Add latest changes from gitlab-org/gitlab@15-7-stable-eev15.7.0-rc42

20 files changed, 159 insertions, 158 deletions

diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
index fddcc1492a8..11420b05dfb 100644
--- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
@@ -177,11 +177,11 @@ include:
   - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml
   - template: Jobs/Helm-2to3.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml
   - template: Security/DAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
-  - template: Security/Container-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
-  - template: Security/Dependency-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
-  - template: Security/License-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml
-  - template: Security/SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
-  - template: Security/Secret-Detection.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
+  - template: Jobs/Container-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
+  - template: Jobs/Dependency-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
+  - template: Jobs/License-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
+  - template: Jobs/SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
+  - template: Jobs/Secret-Detection.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
 
 # The latest build job generates a dotenv report artifact with a CI_APPLICATION_TAG
 # that also includes the image digest. This configures Auto Deploy to receive
diff --git a/lib/gitlab/ci/templates/Gradle.gitlab-ci.yml b/lib/gitlab/ci/templates/Gradle.gitlab-ci.yml
index 671925c5df6..16ce85548df 100644
--- a/lib/gitlab/ci/templates/Gradle.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Gradle.gitlab-ci.yml
@@ -11,13 +11,6 @@
 
 image: gradle:alpine
 
-# Disable the Gradle daemon for Continuous Integration servers as correctness
-# is usually a priority over speed in CI environments. Using a fresh
-# runtime for each build is more reliable since the runtime is completely
-# isolated from any previous builds.
-variables:
-  GRADLE_OPTS: "-Dorg.gradle.daemon=false"
-
 before_script:
   - GRADLE_USER_HOME="$(pwd)/.gradle"
   - export GRADLE_USER_HOME
diff --git a/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml
index fcf2ac7de7a..026ddf4a17a 100644
--- a/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.gitlab-ci.yml
@@ -7,7 +7,7 @@ browser_performance:
   variables:
     DOCKER_TLS_CERTDIR: ""
     SITESPEED_IMAGE: sitespeedio/sitespeed.io
-    SITESPEED_VERSION: 14.1.0
+    SITESPEED_VERSION: 26.1.0
     SITESPEED_OPTIONS: ''
   services:
     - name: 'docker:20.10.12-dind'
diff --git a/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml
index 04b7dacf2dd..218c2f79e6a 100644
--- a/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Browser-Performance-Testing.latest.gitlab-ci.yml
@@ -7,7 +7,7 @@ browser_performance:
   variables:
     DOCKER_TLS_CERTDIR: ""
     SITESPEED_IMAGE: sitespeedio/sitespeed.io
-    SITESPEED_VERSION: 14.1.0
+    SITESPEED_VERSION: latest
     SITESPEED_OPTIONS: ''
   services:
     - name: 'docker:20.10.12-dind'
diff --git a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
index 23efed212f8..b4beeb60dfd 100644
--- a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
@@ -8,7 +8,8 @@ code_quality:
   variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
-    CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.87.0"
+    CODE_QUALITY_IMAGE_TAG: "0.87.3"
+    CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:$CODE_QUALITY_IMAGE_TAG"
   needs: []
   script:
     - export SOURCE_CODE=$PWD
diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
new file mode 100644
index 00000000000..fa609afc5a8
--- /dev/null
+++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
@@ -0,0 +1,54 @@
+# To contribute improvements to CI/CD templates, please follow the Development guide at:
+# https://docs.gitlab.com/ee/development/cicd/templates.html
+# This specific template is located at:
+# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
+
+# Use this template to enable container scanning in your project.
+# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:`
+# keyword.
+# The template should work without modifications but you can customize the template settings if
+# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+#
+# Requirements:
+# - A `test` stage to be present in the pipeline.
+# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the
+#   same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this.
+# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the
+# image to be scanned is in a private registry.
+# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
