Achilleas Pipinellis authored 5 years ago and Evan Read committed 5 years ago

There's an error that occurs when the Docker version used to run the
SAST job is 19.03.00, and the job will fail. Advise the users what to
do in case they bump into this.

Mark Florian authored 5 years ago and Achilleas Pipinellis committed 5 years ago

Tracked in https://gitlab.com/gitlab-org/gitlab-ee/issues/13496.

Lucas Charles authored 5 years ago and Achilleas Pipinellis committed 5 years ago

Includes documentation for new Apex (Salesforce) analyzer

Includes admin_area and application_security
topics.

Achilleas Pipinellis authored 5 years ago and Evan Read committed 5 years ago

Port all info from:

- security-products/sast/blob/master/docs/README.md
- security-products/sast/blob/master/docs/analyzers.md

The manual job definitions are deprecated and are not
guaranteed to work as expected. We should not confuse
our users with including them in the docs.

This deletes all the deprecated sections and cleans up
the configuration section significantly.

Marcel Amirault authored 5 years ago and Achilleas Pipinellis committed 5 years ago

Previously, we used brackets to denote the tier badges,
but this made Kramdown, the docs site Markdown renderer,
show many warnings when building the site. This is now
fixed by using parentheses instead of square brackets.

This was caused by [PREMIUM] looking like a link to
Kramdown, which couldn't find a URL there.

See:
- https://gitlab.com/gitlab-com/gitlab-docs/merge_requests/484
- https://gitlab.com/gitlab-org/gitlab-ce/issues/63800

Addresses the following questions:

- How often do we update the vulnerability DB or analyzers?
- Do we have to update GitLab to benefit from latest vulnerabilities
  definitions?