diff options
Diffstat (limited to 'doc/user/compliance/license_compliance/index.md')
| -rw-r--r-- | doc/user/compliance/license_compliance/index.md | 65 |
1 files changed, 48 insertions, 17 deletions
diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index 19b01e4d854..fb5ce37c563 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -2,7 +2,7 @@ type: reference, howto stage: Secure group: Composition Analysis -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # License compliance **(ULTIMATE)** @@ -100,7 +100,7 @@ To enable License Compliance in your project's pipeline, either: (provided by [Auto DevOps](../../../topics/autodevops/index.md)). - Include the [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml) in your `.gitlab-ci.yml` file. -Please note that License Compliance is not supported when GitLab is run with FIPS mode enabled. +License Compliance is not supported when GitLab is run with FIPS mode enabled. ### Include the License Scanning template @@ -556,8 +556,8 @@ license_scanning: #### Using private NuGet registries If you have a private NuGet registry you can add it as a source -by adding it to the [`packageSources`](https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#package-source-sections) -section of a [`nuget.config`](https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file) file. +by adding it to the [`packageSources`](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file#package-source-sections) +section of a [`nuget.config`](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file) file. For example: @@ -656,7 +656,7 @@ registry.gitlab.com/security-products/license-finder:latest ``` The process for importing Docker images into a local offline Docker registry depends on -**your network security policy**. Please consult your IT staff to find an accepted and approved +**your network security policy**. Consult your IT staff to find an accepted and approved process by which external resources can be imported or temporarily accessed. Note that these scanners are [updated periodically](../../application_security/index.md#vulnerability-scanner-maintenance) with new definitions, so consider if you are able to make periodic updates yourself. @@ -869,30 +869,61 @@ A full list of variables can be found in [CI/CD variables](#available-cicd-varia To find out what tools are pre-installed in the `license_scanning` Docker image use the following command: ```shell -$ docker run --entrypoint='' registry.gitlab.com/security-products/license-finder:4 /bin/bash -lc 'asdf list' +$ docker run --entrypoint='' -ti --rm registry.gitlab.com/security-products/license-finder:4 \ + /bin/bash -c 'dpkg -i /opt/toolcache/*.deb && asdf list' +... +dotnet-core + 3.1.302 +elixir + 1.10.4 golang - 1.14 + 1.15.5 + 1.16.2 gradle - 6.3 +No versions installed java - adopt-openjdk-11.0.7+10 - adopt-openjdk-8u242-b08 + 11 + 14 + 15 + 8 maven - 3.6.3 +No versions installed nodejs - 10.20.1 - 12.16.3 + 10.21.0 + 12.18.2 + 14.17.1 php - 7.4.5 + 7.4.8 python 2.7.18 - 3.8.2 + 3.3.7 + 3.4.10 + 3.5.9 + 3.6.11 + 3.7.7 + 3.8.5 ruby + 2.4.10 + 2.4.5 + 2.4.9 + 2.5.8 + 2.6.0 + 2.6.1 + 2.6.2 + 2.6.3 + 2.6.4 + 2.6.5 2.6.6 -sbt - 1.3.8 + 2.7.0 + 2.7.1 + 2.7.2 +rust + 1.45.0 ``` +It might take more than 10 minutes to run the command above. +This is because it installs every single tool version available in the Docker image. + To interact with the `license_scanning` runtime environment use the following command: ```shell |