack surface
|
### Attack surface
|
||||||
|
|
||||||
|
@ -44,6 +43,12 @@ The set of meaningful test cases that are generated while the fuzzer is running.
|
||||||
test case produces new coverage in the tested program. It's advised to re-use the corpus and pass it
|
test case produces new coverage in the tested program. It's advised to re-use the corpus and pass it
|
||||||
to subsequent runs.
|
to subsequent runs.
|
||||||
|
|
||||||
|
### CNA
|
||||||
|
|
||||||
|
[CVE](#cve) Numbering Authorities (CNAs) are organizations from around the world that are authorized by
|
||||||
|
the [Mitre Corporation](https://cve.mitre.org/) to assign [CVE](#cve)s to vulnerabilities in products or
|
||||||
|
services within their respective scope. [GitLab is a CNA](https://about.gitlab.com/security/cve/).
|
||||||
|
|
||||||
### CVE
|
### CVE
|
||||||
|
|
||||||
Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known
|
Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known
|
||||||
|
@ -63,6 +68,11 @@ architecture. If left unaddressed, weaknesses could result in systems, networks,
|
||||||
vulnerable to attack. The CWE List and associated classification taxonomy serve as a language that
|
vulnerable to attack. The CWE List and associated classification taxonomy serve as a language that
|
||||||
you can use to identify and describe these weaknesses in terms of CWEs.
|
you can use to identify and describe these weaknesses in terms of CWEs.
|
||||||
|
|
||||||
|
### Deduplication
|
||||||
|
|
||||||
|
When a category's process deems findings to be the same, or if they are similar enough that a noise reduction is
|
||||||
|
required, only one finding is kept and the others are eliminated. Read more about the [deduplication process](../vulnerability_report/pipeline.md#deduplication-process).
|
||||||
|
|
||||||
### Duplicate finding
|
### Duplicate finding
|
||||||
|
|
||||||
A legitimate finding that is reported multiple times. This can occur when different scanners
|
A legitimate finding that is reported multiple times. This can occur when different scanners
|
||||||
|
@ -86,6 +96,13 @@ applications, and infrastructure.
|
||||||
|
|
||||||
Findings are all potential vulnerability items scanners identify in MRs/feature branches. Only after merging to default does a finding become a [vulnerability](#vulnerability).
|
Findings are all potential vulnerability items scanners identify in MRs/feature branches. Only after merging to default does a finding become a [vulnerability](#vulnerability).
|
||||||
|
|
||||||
|
### Grouping
|
||||||
|
|
||||||
|
A flexible and non-destructive way to visually organize vulnerabilities in groups when there are multiple findings
|
||||||
|
that are likely related but do not qualify for deduplication. For example, you can include findings that should be
|
||||||
|
evaluated together, would be fixed by the same action, or come from the same source. Grouping behavior for vulnerabilities is
|
||||||
|
under development and tracked in issue [267588](https://gitlab.com/gitlab-org/gitlab/-/issues/267588).
|
||||||
|
|
||||||
### Insignificant finding
|
### Insignificant finding
|
||||||
|
|
||||||
A legitimate finding that a particular customer doesn't care about.
|
A legitimate finding that a particular customer doesn't care about.
|
||||||
|
@ -93,16 +110,18 @@ A legitimate finding that a particular customer doesn't care about.
|
||||||
### Location fingerprint
|
### Location fingerprint
|
||||||
|
|
||||||
A finding's location fingerprint is a text value that's unique for each location on the attack
|
A finding's location fingerprint is a text value that's unique for each location on the attack
|
||||||
surface. Each Secure product defines this according to its type of attack surface. For example, SAST
|
surface. Each security product defines this according to its type of attack surface. For example, SAST
|
||||||
incorporates file path and line number.
|
incorporates file path and line number.
|
||||||
|
|
||||||
### Package managers
|
### Package managers and package types
|
||||||
|
|
||||||
A Package manager is a system that manages your project dependencies.
|
#### Package managers
|
||||||
|
|
||||||
|
A package manager is a system that manages your project dependencies.
|
||||||
|
|
||||||
The package manager provides a method to install new dependencies (also referred to as "packages"), manage where packages are stored on your file system, and offer capabilities for you to publish your own packages.
