Merge branch 'secure-ci-template-standard-variable-note' into 'master'

Copy edit variables comments in Secure CI templates

See merge request gitlab-org/gitlab!62274

doc/user/application_security/container_scanning/index.md

@@ -102,7 +102,7 @@ How you enable container scanning depends on your GitLab version:
   `container_scanning` job's [`before_script`](../../../ci/yaml/README.md#before_script)
   and [`after_script`](../../../ci/yaml/README.md#after_script)
   blocks may not work with the new version. To roll back to the previous [`alpine:3.11.3`](https://hub.docker.com/_/alpine)-based
-  Docker image, you can specify the major version through the [`CS_MAJOR_VERSION`](#available-variables)
+  Docker image, you can specify the major version through the [`CS_MAJOR_VERSION`](#available-cicd-variables)
   variable.
 - GitLab 13.9 [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/322656) integration with
   [Trivy](https://github.com/aquasecurity/trivy) by upgrading `CS_MAJOR_VERSION` from `3` to `4`.
@@ -159,7 +159,7 @@ include:
 There may be cases where you want to customize how GitLab scans your containers. For example, you
 may want to enable more verbose output, access a Docker registry that requires
 authentication, and more. To change such settings, use the [`variables`](../../../ci/yaml/README.md#variables)
-parameter in your `.gitlab-ci.yml` to set [CI/CD variables](#available-variables).
+parameter in your `.gitlab-ci.yml` to set [CI/CD variables](#available-cicd-variables).
 The variables you set in your `.gitlab-ci.yml` overwrite those in
 `Container-Scanning.gitlab-ci.yml`.
 
@@ -201,7 +201,7 @@ variables:
      make a change to this heading, make sure to update the documentation URLs used in the"
      container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)" -->
 
-#### Available variables
+#### Available CI/CD variables
 
 You can [configure](#customizing-the-container-scanning-settings) both analyzers by using the following CI/CD variables:
 
@@ -289,7 +289,7 @@ taking the following steps:
      that instead of overriding this variable, you can use `CS_MAJOR_VERSION`.
 
 1. Remove any variables that are only applicable to Clair. For a complete list of these variables,
-   see the [available variables](#available-variables).
+   see the [available variables](#available-cicd-variables).
 1. Make any [necessary customizations](#customizing-the-container-scanning-settings) to the
    `Trivy` scanner. We strongly recommended that you minimize customizations, as they
    might require changes in future GitLab major releases.
@@ -711,7 +711,7 @@ Some vulnerabilities can be fixed by applying the solution that GitLab
 automatically generates.
 
 To enable remediation support, the scanning tool _must_ have access to the `Dockerfile` specified by
-the [`DOCKERFILE_PATH`](#available-variables) CI/CD variable. To ensure that the scanning tool
+the [`DOCKERFILE_PATH`](#available-cicd-variables) CI/CD variable. To ensure that the scanning tool
 has access to this
 file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/runners/README.md#git-strategy) in
 your `.gitlab-ci.yml` file by following the instructions described in this document's

