diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-06 18:09:37 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-06 18:09:37 +0000 |
commit | 495c22d1245b6212b21b7379a542df73dfa77206 (patch) | |
tree | 5f0f82dd6c8c4fe1c4bd411f9e398b1a6eaaa69f /doc | |
parent | f3b1e07903a7f509b11ad7cf188fac46d98f77f6 (diff) | |
download | gitlab-ce-495c22d1245b6212b21b7379a542df73dfa77206.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/logs.md | 4 | ||||
-rw-r--r-- | doc/user/application_security/dependency_scanning/index.md | 35 | ||||
-rw-r--r-- | doc/user/application_security/index.md | 29 | ||||
-rw-r--r-- | doc/user/application_security/sast/index.md | 23 | ||||
-rw-r--r-- | doc/user/compliance/license_compliance/index.md | 31 |
5 files changed, 60 insertions, 62 deletions
diff --git a/doc/administration/logs.md b/doc/administration/logs.md index 5a6eb95de42..889a8b2d6b0 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -434,6 +434,10 @@ I, [2015-02-13T06:17:00.679433 #9291] INFO -- : Moving existing hooks directory User clone/fetch activity using SSH transport appears in this log as `executing git command <gitaly-upload-pack...`. +## `current` + +This file lives in `/var/log/gitlab/gitaly/current` and is produced by [runit](http://smarden.org/runit/). `runit` is packaged with Omnibus and a brief explanation of its purpose is available [in the omnibus documentation](https://docs.gitlab.com/omnibus/architecture/#runit). [Log files are rotated](http://smarden.org/runit/svlogd.8.html), renamed in unix timestamp format and `gzip`-compressed (e.g. `@1584057562.s`). + ## `unicorn_stderr.log` This file lives in `/var/log/gitlab/unicorn/unicorn_stderr.log` for diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index c83e69ed6c4..651a7730cdb 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -167,7 +167,7 @@ The following variables are used for configuring specific analyzers (used for a | `DS_PIP_VERSION` | `gemnasium-python` | | Force the install of a specific pip version (example: `"19.3"`), otherwise the pip installed in the Docker image is used. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12811) in GitLab 12.7) | | `DS_PIP_DEPENDENCY_PATH` | `gemnasium-python` | | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12412) in GitLab 12.2) | | `DS_PYTHON_VERSION` | `retire.js` | | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12296) in GitLab 12.1)| -| `MAVEN_CLI_OPTS` | `gemnasium-maven` | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](#using-private-maven-repos). | +| `MAVEN_CLI_OPTS` | `gemnasium-maven` | `"-DskipTests --batch-mode"` | List of command line arguments that will be passed to `maven` by the analyzer. See an example for [using private repos](../index.md#using-private-maven-repos). | | `BUNDLER_AUDIT_UPDATE_DISABLED` | `bundler-audit` | `"false"` | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running Dependency Scanning in an offline, air-gapped environment.| | `BUNDLER_AUDIT_ADVISORY_DB_URL` | `bundler-audit` | `https://github.com/rubysec/ruby-advisory-db` | URL of the advisory database used by bundler-audit. | | `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME` | `bundler-audit` | `master` | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL`. | @@ -177,28 +177,9 @@ The following variables are used for configuring specific analyzers (used for a ### Using private Maven repos If you have a private Maven repository which requires login credentials, -you can use the `MAVEN_CLI_OPTS` environment variable to pass variables -specified in your settings (e.g., username, password, etc.). - -For example, if you have a settings file in your project source (e.g., `mysettings.xml`) -that looks like the following, you can specify the variables -[by adding an entry under your project's settings](../../../ci/variables/README.md#via-the-ui), -so that you don't have to expose your private data in `.gitlab-ci.yml` (e.g., adding -`MAVEN_CLI_OPTS` with value `--settings mysettings.xml -Dprivate.username=foo -Dprivate.password=bar`). - -```xml -<!-- mysettings.xml --> -<settings> - ... - <servers> - <server> - <id>private_server</id> - <username>${private.username}</username> - <password>${private.password}</password> - </server> - </servers> -</settings> -``` +you can use the `MAVEN_CLI_OPTS` environment variable. + +Read more on [how to use private Maven repos](../index.md#using-private-maven-repos). ### Disabling Docker in Docker for Dependency Scanning @@ -217,6 +198,14 @@ variables: This will create individual `<analyzer-name>-dependency_scanning` jobs for each analyzer that runs in your CI/CD pipeline. +By removing Docker-in-Docker (DIND), GitLab relies on [Linguist](https://github.com/github/linguist) +to start relevant analyzers depending on the detected repository language(s) instead of the +[orchestrator](https://gitlab.com/gitlab-org/security-products/dependency-scanning/). However, there +are some differences in the way repository languages are detected between DIND and non-DIND. You can +observe these differences by checking both Linguist and the common library. For instance, Linguist +looks for `*.java` files to spin up