diff options
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/admin_area/settings/usage_statistics.md | 6 | ||||
-rw-r--r-- | doc/user/application_security/offline_deployments/index.md | 1 | ||||
-rw-r--r-- | doc/user/application_security/vulnerabilities/img/standalone_vulnerability_page_v12_10.png | bin | 0 -> 26548 bytes | |||
-rw-r--r-- | doc/user/application_security/vulnerabilities/index.md | 69 | ||||
-rw-r--r-- | doc/user/compliance/license_compliance/index.md | 19 | ||||
-rw-r--r-- | doc/user/permissions.md | 22 |
6 files changed, 108 insertions, 9 deletions
diff --git a/doc/user/admin_area/settings/usage_statistics.md b/doc/user/admin_area/settings/usage_statistics.md index cbfdf2d188c..f28bab6ad86 100644 --- a/doc/user/admin_area/settings/usage_statistics.md +++ b/doc/user/admin_area/settings/usage_statistics.md @@ -197,9 +197,11 @@ but commented out to help encourage others to add to it in the future. --> |clusters_enabled|counts|| |project_clusters_enabled|counts|| |group_clusters_enabled|counts|| +|instance_clusters_enabled|counts|| |clusters_disabled|counts|| |project_clusters_disabled|counts|| |group_clusters_disabled|counts|| +|instance_clusters_disabled|counts|| |clusters_platforms_eks|counts|| |clusters_platforms_gke|counts|| |clusters_platforms_user|counts|| @@ -211,6 +213,7 @@ but commented out to help encourage others to add to it in the future. --> |clusters_applications_runner|counts|| |clusters_applications_knative|counts|| |clusters_applications_elastic_stack|counts|| +|clusters_management_project|counts|| |in_review_folder|counts|| |grafana_integrated_projects|counts|| |groups|counts|| @@ -382,11 +385,14 @@ but commented out to help encourage others to add to it in the future. --> |clusters_applications_helm|usage_activity_by_stage|configure| |clusters_applications_ingress|usage_activity_by_stage|configure| |clusters_applications_knative|usage_activity_by_stage|configure| +|clusters_management_project|usage_activity_by_stage|configure| |clusters_disabled|usage_activity_by_stage|configure| |clusters_enabled|usage_activity_by_stage|configure| |clusters_platforms_gke|usage_activity_by_stage|configure| |clusters_platforms_eks|usage_activity_by_stage|configure| |clusters_platforms_user|usage_activity_by_stage|configure| +|instance_clusters_disabled|usage_activity_by_stage|configure| +|instance_clusters_enabled|usage_activity_by_stage|configure| |group_clusters_disabled|usage_activity_by_stage|configure| |group_clusters_enabled|usage_activity_by_stage|configure| |project_clusters_disabled|usage_activity_by_stage|configure| diff --git a/doc/user/application_security/offline_deployments/index.md b/doc/user/application_security/offline_deployments/index.md index db309357530..5a5f149a3bf 100644 --- a/doc/user/application_security/offline_deployments/index.md +++ b/doc/user/application_security/offline_deployments/index.md @@ -78,3 +78,4 @@ above. You can find more information at each of the pages below: - [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-environment) - [SAST offline directions](../sast/index.md#gitlab-sast-in-an-offline-environment) - [DAST offline directions](../dast/index.md#running-dast-in-an-offline-environment) +- [License Compliance offline directions](../../compliance/license_compliance/index.md#running-license-compliance-in-an-offline-environment) diff --git a/doc/user/application_security/vulnerabilities/img/standalone_vulnerability_page_v12_10.png b/doc/user/application_security/vulnerabilities/img/standalone_vulnerability_page_v12_10.png Binary files differnew file mode 100644 index 00000000000..0fdb8d1e201 --- /dev/null +++ b/doc/user/application_security/vulnerabilities/img/standalone_vulnerability_page_v12_10.png diff --git a/doc/user/application_security/vulnerabilities/index.md b/doc/user/application_security/vulnerabilities/index.md new file mode 100644 index 00000000000..5cb4f16e0d8 --- /dev/null +++ b/doc/user/application_security/vulnerabilities/index.md @@ -0,0 +1,69 @@ +--- +type: reference, howto +--- + +# Standalone Vulnerability pages + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/13561) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10. + +CAUTION: **Warning:** +This feature is currently [Alpha](https://about.gitlab.com/handbook/product/#alpha-beta-ga). +You can begin using it, but it may receive important changes in the future. + +Each security vulnerability in the [Vulnerability List](../dependency_list/index.md) has its own standalone +page. + +![Standalone