doc/user/application_security/dast/browser_based.md

@@ -44,7 +44,7 @@ dast:
     DAST_BROWSER_SCAN: "true"
 ```
 
-### Available variables
+### Available CI/CD variables
 
 The browser-based crawler can be configured using CI/CD variables.
 
@@ -72,7 +72,7 @@ The browser-based crawler can be configured using CI/CD variables.
 | `DAST_BROWSER_AUTH_VERIFICATION_SELECTOR`   | selector | `css:.user-photo`                | Verifies successful authentication by checking for presence of a selector once the login form has been submitted. |
 | `DAST_BROWSER_AUTH_VERIFICATION_LOGIN_FORM` | boolean  | `true`                            | Verifies successful authentication by checking for the lack of a login form once the login form has been submitted. |
 
-The [DAST variables](index.md#available-variables) `SECURE_ANALYZERS_PREFIX`, `DAST_FULL_SCAN_ENABLED`, `DAST_AUTO_UPDATE_ADDONS`, `DAST_EXCLUDE_RULES`, `DAST_REQUEST_HEADERS`, `DAST_HTML_REPORT`, `DAST_MARKDOWN_REPORT`, `DAST_XML_REPORT`,
+The [DAST variables](index.md#available-cicd-variables) `SECURE_ANALYZERS_PREFIX`, `DAST_FULL_SCAN_ENABLED`, `DAST_AUTO_UPDATE_ADDONS`, `DAST_EXCLUDE_RULES`, `DAST_REQUEST_HEADERS`, `DAST_HTML_REPORT`, `DAST_MARKDOWN_REPORT`, `DAST_XML_REPORT`,
 `DAST_INCLUDE_ALPHA_VULNERABILITIES`, `DAST_PATHS_FILE`, `DAST_PATHS`, `DAST_ZAP_CLI_OPTIONS`, and `DAST_ZAP_LOG_CONFIGURATION` are also compatible with browser-based crawler scans.   
 
 #### Selectors
@@ -284,9 +284,9 @@ This can come at a cost of increased scan time.
 
 You can manage the trade-off between coverage and scan time with the following measures:
 
-- Limit the number of actions executed by the browser with the [variable](#available-variables) `DAST_BROWSER_MAX_ACTIONS`. The default is `10,000`.
-- Limit the page depth that the browser-based crawler will check coverage on with the [variable](#available-variables) `DAST_BROWSER_MAX_DEPTH`. The crawler uses a breadth-first search strategy, so pages with smaller depth are crawled first. The default is `10`.
-- Vertically scaling the runner and using a higher number of browsers with [variable](#available-variables) `DAST_BROWSER_NUMBER_OF_BROWSERS`. The default is `3`.
+- Limit the number of actions executed by the browser with the [variable](#available-cicd-variables) `DAST_BROWSER_MAX_ACTIONS`. The default is `10,000`.
+- Limit the page depth that the browser-based crawler will check coverage on with the [variable](#available-cicd-variables) `DAST_BROWSER_MAX_DEPTH`. The crawler uses a breadth-first search strategy, so pages with smaller depth are crawled first. The default is `10`.
+- Vertically scaling the runner and using a higher number of browsers with [variable](#available-cicd-variables) `DAST_BROWSER_NUMBER_OF_BROWSERS`. The default is `3`.
 
 ## Debugging scans using logging
 

doc/user/application_security/dast/index.md

@@ -270,7 +270,7 @@ authorization credentials. By default, the following headers are masked:
 - `Set-Cookie` (values only).
 - `Cookie` (values only).
 
-Using the [`DAST_MASK_HTTP_HEADERS` CI/CD variable](#available-variables), you can list the
+Using the [`DAST_MASK_HTTP_HEADERS` CI/CD variable](#available-cicd-variables), you can list the
 headers whose values you want masked. For details on how to mask headers, see
 [Customizing the DAST settings](#customizing-the-dast-settings).
 
@@ -348,7 +348,7 @@ and potentially damage them. You could even take down your production environmen
 For that reason, you should use domain validation.
 
 Domain validation is not required by default. It can be required by setting the
-[CI/CD variable](#available-variables) `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` to `"true"`.
+[CI/CD variable](#available-cicd-variables) `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` to `"true"`.
 
 ```yaml
 include:
@@ -661,7 +661,7 @@ is no longer supported. When overriding the template, you must use [`rules`](../
 
 The DAST settings can be changed through CI/CD variables by using the
 [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
-These variables are documented in [available variables](#available-variables).
+These variables are documented in [available variables](#available-cicd-variables).
 
 For example:
 
@@ -677,7 +677,7 @@ variables:
 Because the template is [evaluated before](../../../ci/yaml/README.md#include) the pipeline
 configuration, the last mention of the variable takes precedence.
 
-### Available variables
+### Available CI/CD variables
 
 DAST can be [configured](#customizing-the-dast-settings) using CI/CD variables.
 

doc/user/application_security/dependency_scanning/index.md

@@ -112,7 +112,7 @@ always take the latest dependency scanning artifact available.
 
 ### Customizing the dependency scanning settings
 
-The dependency scanning settings can be changed through [CI/CD variables](#available-variables) by using the
+The dependency scanning settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
 [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
 For example:
 
