Skip to content

G
gitlab-ce
Commit 0022ece6 authored by GitLab Bot's avatar GitLab Bot
Browse files
Options

Automatic merge of gitlab-org/gitlab-ce master

parents b91d9eb3 6f3a2b0b
Hide whitespace changes
Inline Side-by-side
Showing with 214 additions and 822 deletions
doc/administration/geo/replication/external_database.md
View file @ 0022ece6
......@@ -25,7 +25,6 @@ developed and tested. We aim to be compatible with most external
This command will use your defined `external_url` in `/etc/gitlab/gitlab.rb`.
### Configure the external database to be replicated
To set up an external database, you can either:
......
doc/administration/housekeeping.md
View file @ 0022ece6
......@@ -2,7 +2,6 @@
> [Introduced][ce-2371] in GitLab 8.4.
---
## Automatic housekeeping
GitLab automatically runs `git gc` and `git repack` on repositories
......@@ -32,8 +31,6 @@ the `pushes_since_gc` value is 200 a `git gc` will be run.
You can find this option under your project's **Settings > General > Advanced**.
---
![Housekeeping settings](img/housekeeping_settings.png)
[ce-2371]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/2371 "Housekeeping merge request"
......
doc/administration/job_artifacts.md
View file @ 0022ece6
......@@ -13,8 +13,6 @@ if you want to know how to disable it.
To disable artifacts site-wide, follow the steps below.
---
**In Omnibus installations:**
1. Edit `/etc/gitlab/gitlab.rb` and add the following line:
......@@ -25,8 +23,6 @@ To disable artifacts site-wide, follow the steps below.
1. Save the file and [reconfigure GitLab][] for the changes to take effect.
---
**In installations from source:**
1. Edit `/home/git/gitlab/config/gitlab.yml` and add or amend the following lines:
......@@ -49,8 +45,6 @@ this is done when the job succeeds, but can also be done on failure, or always,
To change the location where the artifacts are stored locally, follow the steps
below.
---
**In Omnibus installations:**
_The artifacts are stored by default in
......@@ -65,8 +59,6 @@ _The artifacts are stored by default in
1. Save the file and [reconfigure GitLab][] for the changes to take effect.
---
**In installations from source:**
_The artifacts are stored by default in
......@@ -167,8 +159,6 @@ _The artifacts are stored by default in
gitlab-rake gitlab:artifacts:migrate
```
---
**In installations from source:**
_The artifacts are stored by default in
......@@ -207,8 +197,6 @@ right after that date passes. Artifacts are cleaned up by the
To change the default schedule on which the artifacts are expired, follow the
steps below.
---
**In Omnibus installations:**
1. Edit `/etc/gitlab/gitlab.rb` and comment out or add the following line
......@@ -219,8 +207,6 @@ steps below.
1. Save the file and [reconfigure GitLab][] for the changes to take effect.
---
**In installations from source:**
1. Edit `/home/git/gitlab/config/gitlab.yml` and add or amend the following
......@@ -240,8 +226,6 @@ steps below.
To disable [the dependencies validation](../ci/yaml/README.md#when-a-dependent-job-will-fail),
you can flip the feature flag from a Rails console.
---
**In Omnibus installations:**
1. Enter the Rails console:
......@@ -256,8 +240,6 @@ you can flip the feature flag from a Rails console.
Feature.enable('ci_disable_validates_dependencies')
```
---
**In installations from source:**
1. Enter the Rails console:
......
doc/administration/monitoring/performance/gitlab_configuration.md
View file @ 0022ece6
......@@ -8,12 +8,8 @@ The minimum required settings you need to set are the InfluxDB host and port.
Make sure _Enable InfluxDB Metrics_ is checked and hit **Save** to save the
changes.
---
![GitLab Performance Monitoring Admin Settings](img/metrics_gitlab_configuration_settings.png)
---
Finally, a restart of all GitLab processes is required for the changes to take
effect:
......@@ -30,8 +26,6 @@ sudo service gitlab restart
When any migrations are pending, the metrics are disabled until the migrations
have been performed.
---
Read more on:
- [Introduction to GitLab Performance Monitoring](introduction.md)
......
doc/administration/monitoring/performance/performance_bar.md
View file @ 0022ece6
......@@ -40,10 +40,6 @@ display it.
You can toggle the Bar using the same shortcut.
---
![GitLab Performance Bar Admin Settings](img/performance_bar_configuration_settings.png)
---
[Gitaly]: ../../gitaly/index.md
doc/administration/repository_storage_paths.md
View file @ 0022ece6
......@@ -55,8 +55,6 @@ storage2:
> don't specify the full repository path but the parent path), but not for source
> installations.
---
Now that you've read that big fat warning above, let's edit the configuration
files and add the full paths of the alternative repository storage paths. In
the example below, we add two more mountpoints that are named `nfs` and `cephfs`
......@@ -90,8 +88,6 @@ are upgrading from a version prior to 8.10, make sure to add the configuration
as described in the step above. After you make the changes and confirm they are
working, you can remove the `repos_path` line.
---
**For Omnibus installations**
1. Edit `/etc/gitlab/gitlab.rb` by appending the rest of the paths to the
......
doc/administration/uploads.md
View file @ 0022ece6
......@@ -10,8 +10,6 @@ This is the default configuration
To change the location where the uploads are stored locally, follow the steps
below.
---
**In Omnibus installations:**
NOTE: **Note:**
......@@ -29,8 +27,6 @@ _The uploads are stored by default in `/var/opt/gitlab/gitlab-rails/uploads`._
1. Save the file and [reconfigure GitLab][] for the changes to take effect.
---
**In installations from source:**
_The uploads are stored by default in
......@@ -121,8 +117,6 @@ _The uploads are stored by default in
1. Save the file and [reconfigure GitLab][] for the changes to take effect.
1. Migrate any existing local uploads to the object storage using [`gitlab:uploads:migrate` rake task](raketasks/uploads/migrate.md).
---
**In installations from source:**
_The uploads are stored by default in
......
doc/api/README.md
View file @ 0022ece6
......@@ -321,8 +321,6 @@ By default, impersonation is enabled. To disable impersonation:
To re-enable impersonation, remove this configuration and reconfigure GitLab.
---
**For installations from source**
1. Edit `config/gitlab.yml`:
......@@ -381,8 +379,6 @@ returned with status code `404`:
}
```
---
Example of a valid API call and a request using cURL with sudo request,
providing a username:
......
doc/api/issues.md
View file @ 0022ece6
......@@ -357,7 +357,6 @@ GET /projects/:id/issues?confidential=true
| `updated_before` | datetime | no | Return issues updated on or before the given time |
| `confidential` | Boolean | no | Filter confidential or public issues. |
```bash
curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/issues
```
......
doc/api/system_hooks.md
View file @ 0022ece6
......@@ -11,8 +11,6 @@ Read more about [system hooks](../system_hooks/system_hooks.md).
Get a list of all system hooks.
---
```
GET /hooks
```
......@@ -44,8 +42,6 @@ Example response:
Add a new system hook.
---
```
POST /hooks
```
......@@ -116,8 +112,6 @@ Example response:
Deletes a system hook.
---
```
DELETE /hooks/:id
```
......@@ -130,4 +124,4 @@ Example request:
```bash
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/hooks/2
```
\ No newline at end of file
```
doc/development/fe_guide/index.md
View file @ 0022ece6
......@@ -17,8 +17,6 @@ Working with our frontend assets requires Node (v8.10.0 or greater) and Yarn
For our currently-supported browsers, see our [requirements][requirements].
---
## Initiatives
Current high-level frontend goals are listed on [Frontend Epics](https://gitlab.com/groups/gitlab-org/-/epics?label_name%5B%5D=frontend).
......@@ -77,8 +75,6 @@ How we use Snowplow to track custom events.
Read the [frontend's FAQ](frontend_faq.md) for common small pieces of helpful information.
---
## Style Guides
### [JavaScript Style Guide](style_guide_js.md)
......@@ -91,20 +87,14 @@ changes.
Our SCSS conventions which are enforced through [scss-lint][scss-lint].
---
## [Performance](performance.md)
Best practices for monitoring and maximizing frontend performance.
---
## [Security](security.md)
Frontend security practices.
---
## [Accessibility](accessibility.md)
Our accessibility standards and resources.
......
doc/development/new_fe_guide/index.md
View file @ 0022ece6
......@@ -19,7 +19,6 @@ Learn about all the internal JavaScript modules that make up our frontend.
Style guides to keep our code consistent.
## [Tips](tips.md)
Tips from our frontend team to develop more efficiently and effectively.
doc/development/testing_guide/index.md
View file @ 0022ece6
......@@ -22,62 +22,44 @@ automated testing means, and what are its principles:
- [Five Factor Testing](https://www.devmynd.com/blog/five-factor-testing): Why do we need tests?
- [Principles of Automated Testing](http://www.lihaoyi.com/post/PrinciplesofAutomatedTesting.html): Levels of testing. Prioritize tests. Cost of tests.
---
## [Testing levels](testing_levels.md)
Learn about the different testing levels, and how to decide at what level your
changes should be tested.
---
## [Testing best practices](best_practices.md)
Everything you should know about how to write good tests: Test Design, RSpec, FactoryBot,
system tests, parameterized tests etc.
---
## [Frontend testing standards and style guidelines](frontend_testing.md)
Everything you should know about how to write good Frontend tests: Karma,
testing promises, stubbing etc.
---
## [Flaky tests](flaky_tests.md)
What are flaky tests, the different kind of flaky tests we encountered, and what
we do about them.
---
## [GitLab tests in the Continuous Integration (CI) context](ci.md)
How GitLab test suite is run in the CI context: setup, caches, artifacts,
parallelization, monitoring.
---
## [Review apps](review_apps.md)
How review apps are set up for GitLab CE/EE and how to use them.
---
## [Testing Rake tasks](testing_rake_tasks.md)
Everything you should know about how to test Rake tasks.
---
## [End-to-end tests](end_to_end/index.md)
Everything you should know about how to run end-to-end tests using
[GitLab QA][gitlab-qa] testing framework.