|
The package manager provides a method to install new dependencies (also referred to as "packages"), manage where packages are stored on your file system, and offer capabilities for you to publish your own packages.
|
||||||
|
|
||||||
### Package types
|
#### Package types
|
||||||
|
|
||||||
Each package manager, platform, type, or ecosystem has its own conventions and protocols to identify, locate, and provision software packages.
|
Each package manager, platform, type, or ecosystem has its own conventions and protocols to identify, locate, and provision software packages.
|
||||||
|
|
||||||
|
@ -200,9 +219,26 @@ table.package-managers-and-types ul {
|
||||||
|
|
||||||
A page that displays findings discovered in the associated CI pipeline.
|
A page that displays findings discovered in the associated CI pipeline.
|
||||||
|
|
||||||
|
### Post-filter
|
||||||
|
|
||||||
|
Post-filters help reduce noise in the scanner results and automate manual tasks. You can specify criteria that updates
|
||||||
|
or modifies vulnerability data based on scanner results. For example, you can flag findings as likely False Positives
|
||||||
|
and automatically resolve vulnerabilities that are no longer detected. These are not permanent actions and can be changed.
|
||||||
|
|
||||||
|
Support for automatically resolving findings is tracked in epic [7478](https://gitlab.com/groups/gitlab-org/-/epics/7478) and
|
||||||
|
support for cheap scan is proposed in issue [349926](https://gitlab.com/gitlab-org/gitlab/-/issues/349926).
|
||||||
|
|
||||||
|
### Pre-filter
|
||||||
|
|
||||||
|
An irreversible action that is done to filter out target(s) before analysis occurs. This is usually provided to allow
|
||||||
|
the user to reduce scope and noise as well as speed up the analysis. This should not be done if a record is needed as
|
||||||
|
we currently do not store anything related to the skipped/excluded code or assets.
|
||||||
|
|
||||||
|
Examples: `DS_EXCLUDED_PATHS` should `Exclude files and directories from the scan based on the paths provided.`
|
||||||
|
|
||||||
### Primary identifier
|
### Primary identifier
|
||||||
|
|
||||||
A finding's primary identifier is a value unique to that finding. The external type and external ID
|
A finding's primary identifier is a value that is unique to each finding. The external type and external ID
|
||||||
of the finding's [first identifier](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/v2.4.0-rc1/dist/sast-report-format.json#L228)
|
of the finding's [first identifier](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/v2.4.0-rc1/dist/sast-report-format.json#L228)
|
||||||
combine to create the value.
|
combine to create the value.
|
||||||
|
|
||||||
|
@ -218,15 +254,19 @@ once it's imported into the database.
|
||||||
|
|
||||||
### Scan type (report type)
|
### Scan type (report type)
|
||||||
|
|
||||||
The type of scan. This must be one of the following:
|
Describes the type of scan. This must be one of the following:
|
||||||
|
|
||||||
|
- `api_fuzzing`
|
||||||
- `cluster_image_scanning`
|
- `cluster_image_scanning`
|
||||||
- `container_scanning`
|
- `container_scanning`
|
||||||
|
- `coverage_fuzzing`
|
||||||
- `dast`
|
- `dast`
|
||||||
- `dependency_scanning`
|
- `dependency_scanning`
|
||||||
- `sast`
|
- `sast`
|
||||||
- `secret_detection`
|
- `secret_detection`
|
||||||
|
|
||||||
|
This list is subject to change as scanners are added.
|
||||||
|
|
||||||
### Scanner
|
### Scanner
|
||||||
|
|
||||||
Software that can scan for vulnerabilities. The resulting scan report is typically not in the
|
Software that can scan for vulnerabilities. The resulting scan report is typically not in the
|
||||||
|
@ -235,9 +275,12 @@ Software that can scan for vulnerabilities. The resulting scan report is typical
|
||||||
### Secure product
|
### Secure product
|
||||||
|
|
||||||
A group of features related to a specific area of application security with first-class support by
|
A group of features related to a specific area of application security with first-class support by
|
||||||
GitLab. Products include Container Scanning, Dependency Scanning, Dynamic Application Security
|
GitLab.