@@ -157,7 +157,7 @@ gemnasium-dependency_scanning:
   dependencies: ["build"]
 ```
 
-### Available variables
+### Available CI/CD variables
 
 Dependency scanning can be [configured](#customizing-the-dependency-scanning-settings)
 using environment variables.

doc/user/application_security/sast/analyzers.md

@@ -48,7 +48,7 @@ GitLab, but users can also integrate their own **custom images**.
 For an analyzer to be considered Generally Available, it is expected to minimally
 support the following features:
 
-- [Customizable configuration](index.md#available-variables)
+- [Customizable configuration](index.md#available-cicd-variables)
 - [Customizable rulesets](index.md#customize-rulesets)
 - [Scan projects](index.md#supported-languages-and-frameworks)
 - [Multi-project support](index.md#multi-project-support)

doc/user/application_security/sast/index.md

@@ -202,7 +202,7 @@ page:
 
 ### Customizing the SAST settings
 
-The SAST settings can be changed through [CI/CD variables](#available-variables)
+The SAST settings can be changed through [CI/CD variables](#available-cicd-variables)
 by using the
 [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
 In the following example, we include the SAST template and at the same time we
@@ -411,7 +411,7 @@ the vendored directory. This configuration can vary per analyzer but in the case
 can use `MAVEN_REPO_PATH`. See
 [Analyzer settings](#analyzer-settings) for the complete list of available options.
 
-### Available variables
+### Available CI/CD variables
 
 SAST can be [configured](#customizing-the-sast-settings) using CI/CD variables.
 

doc/user/application_security/secret_detection/index.md

@@ -160,7 +160,7 @@ that you can review and merge to complete the configuration.
 
 ### Customizing settings
 
-The Secret Detection scan settings can be changed through [CI/CD variables](#available-variables)
+The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables)
 by using the
 [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
 
@@ -196,7 +196,7 @@ secret_detection:
 Because the template is [evaluated before](../../../ci/yaml/README.md#include)
 the pipeline configuration, the last mention of the variable takes precedence.
 
-#### Available variables
+#### Available CI/CD variables
 
 Secret Detection can be customized by defining available CI/CD variables:
 
@@ -298,7 +298,7 @@ want to perform a full secret scan. Running a secret scan on the full history ca
 especially for larger repositories with lengthy Git histories. We recommend not setting this CI/CD variable
 as part of your normal job definition.
 
-A new configuration variable ([`SECRET_DETECTION_HISTORIC_SCAN`](#available-variables))
+A new configuration variable ([`SECRET_DETECTION_HISTORIC_SCAN`](#available-cicd-variables))
 can be set to change the behavior of the GitLab Secret Detection scan to run on the entire Git history of a repository.
 
 We have created a [short video walkthrough](https://youtu.be/wDtc_K00Y0A) showcasing how you can perform a full history secret scan.

doc/user/compliance/license_compliance/index.md

@@ -121,7 +121,7 @@ always take the latest License Compliance artifact available. Behind the scenes,
 [GitLab License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder)
 is used to detect the languages/frameworks and in turn analyzes the licenses.
 
-The License Compliance settings can be changed through [CI/CD variables](#available-variables) by using the
+The License Compliance settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
 [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
 
 ### When License Compliance runs
@@ -129,7 +129,7 @@ The License Compliance settings can be changed through [CI/CD variables](#availa
 When using the GitLab `License-Scanning.gitlab-ci.yml` template, the License Compliance job doesn't
 wait for other stages to complete.
 
-### Available variables
+### Available CI/CD variables
 
 License Compliance can be configured using CI/CD variables.
 
@@ -265,11 +265,11 @@ license_scanning:
 ### Custom root certificates for Python
 
 You can supply a custom root certificate to complete TLS verification by using the
-`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables).
+`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
 
 #### Using private Python repositories
 
-If you have a private Python repository you can use the `PIP_INDEX_URL` [CI/CD variable](#available-variables)
+If you have a private Python repository you can use the `PIP_INDEX_URL` [CI/CD variable](#available-cicd-variables)
 to specify its location.
 
 ### Configuring npm projects
@@ -292,7 +292,7 @@ registry = https://npm.example.com
 #### Custom root certificates for npm
 
 You can supply a custom root certificate to complete TLS verification by using the
-`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables).
+`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
 
 To disable TLS verification you can provide the [`strict-ssl`](https://docs.npmjs.com/using-npm/config/#strict-ssl)
 setting.
@@ -323,7 +323,7 @@ npmRegistryServer: "https://npm.example.com"
 #### Custom root certificates for Yarn
 
 You can supply a custom root certificate to complete TLS verification by using the
-`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables).
+`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
 
 ### Configuring Bower projects
 
@@ -347,7 +347,7 @@ For example:
 #### Custom root certificates for Bower
 
 You can supply a custom root certificate to complete TLS verification by using the
-`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables), or by
+`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
 specifying a `ca` setting in a [`.bowerrc`](https://bower.io/docs/config/#bowerrc-specification)
 file.
 
@@ -368,7 +368,7 @@ source "https://gems.example.com"
 #### Custom root certificates for Bundler
 
 You can supply a custom root certificate to complete TLS verification by using the
-`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables), or by
+`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
 specifying a [`BUNDLE_SSL_CA_CERT`](https://bundler.io/v2.0/man/bundle-config.1.html)
 [variable](../../../ci/variables/README.md#custom-cicd-variables)
 in the job definition.
@@ -392,7 +392,7 @@ my-registry = { index = "https://my-intranet:8080/git/index" }
 
 To supply a custom root certificate to complete TLS verification, do one of the following:
 
-- Use the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables).
+- Use the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
 - Specify a [`CARGO_HTTP_CAINFO`](https://doc.rust-lang.org/cargo/reference/environment-variables.html)
   [variable](../../../ci/variables/README.md#custom-cicd-variables)
   in the job definition.
@@ -425,7 +425,7 @@ For example:
 #### Custom root certificates for Composer
 
 You can supply a custom root certificate to complete TLS verification by using the
-`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables), or by
+`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
 specifying a [`COMPOSER_CAFILE`](https://getcomposer.org/doc/03-cli.md#composer-cafile)
 [variable](../../../ci/variables/README.md#custom-cicd-variables)
 in the job definition.
@@ -499,7 +499,7 @@ You can provide custom certificates by adding a `.conan/cacert.pem` file to the
 setting [`CA_CERT_PATH`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-cacert-path)
 to `.conan/cacert.pem`.
 
-If you specify the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables), this
+If you specify the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), this
 variable's X.509 certificates are installed in the Docker image's default trust store and Conan is
 configured to use this as the default `CA_CERT_PATH`.
 
@@ -507,7 +507,7 @@ configured to use this as the default `CA_CERT_PATH`.
 
 To configure [Go modules](https://github.com/golang/go/wiki/Modules)
 based projects, specify [CI/CD variables](https://golang.org/pkg/cmd/go/#hdr-Environment_variables)
-in the `license_scanning` job's [variables](#available-variables) section in `.gitlab-ci.yml`.
+in the `license_scanning` job's [variables](#available-cicd-variables) section in `.gitlab-ci.yml`.
 
 If a project has [vendored](https://golang.org/pkg/cmd/go/#hdr-Vendor_Directories) its modules,
 then the combination of the `vendor` directory and `mod.sum` file are used to detect the software
@@ -556,7 +556,7 @@ For example:
 #### Custom root certificates for NuGet
 
 You can supply a custom root certificate to complete TLS verification by using the
-`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables).
+`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
 
 ### Migration from `license_management` to `license_scanning`
 
@@ -816,7 +816,7 @@ license_scanning:
     ASDF_RUBY_VERSION: '2.7.2'
 ```
 