---
[Return to Development documentation](../README.md)
[RSpec]: https://github.com/rspec/rspec-rails#feature-specs
......
doc/integration/oauth_provider.md
View file @ 0022ece6
......@@ -25,8 +25,6 @@ can be used for authentication to your GitLab instance
The 'GitLab Importer' feature is also using the OAuth protocol to give access
to repositories without sharing user credentials to your GitLab.com account.
---
GitLab supports two ways of adding a new OAuth2 application to an instance. You
can either add an application as a regular user or add it in the admin area.
What this means is that GitLab can actually have instance-wide and a user-wide
......@@ -41,24 +39,18 @@ In order to add a new application via your profile, navigate to
![New OAuth application](img/oauth_provider_user_wide_applications.png)
---
In the application form, enter a **Name** (arbitrary), and make sure to set up
correctly the **Redirect URI** which is the URL where users will be sent after
they authorize with GitLab.
![New OAuth application form](img/oauth_provider_application_form.png)
---
When you hit **Submit** you will be provided with the application ID and
the application secret which you can then use with your application that
connects to GitLab.
![OAuth application ID and secret](img/oauth_provider_application_id_secret.png)
---
## OAuth applications in the admin area
To create an application that does not belong to a certain user, you can create
......@@ -69,8 +61,6 @@ it from the admin area.
You're also able to mark an application as _trusted_ when creating it through the admin area. By doing that,
the user authorization step is automatically skipped for this application.
---
## Authorized applications
Every application you authorized to use your GitLab credentials will be shown
......@@ -78,8 +68,6 @@ in the **Authorized applications** section under **Profile Settings > Applicatio
![Authorized_applications](img/oauth_provider_authorized_application.png)
---
GitLab's OAuth applications support scopes, which allow various actions that any given
application can perform such as `read_user` and `api`. There are many more scopes
available.
......
doc/raketasks/backup_restore.md
View file @ 0022ece6
......@@ -315,8 +315,6 @@ if you see `411 Length Required` errors after attempting to upload, you may
need to downgrade the `aws_signature_version` value from the default value to
2 [due to this issue](https://github.com/fog/fog-aws/issues/428).
---
For installations from source:
1. Edit `home/git/gitlab/config/gitlab.yml`:
......@@ -428,8 +426,6 @@ For Omnibus GitLab packages:
1. [Reconfigure GitLab] for the changes to take effect
---
For installations from source:
1. Edit `home/git/gitlab/config/gitlab.yml`:
......@@ -490,8 +486,6 @@ For Omnibus GitLab packages:
1. [Reconfigure GitLab] for the changes to take effect.
---
For installations from source:
1. Edit `home/git/gitlab/config/gitlab.yml`:
......@@ -527,8 +521,6 @@ For Omnibus GitLab packages:
1. [Reconfigure GitLab] for the changes to take effect.
---
For installations from source:
1. Edit `/home/git/gitlab/config/gitlab.yml`:
......@@ -580,8 +572,6 @@ There, add the following line to schedule the backup for everyday at 2 AM:
You may also want to set a limited lifetime for backups to prevent regular
backups using all your disk space.
---
For installations from source:
1. Edit `home/git/gitlab/config/gitlab.yml`:
......@@ -815,6 +805,7 @@ will have all your repositories, but not any other data.
## Troubleshooting
### Restoring database backup using omnibus packages outputs warnings
If you are using backup restore procedures you might encounter the following warnings:
```
......
doc/security/two_factor_authentication.md
View file @ 0022ece6
......@@ -48,11 +48,11 @@ need to be administrator or owner of the group.
The following are important notes about 2FA:
- Projects belonging to a 2FA-enabled group that
[is shared](../user/project/members/share_project_with_groups.md)
[is shared](../user/project/members/share_project_with_groups.md)
with a 2FA-disabled group will *not* require members of the 2FA-disabled group to use
2FA for the project. For example, if project *P* belongs to 2FA-enabled group *A* and
2FA for the project. For example, if project *P* belongs to 2FA-enabled group *A* and
is shared with 2FA-disabled group *B*, members of group *B* can access project *P*
without 2FA. To ensure this scenario doesn't occur,
without 2FA. To ensure this scenario doesn't occur,
[prevent sharing of projects](../user/group/index.md#share-with-group-lock)
for the 2FA-enabled group.
- If you add additional members to a project within a group or subgroup that has
......
doc/security/unlock_user.md
View file @ 0022ece6
---
type: howto
---
# How to unlock a locked user
To unlock a locked user, first log into your server with root privileges.
Start a Ruby on Rails console with this command:
```bash
gitlab-rails console production
```
......
doc/security/user_file_uploads.md
View file @ 0022ece6
......@@ -12,7 +12,7 @@ image contains sensitive information.
Authentication is not enabled because images must be visible in the body of
notification emails, which are often read from email clients that are not
authenticated with GitLab, such as Outlook, Apple Mail, or the Mail app on your
mobile device.
mobile device.
>**Note:**
Non-image attachments do require authentication to be viewed.
......
doc/topics/autodevops/index.md
View file @ 0022ece6
......@@ -109,10 +109,10 @@ To make full use of Auto DevOps, you will need:
To enable deployments, you will need Kubernetes 1.5+. You need a [Kubernetes cluster][kubernetes-clusters]
for the project, or a Kubernetes [default service template](../../user/project/integrations/services_templates.md)
for the entire GitLab installation.
1. **A load balancer** - You can use NGINX ingress by deploying it to your
Kubernetes cluster using the
[`nginx-ingress`](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress)
Helm chart.
1. **A load balancer** - You can use NGINX ingress by deploying it to your
Kubernetes cluster using the
[`nginx-ingress`](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress)
Helm chart.
1. **Prometheus** (needed for Auto Monitoring) - To enable Auto Monitoring, you
will need Prometheus installed somewhere (inside or outside your cluster) and
configured to scrape your Kubernetes cluster. To get response metrics
......@@ -168,7 +168,6 @@ From GitLab 11.8, `KUBE_INGRESS_BASE_DOMAIN` replaces `AUTO_DEVOPS_DOMAIN`.
Support for `AUTO_DEVOPS_DOMAIN` was [removed in GitLab
12.0](https://gitlab.com/gitlab-org/gitlab-ce/issues/56959).
## Using multiple Kubernetes clusters **(PREMIUM)**
When using Auto DevOps, you may want to deploy different environments to
......@@ -202,7 +201,7 @@ To add a different cluster for each environment:
1. Navigate to your project's **Operations > Kubernetes** and create the Kubernetes clusters
with their respective environment scope as described from the table above.
![Auto DevOps multiple clusters](img/autodevops_multiple_clusters.png)
![Auto DevOps multiple clusters](img/autodevops_multiple_clusters.png)
1. After the clusters are created, navigate to each one and install Helm Tiller
and Ingress. Wait for the Ingress IP address to be assigned.
......
doc/user/admin_area/settings/account_and_limit_settings.md
View file @ 0022ece6
......@@ -41,7 +41,7 @@ These settings can be found within:
- The path `/admin/application_settings`.
The first push of a new project, including LFS objects, will be checked for size
and **will** be rejected if the sum of their sizes exceeds the maximum allowed
and **will** be rejected if the sum of their sizes exceeds the maximum allowed
repository size.
**Note:** The repository size limit includes repository files and LFS, and does not include artifacts.
......
doc/user/application_security/container_scanning/index.md
View file @ 0022ece6
......@@ -10,7 +10,7 @@ images (or more precisely the containers) for known vulnerabilities by using
[Clair](https://github.com/coreos/clair) and [clair-scanner](https://github.com/arminc/clair-scanner),
two open source tools for Vulnerability Static Analysis for containers.
You can take advantage of Container Scanning by either [including the CI job](#including-the-provided-template) in
You can take advantage of Container Scanning by either [including the CI job](#configuration) in
your existing `.gitlab-ci.yml` file or by implicitly using
[Auto Container Scanning](../../../topics/autodevops/index.md#auto-container-scanning-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
......@@ -55,32 +55,16 @@ To enable Container Scanning in your pipeline, you need:
[predefined environment variables](../../../ci/variables/predefined_variables.md)
document.
## Configuring Container Scanning
## Configuration
To enable Container Scanning in your project, define a job in your
`.gitlab-ci.yml` file that generates the
[Container Scanning report artifact](../../../ci/yaml/README.md#artifactsreportscontainer_scanning-ultimate).
For GitLab 11.9 and later, to enable Container Scanning, you must
[include](../../../ci/yaml/README.md#includetemplate) the
[`Container-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml)
that's provided as a part of your GitLab installation.
For GitLab versions earlier than 11.9, you can copy and use the job as defined
in that template.
This can be done in two ways:
- For GitLab 11.9 and later, including the provided
`Container-Scanning.gitlab-ci.yml` template (recommended).
- Manually specifying the job definition. Not recommended unless using GitLab
11.8 and earlier.
### Including the provided template
NOTE: **Note:**
The CI/CD Container Scanning template is supported on GitLab 11.9 and later versions.
For earlier versions, use the [manual job definition](#manual-job-definition-for-gitlab-115-and-later).
A CI/CD [Container Scanning template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml)
with the default Container Scanning job definition is provided as a part of your GitLab
installation that you can [include](../../../ci/yaml/README.md#includetemplate)
in your `.gitlab-ci.yml` file.
To enable Container Scanning using the provided template, add the following to
your `.gitlab-ci.yml` file:
Add the following to your `.gitlab-ci.yml` file:
```yaml
include:
......@@ -89,12 +73,12 @@ include:
The included template will:
- Create a `container_scanning` job in your CI/CD pipeline.
- Pull the already built Docker image from your project's
[Container Registry](../../project/container_registry.md) (see [requirements](#requirements))
and scan it for possible vulnerabilities.
1. Create a `container_scanning` job in your CI/CD pipeline.
1. Pull the already built Docker image from your project's
[Container Registry](../../project/container_registry.md) (see [requirements](#requirements))
and scan it for possible vulnerabilities.
The report will be saved as a
The results will be saved as a
[Container Scanning report artifact](../../../ci/yaml/README.md#artifactsreportscontainer_scanning-ultimate)
that you can later download and analyze.
