diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-06 15:10:04 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-06 15:10:04 +0000 |
commit | f3b1e07903a7f509b11ad7cf188fac46d98f77f6 (patch) | |
tree | a6fa5e65d83d94334387952f1f526ed438604408 /doc/user/application_security | |
parent | ba174c982f40d71a87fd511b091753807174f7e7 (diff) | |
download | gitlab-ce-f3b1e07903a7f509b11ad7cf188fac46d98f77f6.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/application_security')
-rw-r--r-- | doc/user/application_security/container_scanning/img/container_scanning_v12_9.png | bin | 73869 -> 23030 bytes | |||
-rw-r--r-- | doc/user/application_security/dast/img/dast_all_v12_9.png | bin | 39268 -> 12130 bytes | |||
-rw-r--r-- | doc/user/application_security/dependency_scanning/index.md | 3 | ||||
-rw-r--r-- | doc/user/application_security/img/multi_select_v12_9.png | bin | 32804 -> 10825 bytes | |||
-rw-r--r-- | doc/user/application_security/sast/img/sast_v12_9.png | bin | 40172 -> 13983 bytes | |||
-rw-r--r-- | doc/user/application_security/threat_monitoring/index.md | 36 |
6 files changed, 38 insertions, 1 deletions
diff --git a/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png b/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png Binary files differindex dd96fc7aacb..13cacc6a489 100644 --- a/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png +++ b/doc/user/application_security/container_scanning/img/container_scanning_v12_9.png diff --git a/doc/user/application_security/dast/img/dast_all_v12_9.png b/doc/user/application_security/dast/img/dast_all_v12_9.png Binary files differindex 9871d1e6a43..548cea3f7f9 100644 --- a/doc/user/application_security/dast/img/dast_all_v12_9.png +++ b/doc/user/application_security/dast/img/dast_all_v12_9.png diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index b4fdf307d8b..c83e69ed6c4 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -160,6 +160,7 @@ The following variables are used for configuring specific analyzers (used for a | `GEMNASIUM_DB_LOCAL_PATH` | `gemnasium` | `/gemnasium-db` | Path to local gemnasium database. | | `GEMNASIUM_DB_REMOTE_URL` | `gemnasium` | `https://gitlab.com/gitlab-org/security-products/gemnasium-db.git` | Repository URL for fetching the gemnasium database. | | `GEMNASIUM_DB_REF_NAME` | `gemnasium` | `master` | Branch name for remote repository database. `GEMNASIUM_DB_REMOTE_URL` is required. | +| `DS_REMEDIATE` | `gemnasium` | `"true"` | Enable automatic remediation of vulnerable dependencies. | | `PIP_INDEX_URL` | `gemnasium-python` | `https://pypi.org/simple` | Base URL of Python Package Index. | | `PIP_EXTRA_INDEX_URL` | `gemnasium-python` | | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. | | `PIP_REQUIREMENTS_FILE` | `gemnasium-python` | | Pip requirements file to be scanned. | @@ -167,7 +168,7 @@ The following variables are used for configuring specific analyzers (used for a | `DS_PIP_DEPENDENCY_PATH` | `gemnasium-python` | | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) | | `DS_PYTHON_VERSION` | `retire.js` | | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)| | `MAVEN_CLI_OPTS` | `gemnasium-maven` | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](#using-private-maven-repos). | -| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `false` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline environment. | +| `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `"false"` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline, air-gapped environment.| | `BUNDLER_AUDIT_ADVISORY_DB_URL` | `bundler-audit` | `https://github.com/rubysec/ruby-advisory-db` | URL of the advisory database used by bundler-audit. | | `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME` | `bundler-audit` | `master` | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL`. | | `RETIREJS_JS_ADVISORY_DB` | `retire.js` | `https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json` | Path or URL to Retire.js js vulnerability data file. | diff --git a/doc/user/application_security/img/multi_select_v12_9.png b/doc/user/application_security/img/multi_select_v12_9.png Binary files differindex b2b171e13d0..ec3648bff08 100644 --- a/doc/user/application_security/img/multi_select_v12_9.png +++ b/doc/user/application_security/img/multi_select_v12_9.png diff --git a/doc/user/application_security/sast/img/sast_v12_9.png b/doc/user/application_security/sast/img/sast_v12_9.png Binary files differindex 91f4b8a8e2e..3c6ee7a276b 100644 --- a/doc/user/application_security/sast/img/sast_v12_9.png +++ b/doc/user/application_security/sast/img/sast_v12_9.png diff --git a/doc/user/application_security/threat_monitoring/index.md b/doc/user/application_security/threat_monitoring/index.md index 07427af7c7d..3a3e2b36133 100644 --- a/doc/user/application_security/threat_monitoring/index.md +++ b/doc/user/application_security/threat_monitoring/index.md @@ -13,6 +13,7 @@ navigating to your project's **Security & Compliance > Threat Monitoring** page. GitLab supports statistics for the following security features: - [Web Application Firewall](../../clusters/applications.md#web-application-firewall-modsecurity) +- [Container Network Policies](../../../topics/autodevops/index.md#network-policy) ## Web Application Firewall @@ -38,3 +39,38 @@ about your Ingress traffic: If a significant percentage of traffic is anomalous, you should investigate it for potential threats by [examining the application logs](../../clusters/applications.md#web-application-firewall-modsecurity). + +## Container Network Policy + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/32365) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.9. + +The **Container Network Policy** section provides packet flow metrics for +your application's Kubernetes namespace. This section has the following +prerequisites: + +- Your project contains at least one [environment](../../../ci/environments.md) +- You've [installed Cilium](../../clusters/applications.md#install-cilium-using-gitlab-cicd) +- You've configured the [Prometheus service](../../project/integrations/prometheus.md#enabling-prometheus-integration) + +If you're using custom Helm values for Cilium, you must enable Hubble +with flow metrics for each namespace by adding the following lines to +your [Hubble values](../../clusters/applications.md#install-cilium-using-gitlab-cicd): + +```yaml +metrics: + enabled: + - 'flow:sourceContext=namespace;destinationContext=namespace' +``` + +The **Container Network Policy** section displays the following information +about your packet flow: + +- The total amount of the inbound and outbound packets +- The proportion of packets dropped according to the configured + policies +- The per-second average rate of the forwarded and dropped packets + accumulated over time window for the requested time interval + +If a significant percentage of packets is dropped, you should +investigate it for potential threats by +[examining the Cilium logs](../../clusters/applications.md#install-cilium-using-gitlab-cicd). |