diff options
Diffstat (limited to 'doc/user/application_security/configuration/index.md')
-rw-r--r-- | doc/user/application_security/configuration/index.md | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/doc/user/application_security/configuration/index.md b/doc/user/application_security/configuration/index.md index 32a523a1871..5eb1b93eb76 100644 --- a/doc/user/application_security/configuration/index.md +++ b/doc/user/application_security/configuration/index.md @@ -2,7 +2,7 @@ type: reference, howto stage: Secure group: Static Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Security Configuration **(FREE)** @@ -19,12 +19,23 @@ The Security Configuration page lists the following for the security testing and - Whether or not it is available. - A configuration button or a link to its configuration guide. -The status of each security control is determined by the project's latest default branch -[CI pipeline](../../../ci/pipelines/index.md). -If a job with the expected security report artifact exists in the pipeline, the feature's status is -_enabled_. +To determine the status of each security control, GitLab checks for a [CI/CD pipeline](../../../ci/pipelines/index.md) +in the most recent commit on the default branch. -If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md), +If GitLab finds a CI/CD pipeline, then it inspects each job in the `.gitlab-ci.yml` file. + +- If a job defines an [`artifacts:reports` keyword](../../../ci/yaml/artifacts_reports.md) + for a security scanner, then GitLab considers the security scanner enabled and shows the **Enabled** status. +- If no jobs define an `artifacts:reports` keyword for a security scanner, then GitLab considers + the security scanner disabled and shows the **Not enabled** status. + +If GitLab does not find a CI/CD pipeline, then it considers all security scanners disabled and shows the **Not enabled** status. + +Failed pipelines and jobs are included in this process. If a scanner is configured but the job fails, +that scanner is still considered enabled. This process also determines the scanners and statuses +returned through the [API](../../../api/graphql/reference/index.md#securityscanners). + +If the latest pipeline uses [Auto DevOps](../../../topics/autodevops/index.md), all security features are configured by default. To view a project's security configuration: |