Add latest changes from gitlab-org/gitlab@13-0-stable-ee

2 files changed, 18 insertions, 1 deletions

diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 1d5f96d96bb..cfc679f13a7 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -453,7 +453,7 @@ DAST can be [configured](#customizing-the-dast-settings) using environment varia
 | `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` | no | Requires [domain validation](#domain-validation) when running DAST full scans. Boolean. `true`, `True`, or `1` are considered as true value, otherwise false. Defaults to `false`. Not supported for API scans. |
 | `DAST_AUTO_UPDATE_ADDONS` | no | By default the versions of ZAP add-ons are pinned to those provided with the DAST image. Set to `true` to allow ZAP to download the latest versions. |
 | `DAST_API_HOST_OVERRIDE` | no | Used to override domains defined in API specification files. |
-| `DAST_EXCLUDE_RULES` | no | Set to a comma-separated list of Vulnerability Rule IDs to exclude them from scans. Rule IDs are numbers and can be found from the DAST log or on the [ZAP project](https://github.com/zaproxy/zaproxy/blob/master/docs/scanners.md). For example, `HTTP Parameter Override` has a rule ID of `10026`. |
+| `DAST_EXCLUDE_RULES` | no | Set to a comma-separated list of Vulnerability Rule IDs to exclude them from the scan report. Currently, excluded rules will get executed but the alerts from them will be suppressed. Rule IDs are numbers and can be found from the DAST log or on the [ZAP project](https://github.com/zaproxy/zaproxy/blob/develop/docs/scanners.md). For example, `HTTP Parameter Override` has a rule ID of `10026`. |
 | `DAST_REQUEST_HEADERS` | no | Set to a comma-separated list of request header names and values. For example, `Cache-control: no-cache,User-Agent: DAST/1.0` |
 | `DAST_ZAP_USE_AJAX_SPIDER` | no | Use the AJAX spider in addition to the traditional spider, useful for crawling sites that require JavaScript. Boolean. `true`, `True`, or `1` are considered as true value, otherwise false. Defaults to `false`. |
 
diff --git a/doc/user/project/code_owners.md b/doc/user/project/code_owners.md
index 45d9e8f04e0..40ea1833fa3 100644
--- a/doc/user/project/code_owners.md
+++ b/doc/user/project/code_owners.md
@@ -88,6 +88,23 @@ or more users or by the `@name` of one or more groups that should
 be owners of the file. Groups must be added as [members of the project](members/index.md),
 or they will be ignored.
 
+Starting in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/32432), you can now specify
+groups or subgroups from the project's group hierarchy as potential code owners.
+
+For example, consider the following hierarchy for a given project:
+
+```text
+group >> sub-group >> sub-subgroup >> myproject >> file.md
+```
+
+Any of the following groups would be eligible to be specified as code owners:
+
+- `@group`
+- `@group/sub-group`
+- `@group/sub-group/sub-subgroup`
+
+In addition, any groups that have been invited to the project using the **Settings > Members** tool will also be recognized as eligible code owners.
+
 The order in which the paths are defined is significant: the last
 pattern that matches a given path will be used to find the code
 owners.