diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-09 21:09:20 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-09 21:09:20 +0000 |
commit | 1c1719d8bef5ad23def2d63bdbae8aa876fcc8c9 (patch) | |
tree | dcdba0d12287f3642ea2b80f87b919e4b0054031 | |
parent | 6a05cc3fd5c58a17d61ff25bb70b27089d68b99f (diff) | |
download | gitlab-ce-1c1719d8bef5ad23def2d63bdbae8aa876fcc8c9.tar.gz |
Add latest changes from gitlab-org/gitlab@master
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 10 | ||||
-rw-r--r-- | db/migrate/20210708124229_add_security_scans_created_at_index.rb | 17 | ||||
-rw-r--r-- | db/schema_migrations/20210708124229 | 1 | ||||
-rw-r--r-- | db/structure.sql | 2 | ||||
-rw-r--r-- | doc/user/application_security/container_scanning/index.md | 13 | ||||
-rw-r--r-- | doc/user/packages/helm_repository/index.md | 2 |
7 files changed, 39 insertions, 8 deletions
@@ -258,7 +258,7 @@ gem 'asana', '~> 0.10.3' gem 'ruby-fogbugz', '~> 0.2.1' # Kubernetes integration -gem 'kubeclient', '~> 4.9.1' +gem 'kubeclient', '~> 4.9.2' # Sanitize user input gem 'sanitize', '~> 5.2.1' diff --git a/Gemfile.lock b/Gemfile.lock index 07bd72755d0..0671737a625 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -675,9 +675,8 @@ GEM hana (~> 1.3) regexp_parser (~> 1.5) uri_template (~> 0.7) - jsonpath (1.0.5) + jsonpath (1.1.0) multi_json - to_regexp (~> 0.2.1) jwt (2.1.0) kaminari (1.2.1) activesupport (>= 4.1.0) @@ -699,7 +698,7 @@ GEM rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) - kubeclient (4.9.1) + kubeclient (4.9.2) http (>= 3.0, < 5.0) jsonpath (~> 1.0) recursive-open-struct (~> 1.1, >= 1.1.1) @@ -1028,7 +1027,7 @@ GEM re2 (1.2.0) recaptcha (4.13.1) json - recursive-open-struct (1.1.2) + recursive-open-struct (1.1.3) redis (4.1.4) redis-actionpack (5.2.0) actionpack (>= 5, < 7) @@ -1286,7 +1285,6 @@ GEM timecop (0.9.1) timeliness (0.3.10) timfel-krb5-auth (0.8.3) - to_regexp (0.2.1) toml (0.2.0) parslet (~> 1.8.0) toml-rb (2.0.1) @@ -1536,7 +1534,7 @@ DEPENDENCIES kas-grpc (~> 0.0.2) knapsack (~> 1.21.1) kramdown (~> 2.3.1) - kubeclient (~> 4.9.1) + kubeclient (~> 4.9.2) lefthook (~> 0.7.0) letter_opener_web (~> 1.4.0) license_finder (~> 6.0) diff --git a/db/migrate/20210708124229_add_security_scans_created_at_index.rb b/db/migrate/20210708124229_add_security_scans_created_at_index.rb new file mode 100644 index 00000000000..d2d1958f5b9 --- /dev/null +++ b/db/migrate/20210708124229_add_security_scans_created_at_index.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class AddSecurityScansCreatedAtIndex < ActiveRecord::Migration[6.1] + include Gitlab::Database::MigrationHelpers + + disable_ddl_transaction! + + INDEX_NAME = 'index_security_scans_on_created_at' + + def up + add_concurrent_index(:security_scans, :created_at, name: INDEX_NAME) + end + + def down + remove_concurrent_index_by_name(:security_scans, INDEX_NAME) + end +end diff --git a/db/schema_migrations/20210708124229 b/db/schema_migrations/20210708124229 new file mode 100644 index 00000000000..29cf5b8986f --- /dev/null +++ b/db/schema_migrations/20210708124229 @@ -0,0 +1 @@ +18f7a9a0e9f0b331028951adf2bf6ca9a9fc4a62872f5307ee9d74761ae06deb
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 21dd89ceedc..7a4f1a321b4 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -24798,6 +24798,8 @@ CREATE INDEX index_security_findings_on_severity ON security_findings USING btre CREATE UNIQUE INDEX index_security_findings_on_uuid_and_scan_id ON security_findings USING btree (uuid, scan_id); +CREATE INDEX index_security_scans_on_created_at ON security_scans USING btree (created_at); + CREATE INDEX index_security_scans_on_date_created_at_and_id ON security_scans USING btree (date(timezone('UTC'::text, created_at)), id); CREATE INDEX index_self_managed_prometheus_alert_events_on_environment_id ON self_managed_prometheus_alert_events USING btree (environment_id); diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index 448250a9d63..1d20c875ace 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -172,6 +172,19 @@ Support depends on the scanner: - [Grype](https://github.com/anchore/grype#grype) - [Trivy](https://aquasecurity.github.io/trivy/latest/vuln-detection/os/) (Default). +#### UBI-based images + +GitLab also offers [Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image) +versions of the container-scanning images. You can therefore replace standard images with UBI-based +images. To configure the images, set the `CS_ANALYZER_IMAGE` variable to the standard tag plus the +`-ubi` extension. + +| Scanner name | `CS_ANALYZER_IMAGE` | +| --------------- | ------------------- | +| Default (Trivy) | `registry.gitlab.com/security-products/container-scanning:4-ubi` | +| Grype | `registry.gitlab.com/security-products/container-scanning/grype:4-ubi` | +| Trivy | `registry.gitlab.com/security-products/container-scanning/trivy:4-ubi` | + ### Overriding the container scanning template If you want to override the job definition (for example, to change properties like `variables`), you diff --git a/doc/user/packages/helm_repository/index.md b/doc/user/packages/helm_repository/index.md index b42cd824100..428c95dac0a 100644 --- a/doc/user/packages/helm_repository/index.md +++ b/doc/user/packages/helm_repository/index.md @@ -65,7 +65,7 @@ Once built, a chart can be uploaded to the `stable` channel with `curl` or `helm ```shell helm repo add --username <username> --password <personal_access_token> project-1 https://gitlab.example.com/api/v4/projects/1/packages/helm/stable - helm push mychart.tgz project-1 + helm push mychart-0.1.0.tgz project-1 ``` ## Install a package |