gitlab-org--gitlab-foss/doc/development/appsec/index.md

1.5 KiB

stage group info type
Secure, Protect all To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments index, dev, reference

Application Security development documentation

Development guides that are specific to the stages that work on Application Security features are listed here.

Please go to Application Security if you are looking for documentation on how to use those features.

Namespaces

Application Security code in the Rails monolith is organized into the following namespaces, which generally follows the feature categories in the Secure and Protect stages.

  • AppSec: shared code.
    • AppSec::ContainerScanning: Container Scanning code.
    • AppSec::Dast: DAST code.
    • AppSec::DependencyScanning: Dependency Scanning code.
    • AppSec::Fuzzing::Api: API Fuzzing code.
    • AppSec::Fuzzing::Coverage: Coverage Fuzzing code.
    • AppSec::Fuzzing: Shared fuzzing code.
    • AppSec::LicenseCompliance: License Compliance code.
    • AppSec::Sast: SAST code.
    • AppSec::SecretDetection: Secret Detection code.
    • AppSec::VulnMgmt: Vulnerability Management code.

Most AppSec code does not conform to these namespace guidelines. When developing, make an effort to move existing code into the appropriate namespace whenever possible.