Due to implementation limitations, we always take the latest Container Scanning
......@@ -106,95 +90,6 @@ If you want to whitelist some specific vulnerabilities, you can do so by definin
them in a YAML file named `clair-whitelist.yml`. Read more in the
[Clair documentation](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file).
### Manual job definition for GitLab 11.5 and later
CAUTION: **Caution:**
The job definition shown below is supported on GitLab 11.5 and later versions.
However, if you're using GitLab 11.9+, it's recommended to use
[the provided Container Scanning template](#including-the-provided-template).
For GitLab 11.5 and GitLab Runner 11.5 and later, the following `container_scanning`
job can be added:
```yaml
container_scanning:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
## Define two new variables based on GitLab's CI/CD predefined variables
## https://docs.gitlab.com/ee/ci/variables/README.html#predefined-environment-variables
CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG
CI_APPLICATION_TAG: $CI_COMMIT_SHA
CLAIR_LOCAL_SCAN_VERSION: v2.0.8_fe9b059d930314b54c78f75afe265955faf4fdc1
allow_failure: true
services:
- docker:stable-dind
script:
- docker run -d --name db arminc/clair-db:latest
- docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:${CLAIR_LOCAL_SCAN_VERSION}
- apk add -U wget ca-certificates
- docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
- mv clair-scanner_linux_amd64 clair-scanner
- chmod +x clair-scanner
- touch clair-whitelist.yml
- while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
- retries=0
- echo "Waiting for clair daemon to start"
- while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
- ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
```
### Manual job definition for GitLab 11.4 and earlier (deprecated)
CAUTION: **Deprecated:**
Before GitLab 11.5, the Container Scanning job and artifact had to be named specifically
to automatically extract report data and show it in the merge request widget.
While these old job definitions are still maintained, they have been deprecated
and may be removed in the next major release, GitLab 12.0. You are strongly
advised to update your current `.gitlab-ci.yml` configuration to reflect that change.
For GitLab 11.4 and earlier, the Container Scanning job should look like:
```yaml
container_scanning:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
## Define two new variables based on GitLab's CI/CD predefined variables
## https://docs.gitlab.com/ee/ci/variables/README.html#predefined-environment-variables
CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG
CI_APPLICATION_TAG: $CI_COMMIT_SHA
CLAIR_LOCAL_SCAN_VERSION: v2.0.8_fe9b059d930314b54c78f75afe265955faf4fdc1
allow_failure: true
services:
- docker:stable-dind
script:
- docker run -d --name db arminc/clair-db:latest
- docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:${CLAIR_LOCAL_SCAN_VERSION}
- apk add -U wget ca-certificates
- docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
- mv clair-scanner_linux_amd64 clair-scanner
- chmod +x clair-scanner
- touch clair-whitelist.yml
- while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
- retries=0
- echo "Waiting for clair daemon to start"
- while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
- ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
artifacts:
paths: [gl-container-scanning-report.json]
```
Alternatively, the job name could be `sast:container`
and the artifact name could be `gl-sast-container-report.json`.
These names have been deprecated with GitLab 11.0
and may be removed in the next major release, GitLab 12.0.
## Security Dashboard
The Security Dashboard is a good place to get an overview of all the security
......
doc/user/application_security/dast/index.md
View file @ 0022ece6
......@@ -14,7 +14,7 @@ Dynamic Application Security Testing (DAST) comes into place.
If you are using [GitLab CI/CD](../../../ci/README.md), you can analyze your running web application(s)
for known vulnerabilities using Dynamic Application Security Testing (DAST).
You can take advantage of DAST by either [including the CI job](#configuring-dast) in
You can take advantage of DAST by either [including the CI job](#configuration) in
your existing `.gitlab-ci.yml` file or by implicitly using
[Auto DAST](../../../topics/autodevops/index.md#auto-dast-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
......@@ -51,30 +51,16 @@ applications while you are developing and testing your applications.
To run a DAST job, you need GitLab Runner with the
[`docker` executor](https://docs.gitlab.com/runner/executors/docker.html).
## Configuring DAST
## Configuration
To enable DAST in your project, define a job in your `.gitlab-ci.yml` file that generates the
[DAST report artifact](../../../ci/yaml/README.md#artifactsreportsdast-ultimate).
For GitLab 11.9 and later, to enable DAST, you must
[include](../../../ci/yaml/README.md#includetemplate) the
[`DAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml)
that's provided as a part of your GitLab installation.
For GitLab versions earlier than 11.9, you can copy and use the job as defined
in that template.
This can be done in two ways:
- For GitLab 11.9 and later, including the provided `DAST.gitlab-ci.yml` template (recommended).
- Manually specifying the job definition. Not recommended unless using GitLab
11.8 and earlier.
### Including the provided template
NOTE: **Note:**
The CI/CD DAST template is supported on GitLab 11.9 and later versions.
For earlier versions, use the [manual job definition](#manual-job-definition-for-gitlab-115-and-later).
A CI/CD [DAST template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml)
with the default DAST job definition is provided as a part of your GitLab
installation which you can [include](../../../ci/yaml/README.md#includetemplate)
in your `.gitlab-ci.yml` file.
To enable DAST using the provided template, add the following to your `.gitlab-ci.yml`
file:
Add the following to your `.gitlab-ci.yml` file:
```yaml
include:
......@@ -84,22 +70,22 @@ variables:
DAST_WEBSITE: https://example.com
```
There are two ways to define the URL to be scanned by DAST:
- Set the `DAST_WEBSITE` [variable](../../../ci/yaml/README.md#variables).
- Add it in an `environment_url.txt` file at the root of your project.
The included template will create a `dast` job in your CI/CD pipeline and scan
your project's source code for possible vulnerabilities.
The report will be saved as a
The results will be saved as a
[DAST report artifact](../../../ci/yaml/README.md#artifactsreportsdast-ultimate)
that you can later download and analyze. Due to implementation limitations we
always take the latest DAST artifact available. Behind the scenes, the
[GitLab DAST Docker image](https://gitlab.com/gitlab-org/security-products/dast)
is used to run the tests on the specified URL and scan it for possible vulnerabilities.
There are two ways to define the URL to be scanned by DAST:
- Set the `DAST_WEBSITE` [variable](../../../ci/yaml/README.md#variables).
- Add it in an `environment_url.txt` file at the root of your project.
#### Authenticated scan
### Authenticated scan
It's also possible to authenticate the user before performing the DAST checks:
......@@ -117,12 +103,12 @@ variables:
DAST_AUTH_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2 # optional, URLs to skip during the authenticated scan; comma-separated, no spaces in between
```
The report will be saved as a
The results will be saved as a
[DAST report artifact](../../../ci/yaml/README.md#artifactsreportsdast-ultimate)
that you can later download and analyze.
Due to implementation limitations, we always take the latest DAST artifact available.
#### Full scan
### Full scan
DAST can be configured to perform [ZAP Full Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan), which
includes both passive and active scanning against the same target website:
......@@ -135,7 +121,7 @@ variables:
DAST_FULL_SCAN_ENABLED: "true"
```
#### Customizing the DAST settings
### Customizing the DAST settings
The DAST settings can be changed through environment variables by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
......@@ -155,7 +141,7 @@ variables:
Because the template is [evaluated before](../../../ci/yaml/README.md#include) the pipeline
configuration, the last mention of the variable will take precedence.
#### Overriding the DAST template
### Overriding the DAST template
If you want to override the job definition (for example, change properties like
`variables` or `dependencies`), you need to declare a `dast` job after the
......@@ -176,79 +162,6 @@ As the DAST job belongs to a separate `dast` stage that runs after all
[default stages](../../../ci/yaml/README.md#stages),
don't forget to add `stage: dast` when you override the template job definition.
### Manual job definition for GitLab 11.5 and later
For GitLab 11.5 and GitLab Runner 11.5 and later, the following `dast`
job can be added:
```yaml
dast:
image: registry.gitlab.com/gitlab-org/security-products/zaproxy
variables:
website: "https://example.com"
allow_failure: true
script:
- mkdir /zap/wrk/
- /zap/zap-baseline.py -J gl-dast-report.json -t $website || true
- cp /zap/wrk/gl-dast-report.json .
artifacts:
reports:
dast: gl-dast-report.json
```
Where the `website` variable holds the URL to run the tests against.
For an authenticated scan, use the following definition:
```yaml
dast:
image: registry.gitlab.com/gitlab-org/security-products/zaproxy
variables:
website: "https://example.com"
login_url: "https://example.com/sign-in"
username: "john.doe@example.com"
password: "john-doe-password"
allow_failure: true
script:
- mkdir /zap/wrk/
- /zap/zap-baseline.py -J gl-dast-report.json -t $website
--auth-url $login_url
--auth-username $username
--auth-password $password || true
- cp /zap/wrk/gl-dast-report.json .
artifacts:
reports:
dast: gl-dast-report.json
```
See the [zaproxy documentation](https://gitlab.com/gitlab-org/security-products/zaproxy)
to learn more about the authentication settings.
### Manual job definition for GitLab 11.4 and earlier (deprecated)
CAUTION: **Caution:**
Before GitLab 11.5, DAST job and artifact had to be named specifically
to automatically extract report data and show it in the merge request widget.
While these old job definitions are still maintained they have been deprecated
and may be removed in next major release, GitLab 12.0. You are strongly advised
to update your current `.gitlab-ci.yml` configuration to reflect that change.
For GitLab 11.4 and earlier, the job should look like:
```yaml
dast:
image: registry.gitlab.com/gitlab-org/security-products/zaproxy
variables:
website: "https://example.com"
allow_failure: true
script:
- mkdir /zap/wrk/
- /zap/zap-baseline.py -J gl-dast-report.json -t $website || true
- cp /zap/wrk/gl-dast-report.json .
artifacts:
paths: [gl-dast-report.json]
```
## Security Dashboard
The Security Dashboard is a good place to get an overview of all the security
......
doc/user/application_security/dependency_scanning/index.md
View file @ 0022ece6
......@@ -8,7 +8,7 @@ in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.7.
If you are using [GitLab CI/CD](../../../ci/README.md), you can analyze your dependencies for known
vulnerabilities using Dependency Scanning.