|
||||||
Testing (DAST), Secret Detection, Static Application Security Testing (SAST), and Fuzz Testing. Each
|
|
||||||
of these products typically include one or more analyzers.
|
Products include Container Scanning, Dependency Scanning, Dynamic Application Security
|
||||||
|
Testing (DAST), Secret Detection, Static Application Security Testing (SAST), and Fuzz Testing.
|
||||||
|
|
||||||
|
Each of these products typically include one or more analyzers.
|
||||||
|
|
||||||
### Secure report format
|
### Secure report format
|
||||||
|
|
||||||
|
@ -267,6 +310,7 @@ is listed as GitLab.
|
||||||
|
|
||||||
A flaw that has a negative impact on the security of its environment. Vulnerabilities describe the
|
A flaw that has a negative impact on the security of its environment. Vulnerabilities describe the
|
||||||
error or weakness, and don't describe where the error is located (see [finding](#finding)).
|
error or weakness, and don't describe where the error is located (see [finding](#finding)).
|
||||||
|
|
||||||
Each vulnerability maps to a unique finding.
|
Each vulnerability maps to a unique finding.
|
||||||
|
|
||||||
Vulnerabilities exist in the default branch. Findings (see [finding](#finding)) are all potential vulnerability items scanners identify in MRs/feature branches. Only after merging to default does a finding become a vulnerability.
|
Vulnerabilities exist in the default branch. Findings (see [finding](#finding)) are all potential vulnerability items scanners identify in MRs/feature branches. Only after merging to default does a finding become a vulnerability.
|
||||||
|
@ -280,8 +324,9 @@ When a [report finding](#report-finding) is stored to the database, it becomes a
|
||||||
|
|
||||||
Deals with the responsibility of matching findings across scans so that a finding's life cycle can
|
Deals with the responsibility of matching findings across scans so that a finding's life cycle can
|
||||||
be understood. Engineers and security teams use this information to decide whether to merge code
|
be understood. Engineers and security teams use this information to decide whether to merge code
|
||||||
changes, and to see unresolved findings and when they were introduced. Vulnerabilities are tracked
|
changes, and to see unresolved findings and when they were introduced.
|
||||||
by comparing the location fingerprint, primary identifier, and report type.
|
|
||||||
|
Vulnerabilities are tracked by comparing the location fingerprint, primary identifier, and report type.
|
||||||
|
|
||||||
### Vulnerability occurrence
|
### Vulnerability occurrence
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
variables:
|
variables:
|
||||||
DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.0'
|
DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.1'
|
||||||
|
|
||||||
.dast-auto-deploy:
|
.dast-auto-deploy:
|
||||||
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
|
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
variables:
|
variables:
|
||||||
AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.0'
|
AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.1'
|
||||||
|
|
||||||
.auto-deploy:
|
.auto-deploy:
|
||||||
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
|
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
variables:
|
variables:
|
||||||
AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.0'
|
AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.1'
|
||||||
|
|
||||||
.auto-deploy:
|
.auto-deploy:
|
||||||
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
|
image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
|
||||||
|
|
|
@ -35291,6 +35291,9 @@ msgstr ""
|
||||||
msgid "Search authors"
|
msgid "Search authors"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
msgid "Search branch"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
msgid "Search branches"
|
msgid "Search branches"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
@ -36525,6 +36528,9 @@ msgstr ""
|
||||||
msgid "Select branches"
|
msgid "Select branches"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
msgid "Select default branch"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
