From d1a991fd3a540d22045ecba119f65640faff6d29 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 20 Oct 2021 03:12:54 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- doc/operations/feature_flags.md | 23 ++++++++++++++++++++ doc/user/application_security/api_fuzzing/index.md | 22 ++++++++++++++++--- doc/user/application_security/dast_api/index.md | 25 ++++++++++++++++++++++ .../offline_deployments/index.md | 2 ++ 4 files changed, 69 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/operations/feature_flags.md b/doc/operations/feature_flags.md index 2af4ee47292..dd74bfd6a3c 100644 --- a/doc/operations/feature_flags.md +++ b/doc/operations/feature_flags.md @@ -403,6 +403,29 @@ else end ``` +### Unleash Proxy example + +As of [Unleash Proxy](https://docs.getunleash.io/sdks/unleash-proxy) version +0.2, the proxy is compatible with feature flags. To run a Docker container to +connect to your project's feature flags, run the following command: + +```shell +docker run \ + -e UNLEASH_PROXY_SECRET= \ + -e UNLEASH_PROXY_URL= \ + -e UNLEASH_PROXY_INSTANCE_ID= \ + -e UNLEASH_PROXY_APP_NAME= \ + -e UNLEASH_PROXY_API_TOKEN= +``` + +| Variable | Value | +| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | +| `UNLEASH_PROXY_SECRET` | Shared secret used to configure an [Unleash Proxy client](https://docs.getunleash.io/sdks/unleash-proxy#how-to-connect-to-the-proxy). | +| `UNLEASH_PROXY_URL` | Your project's API URL. For more details, read [Get access credentials](#get-access-credentials). | +| `UNLEASH_PROXY_INSTANCE_ID` | Your project's Instance ID. For more details, read [Get access credentials](#get-access-credentials). | +| `UNLEASH_PROXY_APP_NAME` | The name of the environment the application runs in. For more details, read [Get access credentials](#get-access-credentials). | +| `UNLEASH_PROXY_API_TOKEN` | Required to start the Unleash Proxy, but not used to connect to GitLab. Can be set to any value. | + ## Feature Flag Related Issues **(PREMIUM)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36617) in GitLab 13.2. diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md index e32989c2915..04109604685 100644 --- a/doc/user/application_security/api_fuzzing/index.md +++ b/doc/user/application_security/api_fuzzing/index.md @@ -1156,9 +1156,25 @@ Profiles: ## Running API fuzzing in an offline environment -For self-managed GitLab instances in an environment with limited, restricted, or intermittent access -to external resources through the internet, some adjustments are required for the Web API Fuzz testing job to -successfully run. For more information, see [Offline environments](../offline_deployments/index.md). +For self-managed GitLab instances in an environment with limited, restricted, or intermittent access to external resources through the internet, some adjustments are required for the Web API Fuzz testing job to successfully run. + +Steps: + +1. Host the Docker image in a local container registry. +1. Set the `SECURE_ANALYZERS_PREFIX` to the local container registry. + +The Docker image for API Fuzzing must be pulled (downloaded) from the public registry and then pushed (imported) into a local registry. The GitLab container registry can be used to locally host the Docker image. This process can be performed using a special template. See [loading Docker images onto your offline host](../offline_deployments/index.md#loading-docker-images-onto-your-offline-host) for instructions. + +Once the Docker image is hosted locally, the `SECURE_ANALYZERS_PREFIX` variable is set with the location of the local registry. The variable must be set such that concatenating `/api-fuzzing:1` results in a valid image location. + +For example, the below line sets a registry for the image `registry.gitlab.com/gitlab-org/security-products/analyzers/api-fuzzing:1`: + +`SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"` + +NOTE: +Setting `SECURE_ANALYZERS_PREFIX` changes the Docker image registry location for all GitLab Secure templates. + +For more information, see [Offline environments](../offline_deployments/index.md). ## Troubleshooting diff --git a/doc/user/application_security/dast_api/index.md b/doc/user/application_security/dast_api/index.md index 3b1c91b0be4..f834af356fb 100644 --- a/doc/user/application_security/dast_api/index.md +++ b/doc/user/application_security/dast_api/index.md @@ -1105,6 +1105,31 @@ Profiles: - Name: XmlInjectionCheck ``` +## Running DAST API in an offline environment + +For self-managed GitLab instances in an environment with limited, restricted, or intermittent access to external resources through the internet, some adjustments are required for the DAST API testing job to successfully run. + +Steps: + +1. Host the Docker image in a local container registry. +1. Set the `SECURE_ANALYZERS_PREFIX` to the local container registry. + +The Docker image for DAST API must be pulled (downloaded) from the public registry and then pushed (imported) into a local registry. The GitLab container registry can be used to locally host the Docker image. This process can be performed using a special template. See [loading Docker images onto your offline host](../offline_deployments/index.md#loading-docker-images-onto-your-offline-host) for instructions. + +Once the Docker image is hosted locally, the `SECURE_ANALYZERS_PREFIX` variable is set with the location of the local registry. The variable must be set such that concatenating `/api-fuzzing:1` results in a valid image location. + +NOTE: +DAST API and API Fuzzing both use the same underlying Docker image `api-fuzzing:1`. + +For example, the below line sets a registry for the image `registry.gitlab.com/gitlab-org/security-products/analyzers/api-fuzzing:1`: + +`SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"` + +NOTE: +Setting `SECURE_ANALYZERS_PREFIX` changes the Docker image registry location for all GitLab Secure templates. + +For more information, see [Offline environments](../offline_deployments/index.md). + ## Troubleshooting ### Failed to start scanner session (version header not found) diff --git a/doc/user/application_security/offline_deployments/index.md b/doc/user/application_security/offline_deployments/index.md index cdf54070d69..915e43d0fa5 100644 --- a/doc/user/application_security/offline_deployments/index.md +++ b/doc/user/application_security/offline_deployments/index.md @@ -87,7 +87,9 @@ above. You can find more information at each of the pages below: - [Container scanning offline directions](../container_scanning/index.md#running-container-scanning-in-an-offline-environment) - [SAST offline directions](../sast/index.md#running-sast-in-an-offline-environment) +- [Secret Detection offline directions](../secret_detection/#running-secret-detection-in-an-offline-environment) - [DAST offline directions](../dast/run_dast_offline.md#run-dast-in-an-offline-environment) +- [API Fuzzing offline directions](../api_fuzzing/#running-api-fuzzing-in-an-offline-environment) - [License Compliance offline directions](../../compliance/license_compliance/index.md#running-license-compliance-in-an-offline-environment) - [Dependency Scanning offline directions](../dependency_scanning/index.md#running-dependency-scanning-in-an-offline-environment) -- cgit v1.2.1