You can take advantage of Dependency Scanning by either [including the CI job](#including-the-provided-template)
You can take advantage of Dependency Scanning by either [including the CI job](#configuration)
in your existing `.gitlab-ci.yml` file or by implicitly using
[Auto Dependency Scanning](../../../topics/autodevops/index.md#auto-dependency-scanning-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
......@@ -74,31 +74,16 @@ The Gemnasium client does **NOT** send the exact package versions your project r
You can disable the remote checks by [using](#customizing-the-dependency-scanning-settings)
the `DS_DISABLE_REMOTE_CHECKS` environment variable and setting it to `true`.
## Configuring Dependency Scanning
## Configuration
To enable Dependency Scanning in your project, define a job in your `.gitlab-ci.yml`
file that generates the
[Dependency Scanning report artifact](../../../ci/yaml/README.md#artifactsreportsdependency_scanning-ultimate).
For GitLab 11.9 and later, to enable Dependency Scanning, you must
[include](../../../ci/yaml/README.md#includetemplate) the
[`Dependency-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml)
that's provided as a part of your GitLab installation.
For GitLab versions earlier than 11.9, you can copy and use the job as defined
that template.
This can be done in two ways:
- For GitLab 11.9 and later, including the provided `Dependency-Scanning.gitlab-ci.yml` template (recommended).
- Manually specifying the job definition. Not recommended unless using GitLab
11.8 and earlier.
### Including the provided template
NOTE: **Note:**
The CI/CD Dependency Scanning template is supported on GitLab 11.9 and later versions.
For earlier versions, use the [manual job definition](#manual-job-definition-for-gitlab-115-and-later).
A CI/CD [Dependency Scanning template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml)
with the default Dependency Scanning job definition is provided as a part of your GitLab
installation which you can [include](../../../ci/yaml/README.md#includetemplate)
in your `.gitlab-ci.yml` file.
To enable Dependency Scanning using the provided template, add the following to
your `.gitlab-ci.yml` file:
Add the following to your `.gitlab-ci.yml` file:
```yaml
include:
......@@ -108,12 +93,12 @@ include:
The included template will create a `dependency_scanning` job in your CI/CD
pipeline and scan your project's source code for possible vulnerabilities.
The report will be saved as a
The results will be saved as a
[Dependency Scanning report artifact](../../../ci/yaml/README.md#artifactsreportsdependency_scanning-ultimate)
that you can later download and analyze. Due to implementation limitations, we
always take the latest Dependency Scanning artifact available.
#### Customizing the Dependency Scanning settings
### Customizing the Dependency Scanning settings
The Dependency Scanning settings can be changed through [environment variables](#available-variables) by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
......@@ -131,7 +116,7 @@ variables:
Because template is [evaluated before](../../../ci/yaml/README.md#include) the pipeline
configuration, the last mention of the variable will take precedence.
#### Overriding the Dependency Scanning template
### Overriding the Dependency Scanning template
If you want to override the job definition (for example, change properties like
`variables` or `dependencies`), you need to declare a `dependency_scanning` job
......@@ -146,7 +131,7 @@ dependency_scanning:
CI_DEBUG_TRACE: "true"
```
#### Available variables
### Available variables
Dependency Scanning can be [configured](#customizing-the-dependency-scanning-settings)
using environment variables.
......@@ -164,82 +149,6 @@ using environment variables.
| `DS_PULL_ANALYZER_IMAGE_TIMEOUT` | Time limit when pulling the image of an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h`, or `2h45m`. |
| `DS_RUN_ANALYZER_TIMEOUT` | Time limit when running an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h`, or `2h45m`. |
### Manual job definition for GitLab 11.5 and later
For GitLab 11.5 and GitLab Runner 11.5 and later, the following `dependency_scanning`
job can be added:
```yaml
dependency_scanning:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- export DS_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
- |
docker run \
--env DS_ANALYZER_IMAGES \
--env DS_ANALYZER_IMAGE_PREFIX \
--env DS_ANALYZER_IMAGE_TAG \
--env DS_DEFAULT_ANALYZERS \
--env DEP_SCAN_DISABLE_REMOTE_CHECKS \
--env DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
--env DS_PULL_ANALYZER_IMAGE_TIMEOUT \
--env DS_RUN_ANALYZER_TIMEOUT \
--volume "$PWD:/code" \
--volume /var/run/docker.sock:/var/run/docker.sock \
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_VERSION" /code
dependencies: []
artifacts:
reports:
dependency_scanning: gl-dependency-scanning-report.json
```
You can supply many other [settings variables](#available-variables)
via `docker run --env` to customize your job execution.
### Manual job definition for GitLab 11.4 and earlier (deprecated)
CAUTION: **Caution:**
Before GitLab 11.5, the Dependency Scanning job and artifact had to be named specifically
to automatically extract the report data and show it in the merge request widget.
While these old job definitions are still maintained, they have been deprecated
and may be removed in the next major release, GitLab 12.0. You are strongly advised
to update your current `.gitlab-ci.yml` configuration to reflect that change.
For GitLab 11.4 and earlier, the job should look like:
```yaml
dependency_scanning:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- export DS_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
- |
docker run \
--env DS_ANALYZER_IMAGES \
--env DS_ANALYZER_IMAGE_PREFIX \
--env DS_ANALYZER_IMAGE_TAG \
--env DS_DEFAULT_ANALYZERS \
--env DS_EXCLUDED_PATHS \
--env DEP_SCAN_DISABLE_REMOTE_CHECKS \
--env DS_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
--env DS_PULL_ANALYZER_IMAGE_TIMEOUT \
--env DS_RUN_ANALYZER_TIMEOUT \
--volume "$PWD:/code" \
--volume /var/run/docker.sock:/var/run/docker.sock \
"registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_VERSION" /code
artifacts:
paths: [gl-dependency-scanning-report.json]
```
## Reports JSON format
CAUTION: **Caution:**
......
doc/user/application_security/license_management/index.md
View file @ 0022ece6
......@@ -8,7 +8,7 @@ in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.0.
If you are using [GitLab CI/CD](../../../ci/README.md), you can search your project dependencies for their licenses
using License Management.
You can take advantage of License Management by either [including the job](#configuring-license-management)
You can take advantage of License Management by either [including the job](#configuration)
in your existing `.gitlab-ci.yml` file or by implicitly using
[Auto License Management](../../../topics/autodevops/index.md#auto-license-management-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
......@@ -65,33 +65,16 @@ The following languages and package managers are supported.
To run a License Management scanning job, you need GitLab Runner with the
[`docker` executor](https://docs.gitlab.com/runner/executors/docker.html).
## Configuring License Management
## Configuration
To enable License Management in your project, define a job in your `.gitlab-ci.yml`
file that generates the [License Management report artifact](../../../ci/yaml/README.md#artifactsreportslicense_management-ultimate).
For GitLab 11.9 and later, to enable License Management, you must
[include](../../../ci/yaml/README.md#includetemplate) the
[`License-Management.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/License-Management.gitlab-ci.yml)
that's provided as a part of your GitLab installation.
For GitLab versions earlier than 11.9, you can copy and use the job as defined
that template.
This can be done in two ways:
- For GitLab 11.9 and later, including the provided `License-Management.gitlab-ci.yml` template (recommended).
- Manually specifying the job definition. Not recommended unless using GitLab
11.8 and earlier.
The License Management settings can be changed through environment variables by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. These variables are documented in the [License Management documentation](https://gitlab.com/gitlab-org/security-products/license-management#settings).
### Including the provided template
NOTE: **Note:**
The CI/CD License Management template is supported on GitLab 11.9 and later versions.
For earlier versions, use the [manual job definition](#manual-job-definition-for-gitlab-115-and-later).
A CI/CD [License Management template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/License-Management.gitlab-ci.yml)
with the default License Management job definition is provided as a part of your GitLab
installation which you can [include](../../../ci/yaml/README.md#includetemplate)
in your `.gitlab-ci.yml` file.
To enable License Management using the provided template, add the following to
your `.gitlab-ci.yml` file:
Add the following to your `.gitlab-ci.yml` file:
```yaml
include:
......@@ -101,14 +84,17 @@ include:
The included template will create a `license_management` job in your CI/CD pipeline
and scan your dependencies to find their licenses.
The report will be saved as a
The results will be saved as a
[License Management report artifact](../../../ci/yaml/README.md#artifactsreportslicense_management-ultimate)
that you can later download and analyze. Due to implementation limitations, we
always take the latest License Management artifact available. Behind the scenes, the
[GitLab License Management Docker image](https://gitlab.com/gitlab-org/security-products/license-management)
is used to detect the languages/frameworks and in turn analyzes the licenses.
#### Installing custom dependencies
The License Management settings can be changed through environment variables by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. These variables are documented in the [License Management documentation](https://gitlab.com/gitlab-org/security-products/license-management#settings).
### Installing custom dependencies
> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.4.
......@@ -136,7 +122,7 @@ variables:
In this example, `my-custom-install-script.sh` is a shell script at the root
directory of your project.
#### Overriding the template
### Overriding the template
If you want to override the job definition (for example, change properties like
`variables` or `dependencies`), you need to declare a `license_management` job
......@@ -151,7 +137,7 @@ license_management:
CI_DEBUG_TRACE: "true"
```
#### Configuring Maven projects
### Configuring Maven projects
The License Management tool provides a `MAVEN_CLI_OPTS` environment variable which can hold
the command line arguments to pass to the `mvn install` command which is executed under the hood.
......@@ -192,67 +178,6 @@ license_management:
LM_PYTHON_VERSION: 3
```
### Manual job definition for GitLab 11.5 and later
For GitLab 11.5 and GitLab Runner 11.5 and later, the following `license_management`
job can be added:
```yaml
license_management:
image:
name: "registry.gitlab.com/gitlab-org/security-products/license-management:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable"
entrypoint: [""]
stage: test
allow_failure: true
script:
- /run.sh analyze .
artifacts:
reports:
license_management: gl-license-management-report.json
```
If you want to install custom project dependencies via the `SETUP_CMD` variable:
```yaml
license_management:
image:
name: "registry.gitlab.com/gitlab-org/security-products/license-management:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable"
entrypoint: [""]
stage: test
variables:
SETUP_CMD: ./my-custom-install-script.sh
allow_failure: true
script:
- /run.sh analyze .
artifacts:
reports:
license_management: gl-license-management-report.json
```
### Manual job definition for GitLab 11.4 and earlier (deprecated)
CAUTION: **Caution:**
Before GitLab 11.5, the License Management job and artifact had to be named specifically
to automatically extract the report data and show it in the merge request widget.