vulnerability page](img/standalone_vulnerability_page_v12_10.png) + +On the standalone vulnerability page, you can interact with the vulnerability in +several different ways: + +- [Change the Vulnerability Status](#changing-vulnerability-status) - You can change the + status of a vulnerability to **Detected**, **Confirmed**, **Dismissed**, or **Resolved**. +- [Create issue](#creating-an-issue-for-a-vulnerability) - Create a new issue with the + title and description prepopulated with information from the vulnerability report. + By default, such issues are [confidential](../../project/issues/confidential_issues.md). +- [Solution](#automatic-remediation-solutions-for-vulnerabilities) - For some vulnerabilities, + a solution is provided for how to fix the vulnerability. + +## Changing vulnerability status + +You can switch the status of a vulnerability using the **Status** dropdown to one of +the following values: + +| State | Description | +|-----------|-------------------------------------------------------------------| +| Detected | The default state for a newly discovered vulnerability | +| Confirmed | A user has seen this vulnerability and confirmed it to be real | +| Dismissed | A user has seen this vulnerability and dismissed it | +| Resolved | The vulnerability has been fixed and is no longer in the codebase | + +## Creating an issue for a vulnerability + +You can create an issue for a vulnerability by selecting the **Create issue** button. + +This creates a [confidential issue](../../project/issues/confidential_issues.md) in the +project the vulnerability came from, and prepopulates it with useful information from +the vulnerability report. After the issue is created, GitLab redirects you to the +issue page so you can edit, assign, or comment on the issue. + +## Automatic remediation solutions for vulnerabilities + +You can fix some vulnerabilities by applying the solution that GitLab automatically +generates for you. GitLab supports the following scanners: + +- [Dependency Scanning](../dependency_scanning/index.md): Automatic Patch creation + is only available for Node.js projects managed with `yarn`. +- [Container Scanning](../container_scanning/index.md). + +### Manually applying a suggested patch + +To apply a patch automatically generated by GitLab to fix a vulnerability: + +1. Open the issue created in [Create issue](#creating-an-issue-for-a-vulnerability). +1. In the **Issue description**, scroll to **Solution** and download the linked patch file. +1. Ensure your local project has the same commit checked out that was used to generate the patch. +1. Run `git apply remediation.patch` to apply the patch. +1. Verify and commit the changes to your branch. + +![Apply patch for dependency scanning](../img/vulnerability_solution.png) diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index 485e9d8213d..9fcc9acf5ea 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -198,6 +198,22 @@ you can use the `MAVEN_CLI_OPTS` environment variable. Read more on [how to use private Maven repos](../../application_security/index.md#using-private-maven-repos). +You can also use `MAVEN_CLI_OPTS` to connect to a trusted Maven repository that uses a self-signed +or internally trusted certificate. For example: + +```yaml +include: + - template: License-Scanning.gitlab-ci.yml + +license_scanning: + variables: + MAVEN_CLI_OPTS: -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dmaven.wagon.http.ssl.insecure=true +``` + +Alternatively, you can use a Java key store to verify the TLS connection. For instructions on how to +generate a key store file, see the +[Maven Guide to Remote repository access through authenticated HTTPS](http://maven.apache.org/guides/mini/guide-repository-ssl.html). + ### Selecting the version of Python > - [Introduced](https://gitlab.com/gitlab-org/security-products/license-management/-/merge_requests/36) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0. @@ -305,6 +321,9 @@ process: 1. Ensure the package registry is reachable from within the GitLab environment and that the package manager is configured to use your preferred package registry. +Additional [configuration](#using-private-maven-repos) may be needed for connecting to private Maven +repositories. + ## Project policies for License Compliance > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/5940) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.4. diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 76a33559666..fabe6fd40c9 