+#   CS_DOCKERFILE_PATH variable.
+#
+# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
+
+variables:
+  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
+
+container_scanning:
+  image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
+  stage: test
+  variables:
+    # To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
+    # `.gitlab-ci.yml` file and set it to `fetch`.
+    # For details, see the following links:
+    # https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
+    # https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
+    GIT_STRATEGY: none
+  allow_failure: true
+  artifacts:
+    reports:
+      container_scanning: gl-container-scanning-report.json
+      dependency_scanning: gl-dependency-scanning-report.json
+    paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
+  dependencies: []
+  script:
+    - gtcs scan
+  rules:
+    - if: $CONTAINER_SCANNING_DISABLED
+      when: never
+    - if: $CI_COMMIT_BRANCH &&
+          $CI_GITLAB_FIPS_MODE == "true" &&
+          $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
+      variables:
+        CS_IMAGE_SUFFIX: -fips
+    - if: $CI_COMMIT_BRANCH
diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml
new file mode 100644
index 00000000000..f750bda2a3f
--- /dev/null
+++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml
@@ -0,0 +1,68 @@
+# To contribute improvements to CI/CD templates, please follow the Development guide at:
+# https://docs.gitlab.com/ee/development/cicd/templates.html
+# This specific template is located at:
+# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml
+
+# Use this template to enable container scanning in your project.
+# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:`
+# keyword.
+# The template should work without modifications but you can customize the template settings if
+# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+#
+# Requirements:
+# - A `test` stage to be present in the pipeline.
+# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the
+#   same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this.
+# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the
+# image to be scanned is in a private registry.
+# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
+#   CS_DOCKERFILE_PATH variable.
+#
+# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
+
+variables:
+  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
+
+container_scanning:
+  image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
+  stage: test
+  variables:
+    # To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
+    # `.gitlab-ci.yml` file and set it to `fetch`.
+    # For details, see the following links:
+    # https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
+    # https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
+    GIT_STRATEGY: none
+  allow_failure: true
+  artifacts:
+    reports:
+      container_scanning: gl-container-scanning-report.json
+      dependency_scanning: gl-dependency-scanning-report.json
+    paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
+  dependencies: []
+  script:
+    - gtcs scan
+  rules:
+    - if: $CONTAINER_SCANNING_DISABLED
+      when: never
+
+    # Add the job to merge request pipelines if there's an open merge request.
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
+          $CI_GITLAB_FIPS_MODE == "true" &&
+          $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
+      variables:
+        CS_IMAGE_SUFFIX: -fips
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+
+    # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
+    - if: $CI_OPEN_MERGE_REQUESTS
+      when: never
+
+    # Add the job to branch pipelines.
+    - if: $CI_COMMIT_BRANCH &&
+          $CI_GITLAB_FIPS_MODE == "true" &&
+          $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
+      variables:
+        CS_IMAGE_SUFFIX: -fips
+    - if: $CI_COMMIT_BRANCH
diff --git a/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml
index 936d8751fe1..12105e0e95d 100644
--- a/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Load-Performance-Testing.gitlab-ci.yml
@@ -4,8 +4,8 @@ load_performance:
   allow_failure: true
   variables:
     DOCKER_TLS_CERTDIR: ""
-    K6_IMAGE: loadimpact/k6
-    K6_VERSION: 0.27.0
+    K6_IMAGE: grafana/k6
+    K6_VERSION: 0.41.0
     K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/samples/http_get.js
     K6_OPTIONS: ''
     K6_DOCKER_OPTIONS: ''
diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
index a6d47e31de2..2c5027cdb43 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
@@ -238,6 +238,8 @@ semgrep-sast:
         - '**/*.java'
         - '**/*.cs'
         - '**/*.html'
+        - '**/*.scala'
+        - '**/*.sc'
 