-A full list of variables can be found in [CI/CD variables](#available-variables).
+A full list of variables can be found in [CI/CD variables](#available-cicd-variables).
 
 To find out what tools are pre-installed in the `license_scanning` Docker image use the following command:
 

lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml

 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/
 
-# Configure the scanning tool through the environment variables.
-# List of the variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-variables
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure API fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-cicd-variables
 
 stages:
     - build

lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml

 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/
 
-# Configure the scanning tool through the environment variables.
-# List of the variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-variables
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure API fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-cicd-variables
 
 variables:
     FUZZAPI_VERSION: "1"

lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml

@@ -10,7 +10,8 @@
 # - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
 #   DOCKERFILE_PATH variable.
 #
-# For more information, see https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
+# Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
 
 variables:
   # Setting this variable will affect all Security templates (e.g.: SAST, Dependency Scanning)

lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml

 # Read more about this feature https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing
 
-# Configure the fuzzing tool through the environment variables.
-# List of the variables: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#available-cicd-variables
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure coverage fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#available-cicd-variables
 
 variables:
   # Which branch we want to run full fledged long running fuzzing jobs.

lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml

@@ -13,9 +13,8 @@
 
 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html
 
-# Configure the scanning tool with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html)
-# List of variables available to configure the DAST API scanning tool:
-# https://docs.gitlab.com/ee/user/application_security/dast_api/index.html#available-cicd-variables
+# Configure DAST API scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html#available-cicd-variables
 
 variables:
   # Setting this variable affects all Security templates

lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml

 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
 
-# Configure the scanning tool through the environment variables.
-# List of the variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
 
 stages:
   - build

lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml

@@ -13,9 +13,8 @@
 
 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
 
-# Configure the scanning tool through the environment variables.
-# List of the variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
 
 variables:
   DAST_VERSION: 1

lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml

 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
 #
-# Configure the scanning tool through the environment variables.
-# List of the variables: https://gitlab.com/gitlab-org/security-products/dependency-scanning#settings
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure dependency scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables
 
 variables:
   # Setting this variable will affect all Security templates

lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml

 # Read more about this feature here: https://docs.gitlab.com/ee/user/compliance/license_compliance/index.html
 #
-# Configure the scanning tool through the environment variables.
-# List of the variables: https://gitlab.com/gitlab-org/security-products/analyzers/license-finder#settings
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure license scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/compliance/license_compliance/#available-variables
 
 variables:
   # Setting this variable will affect all Security templates

lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml

 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
 #
-# Configure the scanning tool through the environment variables.
-# List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-variables
 
 variables:
   # Setting this variable will affect all Security templates

lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml

 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/secret_detection
 #
-# Configure the scanning tool through the environment variables.
-# List of the variables: https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-variables
-# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
+# Configure secret detection with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-variables
 
 variables:
   SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"