While these old job definitions are still maintained, they have been deprecated
and may be removed in the next major release, GitLab 12.0. You are strongly advised
to update your current `.gitlab-ci.yml` configuration to reflect that change.
For GitLab 11.4 and earlier, the job should look like:
```yaml
license_management:
image:
name: "registry.gitlab.com/gitlab-org/security-products/license-management:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable"
entrypoint: [""]
stage: test
allow_failure: true
script:
- /run.sh analyze .
artifacts:
paths: [gl-license-management-report.json]
```
## Project policies for License Management
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/5940)
......@@ -271,16 +196,15 @@ To approve or blacklist a license:
1. Click the **Add a license** button.
![License Management Add License](img/license_management_add_license.png)
1. In the **License name** dropdown, either:
- Select one of the available licenses. You can search for licenses in the field
at the top of the list.
- Enter arbitrary text in the field at the top of the list. This will cause the text to be
added as a license name to the list.
- Select one of the available licenses. You can search for licenses in the field
at the top of the list.
- Enter arbitrary text in the field at the top of the list. This will cause the text to be
added as a license name to the list.
1. Select the **Approve** or **Blacklist** radio button to approve or blacklist respectively
the selected license.
To modify an existing license:
1. In the **License Management** list, click the **Approved/Declined** dropdown to change it to the desired status.
......@@ -293,8 +217,6 @@ Searching for Licenses:
![License Management Search](img/license_management_search.png)
## License Management report under pipelines
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/5491)
......
doc/user/application_security/sast/index.md
View file @ 0022ece6
......@@ -13,7 +13,7 @@ to learn how to protect your organization.
If you are using [GitLab CI/CD](../../../ci/README.md), you can analyze your source code for known
vulnerabilities using Static Application Security Testing (SAST).
You can take advantage of SAST by either [including the CI job](#configuring-sast) in
You can take advantage of SAST by either [including the CI job](#configuration) in
your existing `.gitlab-ci.yml` file or by implicitly using
[Auto SAST](../../../topics/autodevops/index.md#auto-sast-ultimate)
that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
......@@ -73,30 +73,16 @@ The Java analyzers can also be used for variants like the
[Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html),
[Grails](https://grails.org/) and the [Maven wrapper](https://github.com/takari/maven-wrapper).
## Configuring SAST
## Configuration
To enable SAST in your project, define a job in your `.gitlab-ci.yml` file that generates the
[SAST report artifact](../../../ci/yaml/README.md#artifactsreportssast-ultimate).
For GitLab 11.9 and later, to enable SAST, you must
[include](../../../ci/yaml/README.md#includetemplate) the
[`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
that's provided as a part of your GitLab installation.
For GitLab versions earlier than 11.9, you can copy and use the job as defined
that template.
This can be done in two ways:
- For GitLab 11.9 and later, including the provided `SAST.gitlab-ci.yml` template (recommended).
- Manually specifying the job definition. Not recommended unless using GitLab
11.8 and earlier.
### Including the provided template
NOTE: **Note:**
The CI/CD SAST template is supported on GitLab 11.9 and later versions.
For earlier versions, use the [manual job definition](#manual-job-definition-for-gitlab-115-and-later).
A CI/CD [SAST template](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
with the default SAST job definition is provided as a part of your GitLab
installation which you can [include](../../../ci/yaml/README.md#includetemplate)
in your `.gitlab-ci.yml` file.
To enable SAST using the provided template, add the following to your `.gitlab-ci.yml`
file:
Add the following to your `.gitlab-ci.yml` file:
```yaml
include:
......@@ -106,14 +92,14 @@ include:
The included template will create a `sast` job in your CI/CD pipeline and scan
your project's source code for possible vulnerabilities.
The report will be saved as a
The results will be saved as a
[SAST report artifact](../../../ci/yaml/README.md#artifactsreportssast-ultimate)
that you can later download and analyze. Due to implementation limitations, we
always take the latest SAST artifact available. Behind the scenes, the
[GitLab SAST Docker image](https://gitlab.com/gitlab-org/security-products/sast)
is used to detect the languages/frameworks and in turn runs the matching scan tools.
#### Customizing the SAST settings
### Customizing the SAST settings
The SAST settings can be changed through environment variables by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
......@@ -134,7 +120,7 @@ variables:
Because the template is [evaluated before](../../../ci/yaml/README.md#include)
the pipeline configuration, the last mention of the variable will take precedence.
#### Overriding the SAST template
### Overriding the SAST template
If you want to override the job definition (for example, change properties like
`variables` or `dependencies`), you need to declare a `sast` job after the
......@@ -149,78 +135,6 @@ sast:
CI_DEBUG_TRACE: "true"
```
### Manual job definition for GitLab 11.5 and later
For GitLab 11.5 and GitLab Runner 11.5 and later, the following `sast`
job can be added:
```yaml
sast:
stage: test
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
- |
docker run \
--env SAST_ANALYZER_IMAGES \
--env SAST_ANALYZER_IMAGE_PREFIX \
--env SAST_ANALYZER_IMAGE_TAG \
--env SAST_DEFAULT_ANALYZERS \
--env SAST_EXCLUDED_PATHS \
--env SAST_BANDIT_EXCLUDED_PATHS \
--env SAST_BRAKEMAN_LEVEL \
--env SAST_GOSEC_LEVEL \
--env SAST_FLAWFINDER_LEVEL \
--env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \
--env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \
--env SAST_RUN_ANALYZER_TIMEOUT \
--volume "$PWD:/code" \
--volume /var/run/docker.sock:/var/run/docker.sock \
"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
dependencies: []
artifacts:
reports:
sast: gl-sast-report.json
```
You can supply many other [settings variables](https://gitlab.com/gitlab-org/security-products/sast#settings)
via `docker run --env` to customize your job execution.
### Manual job definition for GitLab 11.4 and earlier (deprecated)
CAUTION: **Deprecated:**
Before GitLab 11.5, the SAST job and artifact had to be named specifically
to automatically extract report data and show it in the merge request widget.
While these old job definitions are still maintained, they have been deprecated
and may be removed in the next major release, GitLab 12.0. You are strongly
advised to update your current `.gitlab-ci.yml` configuration to reflect that change.
For GitLab 11.4 and earlier, the SAST job should look like:
```yaml
sast:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
- docker run
--env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
--volume "$PWD:/code"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION" /app/bin/run /code
artifacts:
paths: [gl-sast-report.json]
```
## Reports JSON format
CAUTION: **Caution:**
......
doc/user/project/clusters/runbooks/index.md
View file @ 0022ece6
# Runbooks
Runbooks are a collection of documented procedures that explain how to
carry out a particular process, be it starting, stopping, debugging,
Runbooks are a collection of documented procedures that explain how to
carry out a particular process, be it starting, stopping, debugging,
or troubleshooting a particular system.
Using [Jupyter Notebooks](https://jupyter.org/) and the [Rubix library](https://github.com/Nurtch/rubix),
users can get started writing their own executable runbooks.
## Overview
Historically, runbooks took the form of a decision tree or a detailed
step-by-step guide depending on the condition or system.
Historically, runbooks took the form of a decision tree or a detailed
step-by-step guide depending on the condition or system.
Modern implementations have introduced the concept of an "executable
runbooks", where, along with a well-defined process, operators can execute
Modern implementations have introduced the concept of an "executable
runbooks", where, along with a well-defined process, operators can execute
pre-written code blocks or database queries against a given environment.
## Executable Runbooks
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/45912) in GitLab 11.4.
The JupyterHub app offered via GitLab’s Kubernetes integration now ships
with Nurtch’s Rubix library, providing a simple way to create DevOps
The JupyterHub app offered via GitLab’s Kubernetes integration now ships
with Nurtch’s Rubix library, providing a simple way to create DevOps
runbooks. A sample runbook is provided, showcasing common operations. While Rubix makes it
simple to create common Kubernetes and AWS workflows, you can also create them manually without
Rubix.
......@@ -35,33 +34,33 @@ for an overview of how this is accomplished in GitLab!**
To create an executable runbook, you will need:
1. **Kubernetes** - A Kubernetes cluster is required to deploy the rest of the applications.
1. **Kubernetes** - A Kubernetes cluster is required to deploy the rest of the applications.
The simplest way to get started is to add a cluster using [GitLab's GKE integration](../index.md#adding-and-creating-a-new-gke-cluster-via-gitlab).
1. **Helm Tiller** - Helm is a package manager for Kubernetes and is required to install
all the other applications. It is installed in its own pod inside the cluster which
1. **Helm Tiller** - Helm is a package manager for Kubernetes and is required to install
all the other applications. It is installed in its own pod inside the cluster which
can run the helm CLI in a safe environment.
1. **Ingress** - Ingress can provide load balancing, SSL termination, and name-based
1. **Ingress** - Ingress can provide load balancing, SSL termination, and name-based
virtual hosting. It acts as a web proxy for your applications.
1. **JupyterHub** - [JupyterHub](https://jupyterhub.readthedocs.io/) is a multi-user service for managing notebooks across
a team. Jupyter Notebooks provide a web-based interactive programming environment
1. **JupyterHub** - [JupyterHub](https://jupyterhub.readthedocs.io/) is a multi-user service for managing notebooks across
a team. Jupyter Notebooks provide a web-based interactive programming environment
used for data analysis, visualization, and machine learning.
## Nurtch
Nurtch is the company behind the [Rubix library](https://github.com/Nurtch/rubix). Rubix is
an open-source python library that makes it easy to perform common DevOps tasks inside Jupyter Notebooks.
