diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-19 21:09:17 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-19 21:09:17 +0000 |
commit | 49a923c646a2c24b5377cfde8236c73094c60d42 (patch) | |
tree | 8e4ef094e6a338c80123765d8cd2a707c82bdc7b /doc/user | |
parent | 0eb4fd2f32e6804bc85868ba167170238e346279 (diff) | |
download | gitlab-ce-49a923c646a2c24b5377cfde8236c73094c60d42.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/application_security/sast/index.md | 28 | ||||
-rw-r--r-- | doc/user/group/saml_sso/index.md | 11 |
2 files changed, 23 insertions, 16 deletions
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 70d31f8e1d6..82a7256a984 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -17,10 +17,11 @@ to learn how to protect your organization. If you are using [GitLab CI/CD](../../../ci/README.md), you can analyze your source code for known vulnerabilities using Static Application Security Testing (SAST). -You can take advantage of SAST by either [including the CI job](#configuration) in -your existing `.gitlab-ci.yml` file or by implicitly using -[Auto SAST](../../../topics/autodevops/index.md#auto-sast-ultimate) -that is provided by [Auto DevOps](../../../topics/autodevops/index.md). +You can take advantage of SAST by doing one of the following: + +- [Including the CI job](#configuration) in your existing `.gitlab-ci.yml` file. +- Implicitly using [Auto SAST](../../../topics/autodevops/index.md#auto-sast-ultimate) provided by + [Auto DevOps](../../../topics/autodevops/index.md). GitLab checks the SAST report, compares the found vulnerabilities between the source and target branches, and shows the information right on the merge request. @@ -91,12 +92,14 @@ The Java analyzers can also be used for variants like the ## Configuration -For GitLab 11.9 and later, to enable SAST, you must -[include](../../../ci/yaml/README.md#includetemplate) the -[`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) -that's provided as a part of your GitLab installation. -For GitLab versions earlier than 11.9, you can copy and use the job as defined -that template. +NOTE: **Note:** +You don't have to configure SAST manually as shown in this section if you're using [Auto SAST](../../../topics/autodevops/index.md#auto-sast-ultimate) +provided by [Auto DevOps](../../../topics/autodevops/index.md). + +For GitLab 11.9 and later, to enable SAST you must [include](../../../ci/yaml/README.md#includetemplate) +the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) +that is provided as a part of your GitLab installation. For GitLab versions earlier than 11.9, you +can copy and use the job as defined that template. Add the following to your `.gitlab-ci.yml` file: @@ -448,8 +451,9 @@ the report JSON unless stated otherwise. Presence of optional fields depends on ## Secret detection -GitLab is also able to detect secrets and credentials that have been unintentionally pushed to the repository. -For example, an API key that allows write access to third-party deployment environments. +GitLab is also able to detect secrets and credentials that have been unintentionally pushed to the +repository (for example, an API key that allows write access to third-party deployment +environments). This check is performed by a specific analyzer during the `sast` job. It runs regardless of the programming language of your app, and you don't need to change anything to your diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md index 25493a42d83..66ea6684f5d 100644 --- a/doc/user/group/saml_sso/index.md +++ b/doc/user/group/saml_sso/index.md @@ -190,12 +190,8 @@ NOTE: **Note:** GitLab is unable to provide support for IdPs that are not listed |----------|---------------| | ADFS (Active Directory Federation Services) | [Create a Relying Party Trust](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-relying-party-trust) | | Azure | [Configuring single sign-on to applications](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications) | -| Auth0 | [Auth0 as Identity Provider](https://auth0.com/docs/protocols/saml/saml-idp-generic) | -| G Suite | [Set up your own custom SAML application](https://support.google.com/a/answer/6087519?hl=en) | -| JumpCloud | [Single Sign On (SSO) with GitLab](https://support.jumpcloud.com/support/s/article/single-sign-on-sso-with-gitlab-2019-08-21-10-36-47) | | Okta | [Setting up a SAML application in Okta](https://developer.okta.com/docs/guides/saml-application-setup/overview/) | | OneLogin | [Use the OneLogin SAML Test Connector](https://onelogin.service-now.com/support?id=kb_article&sys_id=93f95543db109700d5505eea4b96198f) | -| Ping One for Enterprise | [Add and configure a new SAML application](https://support.pingidentity.com/s/document-item?bundleId=pingone&topicId=xsh1564020480660-1.html) | When [configuring your identify provider](#configuring-your-identity-provider), please consider the notes below for specific providers to help avoid common issues and as a guide for terminology used. @@ -360,6 +356,13 @@ This can be prevented by configuring the [NameID](#nameid) to return a consisten Not a problem, the SAML standard means that a wide range of identity providers will work with GitLab. Unfortunately we aren't familiar with all of them so can only offer support configuring the [listed providers](#providers). +Your identity provider may also have relevant documentation. It may be generic SAML documentation, or specifically targeted for GitLab. Examples: + +- [Auth0](https://auth0.com/docs/protocols/saml/saml-idp-generic) +- [G Suite](https://support.google.com/a/answer/6087519?hl=en) +- [JumpCloud](https://support.jumpcloud.com/support/s/article/single-sign-on-sso-with-gitlab-2019-08-21-10-36-47) +- [OneLogin](https://onelogin.service-now.com/support?id=kb_article&sys_id=93f95543db109700d5505eea4b96198f). + ### I need additional information to configure my identity provider Many SAML terms can vary between providers. It is possible that the information you are looking for is listed under another name. |