the [gemnasium-maven](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven) +image, while orchestrator only looks for the existence of `pom.xml` or `build.gradle`. + ## Interacting with the vulnerabilities Once a vulnerability is found, you can interact with it. Read more on how to diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 299507ff6c4..dadff8583db 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -251,6 +251,35 @@ environment. Read how to [operate the Secure scanners in an offline environment](offline_deployments/index.md). +## Using private Maven repos + +If you have a private Apache Maven repository that requires login credentials, +you can use the `MAVEN_CLI_OPTS` environment variable +to pass a username and password. You can set it under your project's settings +so that your credentials aren't exposed in `.gitlab-ci.yml`. + +If the username is `myuser` and the password is `verysecret` then you would +[set the following variable](../../ci/variables/README.md#via-the-ui) +under your project's settings: + +| Type | Key | Value | +| ---- | --- | ----- | +| Variable | `MAVEN_CLI_OPTS` | `--settings mysettings.xml -Drepository.password=verysecret -Drepository.user=myuser` | + +```xml +<!-- mysettings.xml --> +<settings> + ... + <servers> + <server> + <id>private_server</id> + <username>${private.username}</username> + <password>${private.password}</password> + </server> + </servers> +</settings> +``` + ## Outdated security reports > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/4913) in GitLab 12.7. diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 64a8b1b40dd..9c6098e4e04 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -166,18 +166,10 @@ it via [custom environment variables](#custom-environment-variables). #### Using a variable to pass username and password to a private Maven repository -If you have a private Apache Maven repository that requires login credentials, -you can use the `MAVEN_CLI_OPTS` [environment variable](#available-variables) -to pass a username and password. You can set it under your project's settings -so that your credentials aren't exposed in `.gitlab-ci.yml`. +If you have a private Maven repository which requires login credentials, +you can use the `MAVEN_CLI_OPTS` environment variable. -If the username is `myuser` and the password is `verysecret` then you would -[set the following variable](../../../ci/variables/README.md#via-the-ui) -under your project's settings: - -| Type | Key | Value | -| ---- | --- | ----- | -| Variable | `MAVEN_CLI_OPTS` | `-Drepository.password=verysecret -Drepository.user=myuser` | +Read more on [how to use private Maven repos](../index.md#using-private-maven-repos). ### Disabling Docker in Docker for SAST @@ -194,6 +186,15 @@ variables: This will create individual `<analyzer-name>-sast` jobs for each analyzer that runs in your CI/CD pipeline. +By removing Docker-in-Docker (DIND), GitLab relies on [Linguist](https://github.com/github/linguist) +to start relevant analyzers depending on the detected repository language(s) instead of the +[orchestrator](https://gitlab.com/gitlab-org/security-products/dependency-scanning/). However, there +are some differences in the way repository languages are detected between DIND and non-DIND. You can +observe these differences by checking both Linguist and the common library. For instance, Linguist +looks for `*.java` files to spin up the [spotbugs](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) +image, while orchestrator only looks for the existence of `pom.xml`, `build.xml`, `gradlew`, +`grailsw`, or `mvnw`. + #### Enabling kubesec analyzer > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/12752) in GitLab Ultimate 12.6. diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index ef20e074b3e..87dc5406c89 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -191,35 +191,10 @@ If you still need to run tests during `mvn install`, add `-DskipTests=false` to #### Using private Maven repos -If you have a private Maven repository that requires login credentials, you can use the -`MAVEN_CLI_OPTS` variable to specify a custom [`settings.xml`](http://maven.apache.org/settings.html) -file. - -For example, you may have a settings file like this in your project source: - -```xml -<settings> - <servers> - <server> - <id>my-server</id> - <username>${private.username}</username> - <username>${private.password}</username> - </server> - </servers> -</settings> -``` - -You can use this file through the following declaration in your `gitlab-ci.yml` file: - -```yaml -license_scanning: - variables: - MAVEN_CLI_OPTS: --settings settings.xml -Dprivate.username=foo -Dprivate.password=bar -``` +If you have a private Maven repository which requires login credentials, +you can use the `MAVEN_CLI_OPTS` environment variable. -NOTE: **Note:** -If you don't want to expose the credentials in your `.gitlab-ci.yml` file, then -you can [set the variable in your project's settings](../../../ci/variables/README.md#via-the-ui). +Read more on [how to use private Maven repos](../../application_security/index.md#using-private-maven-repos). ### Selecting the version of Python |