Tasks such as plotting Cloudwatch metrics and rolling your ECS/Kubernetes app are simplified
down to a couple of lines of code. See the [Nurtch Documentation](http://docs.nurtch.com/en/latest)
Nurtch is the company behind the [Rubix library](https://github.com/Nurtch/rubix). Rubix is
an open-source python library that makes it easy to perform common DevOps tasks inside Jupyter Notebooks.
Tasks such as plotting Cloudwatch metrics and rolling your ECS/Kubernetes app are simplified
down to a couple of lines of code. See the [Nurtch Documentation](http://docs.nurtch.com/en/latest)
for more information.
## Configure an executable runbook with GitLab
Follow this step-by-step guide to configure an executable runbook in GitLab using
Follow this step-by-step guide to configure an executable runbook in GitLab using
the components outlined above and the preloaded demo runbook.
### 1. Add a Kubernetes cluster
Follow the steps outlined in [Adding and creating a new GKE cluster via GitLab](../index.md#adding-and-creating-a-new-gke-cluster-via-gitlab)
Follow the steps outlined in [Adding and creating a new GKE cluster via GitLab](../index.md#adding-and-creating-a-new-gke-cluster-via-gitlab)
to add a Kubernetes cluster to your project.
### 2. Install Helm Tiller, Ingress, and JupyterHub
......@@ -80,13 +79,13 @@ Once Ingress has been installed successfully, click the **Install** button next
### 3. Login to JupyterHub and start the server
Once JupyterHub has been installed successfully, navigate to the displayed **Jupyter Hostname** URL and click
**Sign in with GitLab**. Authentication is automatically enabled for any user of the GitLab instance via OAuth2. This
Once JupyterHub has been installed successfully, navigate to the displayed **Jupyter Hostname** URL and click
**Sign in with GitLab**. Authentication is automatically enabled for any user of the GitLab instance via OAuth2. This
will redirect to GitLab in order to authorize JupyterHub to use your GitLab account. Click **Authorize**.
![authorize jupyter](img/authorize-jupyter.png)
Once the application has been authorized you will taken back to the JupyterHub application. Click **Start My Server**.
Once the application has been authorized you will taken back to the JupyterHub application. Click **Start My Server**.
The server will take a couple of seconds to start.
### 4. Configure access
......@@ -103,7 +102,7 @@ Double-click the "Nurtch-DevOps-Demo.ipynb" runbook.
![sample runbook](img/sample-runbook.png)
The contents on the runbook will be displayed on the right side of the screen. Under the "Setup" section, you will find
The contents on the runbook will be displayed on the right side of the screen. Under the "Setup" section, you will find
entries for both your `PRIVATE_TOKEN` and your `PROJECT_ID`. Enter both these values, conserving the single quotes as follows:
```sql
......@@ -111,7 +110,7 @@ PRIVATE_TOKEN = 'n671WNGecHugsdEDPsyo'
PROJECT_ID = '1234567'
```
Update the `VARIABLE_NAME` on the last line of this section to match the name of the variable you are using for your
Update the `VARIABLE_NAME` on the last line of this section to match the name of the variable you are using for your
access token. In this example our variable name is `PRIVATE_TOKEN`.
```sql
......@@ -120,8 +119,8 @@ VARIABLE_VALUE = project.variables.get('PRIVATE_TOKEN').value
### 5. Configure an operation
For this example we'll use the "**Run SQL queries in Notebook**" section in the sample runbook to query
a postgres database. The first 4 lines of the section define the variables that are required for this query to function.
For this example we'll use the "**Run SQL queries in Notebook**" section in the sample runbook to query
a postgres database. The first 4 lines of the section define the variables that are required for this query to function.
```sql
%env DB_USER={project.variables.get('DB_USER').value}
......@@ -134,10 +133,10 @@ Create the matching variables in your project's **Settings >> CI/CD >> Variables
![gitlab variables](img/gitlab-variables.png)
Back in Jupyter, click the "Run SQL queries in Notebook" heading and the click *Run*. The results will be
Back in Jupyter, click the "Run SQL queries in Notebook" heading and the click *Run*. The results will be
displayed in-line as follows:
![postgres query](img/postgres-query.png)
You can try other operations such as running shell scripts or interacting with a Kubernetes cluster. Visit the
[Nurtch Documentation](http://docs.nurtch.com/) for more information.
\ No newline at end of file
You can try other operations such as running shell scripts or interacting with a Kubernetes cluster. Visit the
[Nurtch Documentation](http://docs.nurtch.com/) for more information.
doc/user/project/import/index.md
View file @ 0022ece6
......@@ -34,7 +34,7 @@ This approach assumes all users from the self-hosted instance have already been
If the users haven't been migrated yet, the user conducting the import
will take the place of all references to the missing user(s).
If you need to migrate all data over, you can leverage our [api](../../../api/README.md) to migrate from self-hosted to GitLab.com.
If you need to migrate all data over, you can leverage our [api](../../../api/README.md) to migrate from self-hosted to GitLab.com.
The order of assets to migrate from a self-hosted instance to GitLab is the following:
1. [Users](../../../api/users.md)
......@@ -54,5 +54,5 @@ perhaps from an old server to a new server for example, is to
[back up the project](../../../raketasks/backup_restore.md),
then restore it on the new server.
In the event of merging two GitLab instances together (for example, both instances have existing data on them and one can't be wiped),
In the event of merging two GitLab instances together (for example, both instances have existing data on them and one can't be wiped),
refer to the instructions in [Migrating from self-hosted GitLab to GitLab.com](#migrating-from-self-hosted-gitlab-to-gitlabcom).
doc/user/project/integrations/custom_issue_tracker.md
View file @ 0022ece6
......@@ -17,6 +17,6 @@ Once you have configured and enabled Custom Issue Tracker Service you'll see a l
## Referencing issues
- Issues are referenced with `ANYTHING-<ID>`, where `ANYTHING` can be any string and `<ID>` is a number used in the target project of the custom integration (example `PROJECT-143`).
- Issues are referenced with `ANYTHING-<ID>`, where `ANYTHING` can be any string and `<ID>` is a number used in the target project of the custom integration (example `PROJECT-143`).
- `ANYTHING` is a placeholder to differentiate against GitLab issues, which are referenced with `#<ID>`. You can use a project name or project key to replace it for example.
- So with the example above, `PROJECT-143` would refer to `https://customissuetracker.com/project-name/143`.
\ No newline at end of file
- So with the example above, `PROJECT-143` would refer to `https://customissuetracker.com/project-name/143`.
doc/user/project/integrations/jira_server_configuration.md
View file @ 0022ece6
......@@ -13,46 +13,46 @@ access to your Jira projects. This is covered in the process below.
1. Log in to your Jira instance as an administrator and under **Jira Administration**
go to **User Management** to create a new user.
![Jira user management link](img/jira_user_management_link.png)
![Jira user management link](img/jira_user_management_link.png)
1. The next step is to create a new user (e.g., `gitlab`) who has write access
to projects in Jira. Enter the user's name and a _valid_ e-mail address
since Jira sends a verification e-mail to set up the password.
_**Note:** Jira creates the username automatically by using the e-mail
prefix. You can change it later, if needed. Our integration does not support SSO (such as SAML). You will need to create
an HTTP basic authentication password. You can do this by visiting the user
profile, looking up the username, and setting a password._
an HTTP basic authentication password. You can do this by visiting the user
profile, looking up the username, and setting a password._
![Jira create new user](img/jira_create_new_user.png)
![Jira create new user](img/jira_create_new_user.png)
1. Create a `gitlab-developers` group. (We will give this group write access to Jira
projects in a later step). Go to the **Groups** tab on the left, and select **Add group**.
![Jira create new user](img/jira_create_new_group.png)
![Jira create new user](img/jira_create_new_group.png)
Give it a name and click **Add group**.
Give it a name and click **Add group**.
1. Add the `gitlab` user to the `gitlab-developers` group by clicking **Edit members**.
The `gitlab-developers` group should be listed in the leftmost box as a selected group.
Under **Add members to selected group(s)**, enter `gitlab`.
![Jira add user to group](img/jira_add_user_to_group.png)
![Jira add user to group](img/jira_add_user_to_group.png)
Click **Add selected users** and `gitlab` should appear in the **Group member(s)** box.
This membership is saved automatically.
![Jira added user to group](img/jira_added_user_to_group.png)
![Jira added user to group](img/jira_added_user_to_group.png)
1. To give the newly-created group 'write' access, you need to create a **Permission Scheme**.
To do this, click the gear icon and select **Issues**. Then click **Permission Schemes**.
Click **Add Permission Scheme** and enter a **Name** and, optionally, a **Description**.
1. Once your permission scheme is created, you'll be taken back to the permissions scheme list.
Locate your new permissions scheme and click **Permissions**. Next to **Administer Projects**,
Locate your new permissions scheme and click **Permissions**. Next to **Administer Projects**,
click **Edit**. In the resulting dialog box, select **Group** and select `gitlab-developers`
from the dropdown.
![Jira group access](img/jira_group_access.png)
![Jira group access](img/jira_group_access.png)
The Jira configuration is complete. Write down the new Jira username and its
password as they will be needed when [configuring GitLab in the next section](jira.md#configuring-gitlab).
doc/user/project/issues/crosslinking_issues.md
View file @ 0022ece6
......@@ -47,7 +47,7 @@ display in both issues. The same is valid when mentioning issues in [merge reque
## From Merge Requests
Mentioning issues in merge request comments works exactly the same way as
they do for [related issues](#from-related-issues).
they do for [related issues](#from-related-issues).
When you mention an issue in a merge request description, it will simply
[link the issue and merge request together](#from-related-issues). Additionally,
......
doc/user/project/issues/csv_export.md
View file @ 0022ece6
......@@ -48,7 +48,6 @@ Exported issues are always sorted by `Issue ID`.