msgid "Select due date"
|
msgid "Select due date"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
|
|
@ -5,16 +5,22 @@ module QA
|
||||||
module Project
|
module Project
|
||||||
module Settings
|
module Settings
|
||||||
class DefaultBranch < Page::Base
|
class DefaultBranch < Page::Base
|
||||||
include Page::Component::Select2
|
|
||||||
|
|
||||||
view 'app/views/projects/default_branch/_show.html.haml' do
|
view 'app/views/projects/default_branch/_show.html.haml' do
|
||||||
element :save_changes_button
|
element :save_changes_button
|
||||||
|
end
|
||||||
|
|
||||||
|
view 'app/assets/javascripts/projects/settings/components/default_branch_selector.vue' do
|
||||||
element :default_branch_dropdown
|
element :default_branch_dropdown
|
||||||
end
|
end
|
||||||
|
|
||||||
|
view 'app/assets/javascripts/ref/components/ref_selector.vue' do
|
||||||
|
element :ref_selector_searchbox
|
||||||
|
end
|
||||||
|
|
||||||
def set_default_branch(branch)
|
def set_default_branch(branch)
|
||||||
find('.select2-chosen').click
|
click_button :default_branch_dropdown
|
||||||
search_and_select(branch)
|
fill_in :ref_selector_searchbox, with: branch
|
||||||
|
click_button branch
|
||||||
end
|
end
|
||||||
|
|
||||||
def click_save_changes_button
|
def click_save_changes_button
|
||||||
|
|
|
@ -3,8 +3,6 @@
|
||||||
require 'spec_helper'
|
require 'spec_helper'
|
||||||
|
|
||||||
RSpec.describe 'Projects > Settings > User changes default branch' do
|
RSpec.describe 'Projects > Settings > User changes default branch' do
|
||||||
include Select2Helper
|
|
||||||
|
|
||||||
let(:user) { create(:user) }
|
let(:user) { create(:user) }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
|
@ -17,16 +15,21 @@ RSpec.describe 'Projects > Settings > User changes default branch' do
|
||||||
let(:project) { create(:project, :repository, namespace: user.namespace) }
|
let(:project) { create(:project, :repository, namespace: user.namespace) }
|
||||||
|
|
||||||
it 'allows to change the default branch', :js do
|
it 'allows to change the default branch', :js do
|
||||||
|
dropdown_selector = '[data-testid="default-branch-dropdown"]'
|
||||||
# Otherwise, running JS may overwrite our change to project_default_branch
|
# Otherwise, running JS may overwrite our change to project_default_branch
|
||||||
wait_for_requests
|
wait_for_requests
|
||||||
|
|
||||||
select2('fix', from: '#project_default_branch')
|
expect(page).to have_selector(dropdown_selector)
|
||||||
|
find(dropdown_selector).click
|
||||||
|
|
||||||
|
fill_in 'Search branch', with: 'fix'
|
||||||
|
click_button 'fix'
|
||||||
|
|
||||||
page.within '#default-branch-settings' do
|
page.within '#default-branch-settings' do
|
||||||
click_button 'Save changes'
|
click_button 'Save changes'
|
||||||
end
|
end
|
||||||
|
|
||||||
expect(find('#project_default_branch', visible: false).value).to eq 'fix'
|
expect(find("#{dropdown_selector} input", visible: false).value).to eq 'fix'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -34,7 +37,7 @@ RSpec.describe 'Projects > Settings > User changes default branch' do
|
||||||
let(:project) { create(:project_empty_repo, namespace: user.namespace) }
|
let(:project) { create(:project_empty_repo, namespace: user.namespace) }
|
||||||
|
|
||||||
it 'does not show default branch selector' do
|
it 'does not show default branch selector' do
|
||||||
expect(page).not_to have_selector('#project_default_branch')
|
expect(page).not_to have_selector('[data-testid="default-branch-dropdown"]')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
import { shallowMount } from '@vue/test-utils';
|
||||||
|
import DefaultBranchSelector from '~/projects/settings/components/default_branch_selector.vue';
|
||||||
|
import RefSelector from '~/ref/components/ref_selector.vue';
|
||||||
|
import { REF_TYPE_BRANCHES } from '~/ref/constants';
|
||||||
|
|
||||||
|
describe('projects/settings/components/default_branch_selector', () => {
|
||||||
|
const persistedDefaultBranch = 'main';
|
||||||
|
const projectId = '123';
|
||||||
|
let wrapper;
|
||||||
|
|
||||||
|
const findRefSelector = () => wrapper.findComponent(RefSelector);
|
||||||
