diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-23 12:27:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-23 12:27:44 +0000 |
commit | dc28f8ca357c733561121acd70cb19d26880f3c2 (patch) | |
tree | 039b02b54cad14ac17b4d1fdfdd6b8489dfa1574 /doc/user/application_security/index.md | |
parent | d678b7c987f082e0e15083fe7b7dbed3ed004e0c (diff) | |
download | gitlab-ce-dc28f8ca357c733561121acd70cb19d26880f3c2.tar.gz |
Add latest changes from gitlab-org/gitlab@14-2-stable-ee
Diffstat (limited to 'doc/user/application_security/index.md')
-rw-r--r-- | doc/user/application_security/index.md | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 3b0725021ef..50fd727b892 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -194,14 +194,19 @@ merge request would introduce one of the following security issues: When the Vulnerability-Check merge request rule is enabled, additional merge request approval is required when the latest security report in a merge request: -- Contains a vulnerability of `high`, `critical`, or `unknown` severity that is not present in the +- Contains vulnerabilities that are not present in the target branch. Note that approval is still required for dismissed vulnerabilities. +- Contains vulnerabilities with severity levels (for example, `high`, `critical`, or `unknown`) + matching the rule's severity levels. +- Contains a vulnerability count higher than the rule allows. - Is not generated during pipeline execution. An approval is optional when the security report: - Contains no new vulnerabilities when compared to the target branch. -- Contains only new vulnerabilities of `low` or `medium` severity. +- Contains only vulnerabilities with severity levels (for example, `low`, `medium`) **NOT** matching + the rule's severity levels. +- Contains a vulnerability count equal to or less than what the rule allows. When the License-Check merge request rule is enabled, additional approval is required if a merge request contains a denied license. For more details, see [Enabling license approvals within a project](../compliance/license_compliance/index.md#enabling-license-approvals-within-a-project). @@ -219,16 +224,19 @@ Follow these steps to enable `Vulnerability-Check`: 1. Go to your project and select **Settings > General**. 1. Expand **Merge request approvals**. 1. Select **Enable** or **Edit**. -1. Add or change the **Rule name** to `Vulnerability-Check` (case sensitive). -1. Set the **No. of approvals required** to greater than zero. +1. Set the **Security scanners** that the rule applies to. 1. Select the **Target branch**. +1. Set the **Vulnerabilities allowed** to the number of vulnerabilities allowed before the rule is + triggered. +1. Set the **Severity levels** to the severity levels that the rule applies to. +1. Set the **Approvals required** to the number of approvals that the rule requires. 1. Select the users or groups to provide approval. 1. Select **Add approval rule**. Once this group is added to your project, the approval rule is enabled for all merge requests. Any code changes cause the approvals required to reset. -![Vulnerability Check Approver Rule](img/vulnerability-check_v13_4.png) +![Vulnerability Check Approver Rule](img/vulnerability-check_v14_2.png) ## Using private Maven repositories |