Data will be encoded with a comma as the column delimiter, with `"` used to quote fields if needed, and newlines to separate rows. The first row will be the headers, which are listed in the following table along with a description of the values:
| Column | Description |
|---------|-------------|
| Issue ID | Issue `iid` |
......@@ -71,7 +70,6 @@ Data will be encoded with a comma as the column delimiter, with `"` used to quot
| Time Estimate | [Time estimate](../../../workflow/time_tracking.md#estimates) in seconds |
| Time Spent | [Time spent](../../../workflow/time_tracking.md#time-spent) in seconds |
## Limitations
As the issues will be sent as an email attachment, there is a limit on how much data can be exported. Currently this limit is 20MB to ensure successful delivery across a range of email providers. If this limit is reached we suggest narrowing the search before export, perhaps by exporting open and closed issues separately.
doc/user/project/issues/issue_data_and_actions.md
View file @ 0022ece6
......@@ -210,7 +210,7 @@ and selecting either **Show comments only**, which only shows discussions and hi
updates to the issue, or **Show history only**, which hides discussions and only shows updates.
- You can mention a user or a group present in your GitLab instance with
`@username` or `@groupname` and they will be notified via To-Do items
`@username` or `@groupname` and they will be notified via To-Do items
and email, unless they have [disabled all notifications](#13-notifications)
in their profile settings.
- Mentions for yourself (the current logged in user), will be highlighted
......
doc/user/project/members/index.md
View file @ 0022ece6
......@@ -10,8 +10,6 @@ or import a new user to your project.
To view, edit, add, and remove project's members, go to your
project's **Settings > Members**.
---
## Add a user
Right next to **People**, start typing the name or username of the user you
......@@ -19,22 +17,16 @@ want to add.
![Search for people](img/add_user_search_people.png)
---
Select the user and the [permission level](../../permissions.md)
that you'd like to give the user. Note that you can select more than one user.
![Give user permissions](img/add_user_give_permissions.png)
---
Once done, hit **Add users to project** and they will be immediately added to
your project with the permissions you gave them above.
![List members](img/add_user_list_members.png)
---
From there on, you can either remove an existing user or change their access
level to the project.
......@@ -47,8 +39,6 @@ In the dropdown menu, you can see only the projects you are Maintainer on.
![Import members from another project](img/add_user_import_members_from_another_project.png)
---
Select the one you want and hit **Import project members**. A flash message
notifying you that the import was successful will appear, and the new members
are now in the project's members list. Notice that the permissions that they
......@@ -56,8 +46,6 @@ had on the project you imported from are retained.
![Members list of new members](img/add_user_imported_members.png)
---
## Invite people using their e-mail address
If a user you want to give access to doesn't have an account on your GitLab
......@@ -66,23 +54,17 @@ user search field.
![Invite user by mail](img/add_user_email_search.png)
---
As you can imagine, you can mix inviting multiple people and adding existing
GitLab users to the project.
![Invite user by mail ready to submit](img/add_user_email_ready.png)
---
Once done, hit **Add users to project** and watch that there is a new member
with the e-mail address we used above. From there on, you can resend the
invitation, change their access level, or even delete them.
![Invite user members list](img/add_user_email_accept.png)
---
Once the user accepts the invitation, they will be prompted to create a new
GitLab account using the same e-mail address the invitation was sent to.
......@@ -97,15 +79,11 @@ side of your screen.
![Request access button](img/request_access_button.png)
---
Project owners & maintainers will be notified of your request and will be able to approve or
decline it on the members page.
![Manage access requests](img/access_requests_management.png)
---
If you change your mind before your request is approved, just click the
**Withdraw Access Request** button.
......
doc/user/project/milestones/index.md
View file @ 0022ece6
......@@ -14,12 +14,12 @@ the start and end of your Agile sprint.
Set the milestone title to the name of your Agile sprint,
such as `November 2018 sprint`.
Add an issue to your Agile sprint by associating
the milestone to the issue.
the milestone to the issue.
## Milestones as releases
Milestones can be used as releases.
Set the milestone due date to represent the release date of your release.
Set the milestone due date to represent the release date of your release.
(And leave the milestone start date blank.)
Set the milestone title to the version of your release,
such as `Version 9.4`.
......
doc/user/project/new_ci_build_permissions_model.md
View file @ 0022ece6
......@@ -6,8 +6,6 @@ GitLab 8.12 has a completely redesigned [job permissions] system. You can find
all discussion and all our concerns when choosing the current approach in issue
[#18994](https://gitlab.com/gitlab-org/gitlab-ce/issues/18994).
---
Jobs permissions should be tightly integrated with the permissions of a user
who is triggering a job.
......@@ -108,8 +106,6 @@ and to checkout project sources.
It could also be used with the GitLab Container Registry for that project,
allowing pulling and pushing Docker images from within the CI job.
---
GitLab would create a special checkout URL like:
```
......
doc/user/project/pipelines/job_artifacts.md
View file @ 0022ece6
......@@ -67,8 +67,6 @@ artifacts in case you changed your mind and want to keep them.
![Job artifacts browser button](img/job_artifacts_browser_button.png)
---
The archive browser shows the name and the actual file size of each file in the
archive. If your artifacts contained directories, then you are also able to
browse inside them.
......@@ -80,8 +78,6 @@ one HTML file that you can view directly online when
![Job artifacts browser](img/job_artifacts_browser.png)
---
## Downloading artifacts
If you need to download the whole archive, there are buttons in various places
......@@ -90,22 +86,22 @@ inside GitLab that make that possible.
1. While on the pipelines page, you can see the download icon for each job's
artifacts archive in the right corner:
![Job artifacts in Pipelines page](img/job_artifacts_pipelines_page.png)
![Job artifacts in Pipelines page](img/job_artifacts_pipelines_page.png)
1. While on the **Jobs** page, you can see the download icon for each job's
artifacts archive in the right corner:
![Job artifacts in Builds page](img/job_artifacts_builds_page.png)
![Job artifacts in Builds page](img/job_artifacts_builds_page.png)
1. While inside a specific job, you are presented with a download button
along with the one that browses the archive:
![Job artifacts browser button](img/job_artifacts_browser_button.png)
![Job artifacts browser button](img/job_artifacts_browser_button.png)
1. And finally, when browsing an archive you can see the download button at
the top right corner:
![Job artifacts browser](img/job_artifacts_browser.png)
![Job artifacts browser](img/job_artifacts_browser.png)
## Downloading the latest artifacts
......
doc/user/project/pipelines/settings.md
View file @ 0022ece6
......@@ -25,10 +25,10 @@ in `.gitlab-ci.yml`.
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28919) in GitLab 12.0.
NOTE: **Note**:
As of GitLab 12.0, newly created projects will automatically have a default
As of GitLab 12.0, newly created projects will automatically have a default
`git depth` value of `50`.
It is possible to limit the number of changes that GitLab CI/CD will fetch when cloning
It is possible to limit the number of changes that GitLab CI/CD will fetch when cloning
a repository. Setting a limit to `git depth` can speed up Pipelines execution. Maximum
allowed value is `1000`.
......
doc/user/project/repository/web_editor.md
View file @ 0022ece6
......@@ -13,8 +13,6 @@ Choose **New file** from the dropdown.
![New file dropdown menu](img/web_editor_new_file_dropdown.png)
---
Enter a file name in the **File name** box. Then, add file content in the editor
area. Add a descriptive commit message and choose a branch. The branch field
will default to the branch you were viewing in the file browser. If you enter
......@@ -59,8 +57,6 @@ selector. Choose **Upload file** from the dropdown.
![Upload file dropdown menu](img/web_editor_upload_file_dropdown.png)
---
Once the upload dialog pops up there are two ways to upload your file. Either
drag and drop a file on the pop up or use the **click to upload** link. A file
preview will appear once you have selected a file to upload.
......@@ -80,8 +76,6 @@ Choose **New directory** from the dropdown.
![New directory dropdown](img/web_editor_new_directory_dropdown.png)
---
In the new directory dialog enter a directory name, a commit message and choose
the target branch. Click **Create directory** to finish.
......@@ -129,8 +123,6 @@ choose **New branch** from the dropdown.
![New branch dropdown](img/web_editor_new_branch_dropdown.png)
---
Enter a new **Branch name**. Optionally, change the **Create from** field
to choose which branch, tag or commit SHA this new branch will originate from.
This field will autocomplete if you start typing an existing branch or tag.
......@@ -139,8 +131,6 @@ branch.
![New branch page](img/web_editor_new_branch_page.png)
---
You can now make changes to any files, as needed. When you're ready to merge
the changes back to master you can use the widget at the top of the screen.
This widget only appears for a period of time after you create the branch or
......@@ -156,8 +146,6 @@ SHA. From a project's files page, choose **New tag** from the dropdown.
![New tag dropdown](img/web_editor_new_tag_dropdown.png)
---
Give the tag a name such as `v1.0.0`. Choose the branch or SHA from which you
would like to create this new tag. You can optionally add a message and
release notes. The release notes section supports markdown format and you can
......
doc/user/project/service_desk.md
View file @ 0022ece6
......@@ -53,36 +53,35 @@ Service Desk is enabled on GitLab.com. If you're a
[Silver subscriber](https://about.gitlab.com/gitlab-com/),
you can skip the step 1 below; you only need to enable it per project.
1. [Set up incoming email](../../administration/incoming_email.md#set-it-up) for the GitLab instance. This must
support [email sub-addressing](../../administration/incoming_email.md#email-sub-addressing).
2. Navigate to your project's **Settings** and scroll down to the **Service Desk**
section.
3. If you have the correct access and an Premium license,
you will see an option to set up Service Desk:
1. [Set up incoming email](../../administration/incoming_email.md#set-it-up) for the GitLab instance. This must
support [email sub-addressing](../../administration/incoming_email.md#email-sub-addressing).
1. Navigate to your project's **Settings** and scroll down to the **Service Desk**
section.
1. If you have the correct access and an Premium license,
you will see an option to set up Service Desk:
![Activate Service Desk option](img/service_desk_disabled.png)
![Activate Service Desk option](img/service_desk_disabled.png)
4. Checking that box will enable Service Desk for the project, and show a
unique email address to email issues to the project. These issues will be
[confidential](issues/confidential_issues.md), so they will only be visible to project members.
1. Checking that box will enable Service Desk for the project, and show a
unique email address to email issues to the project. These issues will be
[confidential](issues/confidential_issues.md), so they will only be visible to project members.
**Warning**: this email address can be used by anyone to create an issue on
this project, whether or not they have access to your GitLab instance.