 sobelow-sast:
   extends: .sast-analyzer
diff --git a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
index 4600468ef30..58709d3ab62 100644
--- a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml
@@ -299,6 +299,8 @@ semgrep-sast:
         - '**/*.java'
         - '**/*.html'
         - '**/*.cs'
+        - '**/*.scala'
+        - '**/*.sc'
     - if: $CI_OPEN_MERGE_REQUESTS  # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
       when: never
     - if: $CI_COMMIT_BRANCH        # If there's no open merge request, add it to a *branch* pipeline instead.
@@ -313,6 +315,8 @@ semgrep-sast:
         - '**/*.java'
         - '**/*.html'
         - '**/*.cs'
+        - '**/*.scala'
+        - '**/*.sc'
 
 sobelow-sast:
   extends: .sast-analyzer
diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
index 79a08c33fdf..879d6a7a468 100644
--- a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
@@ -1,54 +1,5 @@
-# To contribute improvements to CI/CD templates, please follow the Development guide at:
-# https://docs.gitlab.com/ee/development/cicd/templates.html
-# This specific template is located at:
-# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+# This template moved to Jobs/Container-Scanning.gitlab-ci.yml in GitLab 15.6
+# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/381665
 
-# Use this template to enable container scanning in your project.
-# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:`
-# keyword.
-# The template should work without modifications but you can customize the template settings if
-# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
-#
-# Requirements:
-# - A `test` stage to be present in the pipeline.
-# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the
-#   same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this.
-# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the
-# image to be scanned is in a private registry.
-# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
-#   CS_DOCKERFILE_PATH variable.
-#
-# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
-# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
-
-variables:
-  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
-
-container_scanning:
-  image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
-  stage: test
-  variables:
-    # To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
-    # `.gitlab-ci.yml` file and set it to `fetch`.
-    # For details, see the following links:
-    # https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
-    # https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
-    GIT_STRATEGY: none
-  allow_failure: true
-  artifacts:
-    reports:
-      container_scanning: gl-container-scanning-report.json
-      dependency_scanning: gl-dependency-scanning-report.json
-    paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
-  dependencies: []
-  script:
-    - gtcs scan
-  rules:
-    - if: $CONTAINER_SCANNING_DISABLED
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $CI_GITLAB_FIPS_MODE == "true" &&
-          $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
-      variables:
-        CS_IMAGE_SUFFIX: -fips
-    - if: $CI_COMMIT_BRANCH
+include:
+  template: Jobs/Container-Scanning.gitlab-ci.yml
diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml
index f7b1d12b3b3..7a4f451314e 100644
--- a/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml
@@ -1,68 +1,5 @@
-# To contribute improvements to CI/CD templates, please follow the Development guide at:
-# https://docs.gitlab.com/ee/development/cicd/templates.html
-# This specific template is located at:
-# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+# This template moved to Jobs/Container-Scanning.latest.gitlab-ci.yml in GitLab 15.6
+# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/381665
 
-# Use this template to enable container scanning in your project.
-# You should add this template to an existing `.gitlab-ci.yml` file by using the `include:`
-# keyword.
-# The template should work without modifications but you can customize the template settings if
-# needed: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
-#
-# Requirements:
-# - A `test` stage to be present in the pipeline.
-# - You must define the image to be scanned in the CS_IMAGE variable. If CS_IMAGE is the
-#   same as $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG, you can skip this.
-# - Container registry credentials defined by `CS_REGISTRY_USER` and `CS_REGISTRY_PASSWORD` variables if the
-# image to be scanned is in a private registry.
-# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
-#   CS_DOCKERFILE_PATH variable.
-#
-# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
-# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
-
-variables:
-  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5"
-
-container_scanning:
-  image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX"
-  stage: test
-  variables:
-    # To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
-    # `.gitlab-ci.yml` file and set it to `fetch`.
-    # For details, see the following links:
-    # https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
-    # https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
-    GIT_STRATEGY: none
-  allow_failure: true
-  artifacts:
-    reports:
-      container_scanning: gl-container-scanning-report.json
-      dependency_scanning: gl-dependency-scanning-report.json
-    paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
-  dependencies: []
-  script:
-    - gtcs scan
-  rules:
-    - if: $CONTAINER_SCANNING_DISABLED
-      when: never
-
-    # Add the job to merge request pipelines if there's an open merge request.
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
-          $CI_GITLAB_FIPS_MODE == "true" &&
-          $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
-      variables:
-        CS_IMAGE_SUFFIX: -fips
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-
-    # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
-    - if: $CI_OPEN_MERGE_REQUESTS
-      when: never
-
-    # Add the job to branch pipelines.
-    - if: $CI_COMMIT_BRANCH &&
-          $CI_GITLAB_FIPS_MODE == "true" &&
-          $CS_ANALYZER_IMAGE !~ /-(fips|ubi)\z/
-      variables:
-        CS_IMAGE_SUFFIX: -fips
-    - if: $CI_COMMIT_BRANCH
+include:
+  template: Jobs/Container-Scanning.latest.gitlab-ci.yml
diff --git a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml
index d933007ec61..89944e347f6 100644
--- a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml
@@ -16,7 +16,7 @@ variables:
   COVFUZZ_VERSION: v3
   # This is for users who have an offline environment and will have to replicate gitlab-cov-fuzz release binaries
   # to their own servers
-  COVFUZZ_URL_PREFIX: "https://gitlab.com/gitlab-org/security-products/analyzers/gitlab-cov-fuzz/-/raw"
+  COVFUZZ_URL_PREFIX: "https://gitlab.com/security-products/gitlab-cov-fuzz/-/raw"
 
 
 coverage_fuzzing_unlicensed:
diff --git a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml
index feed4c47157..4f6ba427058 100644
--- a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.latest.gitlab-ci.yml
@@ -16,7 +16,7 @@ variables:
   COVFUZZ_VERSION: v3
   # This is for users who have an offline environment and will have to replicate gitlab-cov-fuzz release binaries
   # to their own servers
-  COVFUZZ_URL_PREFIX: "https://gitlab.com/gitlab-org/security-products/analyzers/gitlab-cov-fuzz/-/raw"
+  COVFUZZ_URL_PREFIX: "https://gitlab.com/security-products/gitlab-cov-fuzz/-/raw"
 