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -57,7 +57,7 @@ The following table depicts the various user permission levels in a project. | View Dependency list **(ULTIMATE)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | | View License list **(ULTIMATE)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | | View licenses in Dependency list **(ULTIMATE)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | -| View [Design Management](project/issues/design_management.md) pages | ✓ | ✓ | ✓ | ✓ | ✓ | +| View [Design Management](project/issues/design_management.md) pages | ✓ | ✓ | ✓ | ✓ | ✓ | | View project code | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | | Pull project code | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ | | View GitLab Pages protected by [access control](project/pages/introduction.md#gitlab-pages-access-control-core) | ✓ | ✓ | ✓ | ✓ | ✓ | @@ -84,15 +84,15 @@ The following table depicts the various user permission levels in a project. | See a list of merge requests | | ✓ | ✓ | ✓ | ✓ | | View project statistics | | ✓ | ✓ | ✓ | ✓ | | View Error Tracking list | | ✓ | ✓ | ✓ | ✓ | -| Create/edit/delete [Releases](project/releases/index.md)| | | ✓ | ✓ | ✓ | +| Create new merge request | | ✓ | ✓ | ✓ | ✓ | | Pull from [Conan repository](packages/conan_repository/index.md), [Maven repository](packages/maven_repository/index.md), or [NPM registry](packages/npm_registry/index.md) **(PREMIUM)** | | ✓ | ✓ | ✓ | ✓ | | Publish to [Conan repository](packages/conan_repository/index.md), [Maven repository](packages/maven_repository/index.md), or [NPM registry](packages/npm_registry/index.md) **(PREMIUM)** | | | ✓ | ✓ | ✓ | -| Upload [Design Management](project/issues/design_management.md) files | | | ✓ | ✓ | ✓ | +| Upload [Design Management](project/issues/design_management.md) files | | | ✓ | ✓ | ✓ | +| Create/edit/delete [Releases](project/releases/index.md)| | | ✓ | ✓ | ✓ | | Create new branches | | | ✓ | ✓ | ✓ | | Push to non-protected branches | | | ✓ | ✓ | ✓ | | Force push to non-protected branches | | | ✓ | ✓ | ✓ | | Remove non-protected branches | | | ✓ | ✓ | ✓ | -| Create new merge request | | ✓ | ✓ | ✓ | ✓ | | Assign merge requests | | | ✓ | ✓ | ✓ | | Label merge requests | | | ✓ | ✓ | ✓ | | Lock merge request threads | | | ✓ | ✓ | ✓ | @@ -107,8 +107,12 @@ The following table depicts the various user permission levels in a project. | Remove a container registry image | | | ✓ | ✓ | ✓ | | Create/edit/delete project milestones | | | ✓ | ✓ | ✓ | | Use security dashboard **(ULTIMATE)** | | | ✓ | ✓ | ✓ | -| View vulnerabilities in Dependency list **(ULTIMATE)** | | | ✓ | ✓ | ✓ | -| Create issue from vulnerability **(ULTIMATE)** | | | ✓ | ✓ | ✓ | +| View vulnerability findings in Dependency list **(ULTIMATE)** | | | ✓ | ✓ | ✓ | +| Create issue from vulnerability finding **(ULTIMATE)** | | | ✓ | ✓ | ✓ | +| Dismiss vulnerability finding **(ULTIMATE)** | | | ✓ | ✓ | ✓ | +| View vulnerability **(ULTIMATE)** | | | ✓ | ✓ | ✓ | +| Create vulnerability from vulnerability finding **(ULTIMATE)** | | | ✓ | ✓ | ✓ | +| Resolve vulnerability **(ULTIMATE)** | | | ✓ | ✓ | ✓ | | Dismiss vulnerability **(ULTIMATE)** | | | ✓ | ✓ | ✓ | | Apply code change suggestions | | | ✓ | ✓ | ✓ | | Create and edit wiki pages | | | ✓ | ✓ | ✓ | @@ -217,21 +221,21 @@ group. | View group epic **(ULTIMATE)** | ✓ | ✓ | ✓ | ✓ | ✓ | | Create/edit group epic **(ULTIMATE)** | | ✓ | ✓ | ✓ | ✓ | | Manage group labels | | ✓ | ✓ | ✓ | ✓ | +| See a container registry | | ✓ | ✓ | ✓ | ✓ | | Create project in group | | | ✓ (3) | ✓ (3) | ✓ (3) | | Create/edit/delete group milestones | | | ✓ | ✓ | ✓ | -| See a container registry | | ✓ | ✓ | ✓ | ✓ | | Enable/disable a dependency proxy **(PREMIUM)** | | | ✓ | ✓ | ✓ | | Use security dashboard **(ULTIMATE)** | | | ✓ | ✓ | ✓ | +| View/manage group-level Kubernetes cluster | | | | ✓ | ✓ | | Create subgroup | | | | ✓ (1) | ✓ | +| Edit epic comments (posted by any user) **(ULTIMATE)** | | | | ✓ (2) | ✓ (2) | | Edit group | | | | | ✓ | | Manage group level CI/CD variables | | | | | ✓ | | Manage group members | | | | | ✓ | | Remove group | | | | | ✓ | | Delete group epic **(ULTIMATE)** | | | | | ✓ | -| Edit epic comments (posted by any user) **(ULTIMATE)** | | | | ✓ (2) | ✓ (2) | | View group Audit Events | | | | | ✓ | | Disable notification emails | | | | | ✓ | -| View/manage group-level Kubernetes cluster | | | | ✓ | ✓ | 1. Groups can be set to [allow either Owners or Owners and Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup) |