|
|
||||||
|
const buildWrapper = () => {
|
||||||
|
wrapper = shallowMount(DefaultBranchSelector, {
|
||||||
|
propsData: {
|
||||||
|
persistedDefaultBranch,
|
||||||
|
projectId,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
afterEach(() => {
|
||||||
|
wrapper.destroy();
|
||||||
|
});
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
buildWrapper();
|
||||||
|
});
|
||||||
|
|
||||||
|
it('displays a RefSelector component', () => {
|
||||||
|
expect(findRefSelector().props()).toEqual({
|
||||||
|
value: persistedDefaultBranch,
|
||||||
|
enabledRefTypes: [REF_TYPE_BRANCHES],
|
||||||
|
projectId,
|
||||||
|
state: true,
|
||||||
|
translations: {
|
||||||
|
dropdownHeader: expect.any(String),
|
||||||
|
searchPlaceholder: expect.any(String),
|
||||||
|
},
|
||||||
|
useSymbolicRefNames: false,
|
||||||
|
name: 'project[default_branch]',
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(findRefSelector().classes()).toContain('gl-w-full');
|
||||||
|
});
|
||||||
|
});
|
|
@ -109,6 +109,8 @@ describe('Ref selector component', () => {
|
||||||
const findCommitDropdownItems = () => findCommitsSection().findAllComponents(GlDropdownItem);
|
const findCommitDropdownItems = () => findCommitsSection().findAllComponents(GlDropdownItem);
|
||||||
const findFirstCommitDropdownItem = () => findCommitDropdownItems().at(0);
|
const findFirstCommitDropdownItem = () => findCommitDropdownItems().at(0);
|
||||||
|
|
||||||
|
const findHiddenInputField = () => wrapper.find('[data-testid="selected-ref-form-field"]');
|
||||||
|
|
||||||
//
|
//
|
||||||
// Expecters
|
// Expecters
|
||||||
//
|
//
|
||||||
|
@ -181,6 +183,24 @@ describe('Ref selector component', () => {
|
||||||
expect(findLoadingIcon().exists()).toBe(false);
|
expect(findLoadingIcon().exists()).toBe(false);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe('when name property is provided', () => {
|
||||||
|
it('renders an forrm input hidden field', () => {
|
||||||
|
const name = 'default_tag';
|
||||||
|
|
||||||
|
createComponent({ propsData: { name } });
|
||||||
|
|
||||||
|
expect(findHiddenInputField().attributes().name).toBe(name);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('when name property is not provided', () => {
|
||||||
|
it('renders an forrm input hidden field', () => {
|
||||||
|
createComponent();
|
||||||
|
|
||||||
|
expect(findHiddenInputField().exists()).toBe(false);
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('post-initialization behavior', () => {
|
describe('post-initialization behavior', () => {
|
||||||
|
@ -194,7 +214,7 @@ describe('Ref selector component', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('adds the provided ID to the GlDropdown instance', () => {
|
it('adds the provided ID to the GlDropdown instance', () => {
|
||||||
expect(wrapper.attributes().id).toBe(id);
|
expect(wrapper.findComponent(GlDropdown).attributes().id).toBe(id);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -202,7 +222,7 @@ describe('Ref selector component', () => {
|
||||||
const preselectedRef = fixtures.branches[0].name;
|
const preselectedRef = fixtures.branches[0].name;
|
||||||
|
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
createComponent({ propsData: { value: preselectedRef } });
|
createComponent({ propsData: { value: preselectedRef, name: 'selectedRef' } });
|
||||||
|
|
||||||
return waitForRequests();
|
return waitForRequests();
|
||||||
});
|
});
|
||||||
|
@ -210,6 +230,10 @@ describe('Ref selector component', () => {
|
||||||
it('renders the pre-selected ref name', () => {
|
it('renders the pre-selected ref name', () => {
|
||||||
expect(findButtonContent().text()).toBe(preselectedRef);
|
expect(findButtonContent().text()).toBe(preselectedRef);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('binds hidden input field to the pre-selected ref', () => {
|
||||||
|
expect(findHiddenInputField().attributes().value).toBe(preselectedRef);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('when the selected ref is updated by the parent component', () => {
|
describe('when the selected ref is updated by the parent component', () => {
|
||||||
|
|
Loading…
Reference in New Issue