 
 coverage_fuzzing_unlicensed:
diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
index 40060e96dff..c43296b5865 100644
--- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml
@@ -51,7 +51,4 @@ dast:
           $REVIEW_DISABLED
       when: never
     - if: $CI_COMMIT_BRANCH &&
-          ($CI_KUBERNETES_ACTIVE || $KUBECONFIG) &&
-          $GITLAB_FEATURES =~ /\bdast\b/
-    - if: $CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bdast\b/
diff --git a/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml
index 50e9bb5431d..27bcc14bcf5 100644
--- a/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml
@@ -55,9 +55,6 @@ dast:
 
     # Add the job to merge request pipelines if there's an open merge request.
     - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
-          ($CI_KUBERNETES_ACTIVE || $KUBECONFIG) &&
-          $GITLAB_FEATURES =~ /\bdast\b/
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
           $GITLAB_FEATURES =~ /\bdast\b/
 
     # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
@@ -66,9 +63,6 @@ dast:
 
     # Add the job to branch pipelines.
     - if: $CI_COMMIT_BRANCH &&
-          ($CI_KUBERNETES_ACTIVE || $KUBECONFIG) &&
-          $GITLAB_FEATURES =~ /\bdast\b/
-    - if: $CI_COMMIT_BRANCH &&
           $GITLAB_FEATURES =~ /\bdast\b/
   after_script:
     # Remove any debug.log files because they might contain secrets.
diff --git a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml
index fd04c86e6c7..631f6cecddf 100644
--- a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml
@@ -9,9 +9,9 @@
 # Usage:
 #
 # include:
-#   - template: Secure-Binaries.gitlab-ci.yml
+#   - template: Security/Secure-Binaries.gitlab-ci.yml
 #
-# Docs: https://docs.gitlab.com/ee/topics/airgap/
+# Docs: https://docs.gitlab.com/ee/user/application_security/offline_deployments/
 
 variables:
   # Setting this variable will affect all Security templates
@@ -38,7 +38,7 @@ variables:
     DOCKER_DRIVER: overlay2
     DOCKER_TLS_CERTDIR: ""
   services:
-    - docker:stable-dind
+    - docker:dind
   script:
     - docker info
     - env
diff --git a/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml
index c3113ffebf3..c1a90955f7f 100644
--- a/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Verify/Browser-Performance.gitlab-ci.yml
@@ -17,10 +17,10 @@ browser_performance:
   variables:
     URL: ''
     SITESPEED_IMAGE: sitespeedio/sitespeed.io
-    SITESPEED_VERSION: 14.1.0
+    SITESPEED_VERSION: 26.1.0
     SITESPEED_OPTIONS: ''
   services:
-    - docker:stable-dind
+    - docker:dind
   script:
     - mkdir gitlab-exporter
     # Busybox wget does not support proxied HTTPS, get the real thing.
diff --git a/lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml
index c9f0c173692..adc92fde5ae 100644
--- a/lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Verify/Browser-Performance.latest.gitlab-ci.yml
@@ -17,10 +17,10 @@ browser_performance:
   variables:
     URL: ''
     SITESPEED_IMAGE: sitespeedio/sitespeed.io
-    SITESPEED_VERSION: 14.1.0
+    SITESPEED_VERSION: latest
     SITESPEED_OPTIONS: ''
   services:
-    - docker:stable-dind
+    - docker:dind
   script:
     - mkdir gitlab-exporter
     # Busybox wget does not support proxied HTTPS, get the real thing.
diff --git a/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml
index bf5cfbb519d..a907915587a 100644
--- a/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Verify/Load-Performance-Testing.gitlab-ci.yml
@@ -15,13 +15,13 @@ load_performance:
   stage: performance
   image: docker:git
   variables:
-    K6_IMAGE: loadimpact/k6
-    K6_VERSION: 0.27.0
+    K6_IMAGE: grafana/k6
+    K6_VERSION: 0.41.0
     K6_TEST_FILE: raw.githubusercontent.com/grafana/k6/master/samples/http_get.js
     K6_OPTIONS: ''
     K6_DOCKER_OPTIONS: ''
   services:
-    - docker:stable-dind
+    - docker:dind
   script:
     - docker run --rm -v "$(pwd)":/k6 -w /k6 $K6_DOCKER_OPTIONS $K6_IMAGE:$K6_VERSION run $K6_TEST_FILE --summary-export=load-performance.json $K6_OPTIONS
   artifacts: