yonatan miller authored 5 years ago and Achilleas Pipinellis committed 5 years ago

Gitlab CI Linter otherwise gives error `variables config should be a hash value of key value pairs`

This commit updates a screenshot and the description
of the documentation of the group security dashboard to it is in
sync with the latest version of the dashboard.

Marcel Amirault authored 5 years ago and Evan Read committed 5 years ago

Clean up issues that may cause the docs-lint
test to fail, such as trailing whitespace, no
EOF newline, blockquotes, etc

A new param with_security_reports was added to
GET /groups/:id/projects API and the code to
support this logic in GroupProjectsFinder and
Project model. Also, a DB index was added to
ci_job_artifacts table to speed up the search
of security reports artifacts for projects

Achilleas Pipinellis authored 5 years ago and Evan Read committed 5 years ago

- New redirect doc/user/application_security/license_compliance/index.md
- Renaming of images.
- Some links that were pointing to the old location are fixed.

Fabien Catteau authored 5 years ago and Achilleas Pipinellis committed 5 years ago

License Compliance now uses Python 3 by default.

See https://gitlab.com/gitlab-org/gitlab-ee/issues/12032

Seth Berger authored 5 years ago and Achilleas Pipinellis committed 5 years ago

Updated container scanning docs with a sample config

With https://gitlab.com/gitlab-org/security-products/analyzers/gosec/merge_requests/18
we have added some basic URLs to our gosec analyzer, upgrading data from none to partially reliable

As part of https://gitlab.com/gitlab-org/gitlab-ee/issues/8910,
all occurrences of License Management are replace with
License Compliance.

Mark Florian authored 5 years ago and Evan Read committed 5 years ago

These changes align the docs with the features introduced in [1].

See also the [issue tracking the documentation changes][2].

[1]: https://gitlab.com/gitlab-org/gitlab-ee/issues/10077
[2]: https://gitlab.com/gitlab-org/gitlab-ee/issues/12986

Lucas Charles authored 5 years ago and Achilleas Pipinellis committed 5 years ago

Includes documentation for new Apex (Salesforce) analyzer

Lucas Charles authored 5 years ago and Evan Read committed 5 years ago

Documents how to enable security approvals

Includes admin_area and application_security
topics.

This commit includes changes to update the documentation so it
reflects the new navigation structure introduced by the additional
tab "Security & Compliance" to the project-views sidebar and
"Security" to the group-views sidebar.

* Screenshot
* Paths to the Dependency List
* Paths to the group-level security dashboard

Achilleas Pipinellis authored 5 years ago and Evan Read committed 5 years ago

Port all info from:

- security-products/sast/blob/master/docs/README.md
- security-products/sast/blob/master/docs/analyzers.md

Marcel Amirault authored 5 years ago and Evan Read committed 5 years ago

Ensure that all numbered lists use only 1. and no other numbers.
Also ensure that numbered lists use proper spacing.

Fabien Catteau authored 5 years ago and Mayra Cabrera committed 5 years ago

Propagate PIP_INDEX_URL, PIP_EXTRA_INDEX_URL
to the dependency-scanning Docker image
to support Python projects depending on custom
Pypi registries. These variables will be consumed
by the gemnasium-python analyzer.

Marcel Amirault authored 5 years ago and Evan Read committed 5 years ago

Removing extra blank lines in docs that serve
no purpose, as well as some --- lines that also
are not needed.

The manual job definitions are deprecated and are not
guaranteed to work as expected. We should not confuse
our users with including them in the docs.

This deletes all the deprecated sections and cleans up
the configuration section significantly.

Marcel Amirault authored 5 years ago and Achilleas Pipinellis committed 5 years ago

Previously, we used brackets to denote the tier badges,
but this made Kramdown, the docs site Markdown renderer,
show many warnings when building the site. This is now
fixed by using parentheses instead of square brackets.

This was caused by [PREMIUM] looking like a link to
Kramdown, which couldn't find a URL there.

See:
- https://gitlab.com/gitlab-com/gitlab-docs/merge_requests/484
- https://gitlab.com/gitlab-org/gitlab-ce/issues/63800

Addresses the following questions:

- How often do we update the vulnerability DB or analyzers?
- Do we have to update GitLab to benefit from latest vulnerabilities
  definitions?

Port all info from:

- security-products/dependency-scanning/blob/master/docs/README.md
- security-products/dependency-scanning/blob/master/docs/analyzers.md