We recommend **putting this behind an alias** so that it can be changed if
needed, and **[enabling Akismet](../../integration/akismet.md)** on your GitLab instance to add spam
checking to this service. Unblocked email spam would result in many spam
issues being created, and may disrupt your GitLab service.
**Warning**: this email address can be used by anyone to create an issue on
this project, whether or not they have access to your GitLab instance.
We recommend **putting this behind an alias** so that it can be changed if
needed, and **[enabling Akismet](../../integration/akismet.md)** on your GitLab instance to add spam
checking to this service. Unblocked email spam would result in many spam
issues being created, and may disrupt your GitLab service.
![Service Desk enabled](img/service_desk_enabled.png)
![Service Desk enabled](img/service_desk_enabled.png)
_In GitLab 11.7, we updated the format of the generated email address.
However the older format is still supported, allowing existing aliases
or contacts to continue working._
_In GitLab 11.7, we updated the format of the generated email address.
However the older format is still supported, allowing existing aliases
or contacts to continue working._
1. Service Desk is now enabled for this project! You should be able to access it from your project's navigation **Issue submenu**:
5. Service Desk is now enabled for this project! You should be able to access it from your project's navigation **Issue submenu**:
![Service Desk Navigation Item](img/service_desk_nav_item.png)
![Service Desk Navigation Item](img/service_desk_nav_item.png)
## Using Service Desk
......
doc/user/project/settings/import_export.md
View file @ 0022ece6
......@@ -2,33 +2,33 @@
>**Notes:**
>
> - [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/3050) in GitLab 8.9.
> - Importing will not be possible if the import instance version differs from
> that of the exporter.
> - For GitLab admins, please read through
> [Project import/export administration](../../../administration/raketasks/project_import_export.md).
> - For existing installations, the project import option has to be enabled in
> application settings (`/admin/application_settings`) under 'Import sources'.
> Ask your administrator if you don't see the **GitLab export** button when
> creating a new project.
> - Starting with GitLab 10.0, administrators can disable the project export option
> on the GitLab instance in application settings (`/admin/application_settings`)
> under 'Visibility and Access Controls'.
> - You can find some useful raketasks if you are an administrator in the
> [import_export](../../../administration/raketasks/project_import_export.md) raketask.
> - The exports are stored in a temporary [shared directory](../../../development/shared_files.md)
> and are deleted every 24 hours by a specific worker.
> - Group members will get exported as project members, as long as the user has
> maintainer or admin access to the group where the exported project lives. An admin
> in the import side is required to map the users, based on email or username.
> Otherwise, a supplementary comment is left to mention the original author and
> the MRs, notes or issues will be owned by the importer.
> - Project members with owner access will get imported as maintainers.
> - Control project Import/Export with the [API](../../../api/project_import_export.md).
> - If an imported project contains merge requests originated from forks,
> then new branches associated with such merge requests will be created
> within a project during the import/export. Thus, the number of branches
> in the exported project could be bigger than in the original project.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/3050) in GitLab 8.9.
> - Importing will not be possible if the import instance version differs from
> that of the exporter.
> - For GitLab admins, please read through
> [Project import/export administration](../../../administration/raketasks/project_import_export.md).
> - For existing installations, the project import option has to be enabled in
> application settings (`/admin/application_settings`) under 'Import sources'.
> Ask your administrator if you don't see the **GitLab export** button when
> creating a new project.
> - Starting with GitLab 10.0, administrators can disable the project export option
> on the GitLab instance in application settings (`/admin/application_settings`)
> under 'Visibility and Access Controls'.
> - You can find some useful raketasks if you are an administrator in the
> [import_export](../../../administration/raketasks/project_import_export.md) raketask.
> - The exports are stored in a temporary [shared directory](../../../development/shared_files.md)
> and are deleted every 24 hours by a specific worker.
> - Group members will get exported as project members, as long as the user has
> maintainer or admin access to the group where the exported project lives. An admin
> in the import side is required to map the users, based on email or username.
> Otherwise, a supplementary comment is left to mention the original author and
> the MRs, notes or issues will be owned by the importer.
> - Project members with owner access will get imported as maintainers.
> - Control project Import/Export with the [API](../../../api/project_import_export.md).
> - If an imported project contains merge requests originated from forks,
> then new branches associated with such merge requests will be created
> within a project during the import/export. Thus, the number of branches
> in the exported project could be bigger than in the original project.
Existing projects running on any GitLab instance or GitLab.com can be exported
with all their related data and be moved into a new GitLab instance.
......@@ -79,7 +79,7 @@ The following items will NOT be exported:
- Awards
NOTE: **Note:**
For more details on the specific data persisted in a project export, see the
For more details on the specific data persisted in a project export, see the
[`import_export.yml`](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/lib/gitlab/import_export/import_export.yml) file.
## Exporting a project and its data
......@@ -90,29 +90,29 @@ For more details on the specific data persisted in a project export, see the
1. Scroll down to find the **Export project** button:
![Export button](img/import_export_export_button.png)
![Export button](img/import_export_export_button.png)
1. Once the export is generated, you should receive an e-mail with a link to
download the file:
![Email download link](img/import_export_mail_link.png)
![Email download link](img/import_export_mail_link.png)
1. Alternatively, you can come back to the project settings and download the
file from there, or generate a new export. Once the file available, the page
should show the **Download export** button:
![Download export](img/import_export_download_export.png)
![Download export](img/import_export_download_export.png)
## Importing the project
1. The GitLab project import feature is the first import option when creating a
1. The GitLab project import feature is the first import option when creating a
new project. Click on **GitLab export**:
![New project](img/import_export_new_project.png)
![New project](img/import_export_new_project.png)
1. Enter your project name and URL. Then select the file you exported previously:
![Select file](img/import_export_select_file.png)
![Select file](img/import_export_select_file.png)
1. Click on **Import project** to begin importing. Your newly imported project
page will appear soon.
doc/user/project/settings/index.md
View file @ 0022ece6
......@@ -96,7 +96,7 @@ To rename a repository:
1. Hit **Rename project**.
Remember that this can have unintended side effects since everyone with the
old URL will not be able to push or pull. Read more about what happens with the
old URL will not be able to push or pull. Read more about what happens with the
[redirects when renaming repositories](../index.md#redirects-when-changing-repository-paths).
#### Transferring an existing project into another namespace
......
doc/user/project/web_ide/index.md
View file @ 0022ece6
......@@ -295,6 +295,5 @@ active terminal at a time.
connect to the runner. Please try to stop and restart the terminal. If the
problem persists, double check your runner configuration.
[ce]: https://about.gitlab.com/pricing/
[ee]: https://about.gitlab.com/pricing/
doc/workflow/file_finder.md
View file @ 0022ece6
......@@ -2,8 +2,6 @@
> [Introduced][gh-9889] in GitLab 8.4.
---
The file finder feature allows you to quickly shortcut your way when you are
searching for a file in a repository using the GitLab UI.
......@@ -12,8 +10,6 @@ project.
![Find file button](img/file_finder_find_button.png)
---
For those who prefer to keep their fingers on the keyboard, there is a
[shortcut button](shortcuts.md) as well, which you can invoke from _anywhere_
in a project.
......
doc/workflow/issue_weight.md
View file @ 0022ece6
......@@ -9,7 +9,7 @@ value or complexity a given issue has or will cost.
You can set the weight of an issue during its creation, by simply changing the
value in the dropdown menu. You can set it to a non-negative integer
value from 0, 1, 2, and so on. (The database stores a 4-byte value, so the
value from 0, 1, 2, and so on. (The database stores a 4-byte value, so the
upper bound is essentially limitless).
You can remove weight from an issue
as well.
......
doc/workflow/lfs/manage_large_binaries_with_git_lfs.md
View file @ 0022ece6
......@@ -250,7 +250,7 @@ If you are storing LFS files outside of GitLab you can disable LFS on the projec
It is possible to host LFS objects externally by setting a custom LFS url with `git config -f .lfsconfig lfs.url https://example.com/<project>.git/info/lfs`.
You might choose to do this if you are using an appliance like a Sonatype Nexus to store LFS data. If you choose to use an external LFS store,
You might choose to do this if you are using an appliance like a Sonatype Nexus to store LFS data. If you choose to use an external LFS store,
GitLab will not be able to verify LFS objects which means that pushes will fail if you have GitLab LFS support enabled.
To stop push failure, LFS support can be disabled in the [Project settings](../../user/project/settings/index.md). This means you will lose GitLab LFS value-adds (Verifying LFS objects, UI integration for LFS).
doc/workflow/todos.md
View file @ 0022ece6
......@@ -12,8 +12,6 @@ in a simple dashboard.
![To Do screenshot showing a list of items to check on](img/todos_index.png)
---
You can quickly access your To-Do List by clicking the checkmark icon next to the
search bar in the top navigation. If the count is:
......@@ -31,15 +29,15 @@ A To Do displays on your To-Do List when:
- An issue or merge request is assigned to you
- You are `@mentioned` in the description or comment of an:
- Issue
- Merge Request
- Epic **(ULTIMATE)**
- Issue
- Merge Request
- Epic **(ULTIMATE)**
- You are `@mentioned` in a comment on a commit
- A job in the CI pipeline running for your merge request failed, but this
job is not allowed to fail
- An open merge request becomes unmergeable due to conflict, and you are either:
- The author
- Have set it to automatically merge once the pipeline succeeds
- The author
- Have set it to automatically merge once the pipeline succeeds
To-do triggers are not affected by [GitLab Notification Email settings](notifications.md).
......@@ -94,8 +92,6 @@ Actions that dismiss To-Do items include:
- Adding/removing a label
- Commenting on the issue
---
Your To-Do List is personal, and items are only marked as done if the action comes from
you. If you close the issue or merge request, your To Do is automatically
marked as done.
......@@ -108,8 +104,6 @@ To prevent other users from closing issues without you being notified, if someon
There is just one To Do for each of these, so mentioning a user a hundred times in an issue will only trigger one To Do.
---
If no action is needed, you can manually mark the To Do as done by clicking the
corresponding **Done** button, and it will disappear from your To-Do List.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7