Merge branch 'russell-standardize-secure-navigation-steps' into 'master'

Standardize UI navigation steps in Secure-related tasks See merge request gitlab-org/gitlab!83366

Merge branch 'russell-standardize-secure-navigation-steps' into 'master'
Standardize UI navigation steps in Secure-related tasks See merge request gitlab-org/gitlab!83366
1270174a · Kati Paizee · 862882ba · 5cb04931 · 1270174a · 1270174a
Commit 1270174a authored Apr 01, 2022 by Kati Paizee
7 changed files
--- a/doc/user/application_security/api_fuzzing/index.md
+++ b/doc/user/application_security/api_fuzzing/index.md
@@ -91,20 +91,25 @@ The API fuzzing configuration form helps you create or modify your project's API
 configuration. The form lets you choose values for the most common API fuzzing options and builds
 a YAML snippet that you can paste in your GitLab CI/CD configuration.

-#### Configure Web API fuzzing with the configuration form
+#### Configure Web API fuzzing in the UI

 To generate an API Fuzzing configuration snippet:

 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Security & Compliance > Configuration**.
-1. In the **API Fuzzing** row, select **Configure**.
-1. Complete the form as needed. Read below for more information on available configuration options.
+1. In the **API Fuzzing** row, select **Enable API Fuzzing**.
+1. Complete the fields. For details see [Available CI/CD variables](#available-cicd-variables).
 1. Select **Generate code snippet**.
   A modal opens with the YAML snippet corresponding to the options you've selected in the form.
-1. Choose one of the following actions:
-   1. To copy the snippet to your clipboard and be redirected to your project's `.gitlab-ci.yml` file,
-      where you can paste the YAML configuration, select **Copy code and open `.gitlab-ci.yml` file**.
-   1. To copy the snippet to your clipboard and close the modal, select **Copy code only**.
+1. Do one of the following:
+   1. To copy the snippet to your clipboard, select **Copy code only**.
+   1. To add the snippet to your project's `.gitlab-ci.yml` file, select
+      **Copy code and open `.gitlab-ci.yml` file**. The Pipeline Editor opens.
+      1. Paste the snippet into the `.gitlab-ci.yml` file.
+      1. Select the **Lint** tab to confirm the edited `.gitlab-ci.yml` file is valid.
+      1. Select the **Edit** tab, then select **Commit changes**.
+
+When the snippet is committed to the `.gitlab-ci.yml` file, pipelines include an API Fuzzing job.

 ### OpenAPI Specification


--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -278,7 +278,8 @@ page.
 You can enable or configure DAST settings using the UI. The generated settings are formatted so they
 can be conveniently pasted into the `.gitlab-ci.yml` file.

-1. From the project's home page, go to **Security & Compliance > Configuration**.
+1. On the top bar, select **Menu > Projects** and find your project.
+1. On the left sidebar, select **Security & Compliance > Configuration**.
 1. In the **Dynamic Application Security Testing (DAST)** section, select **Enable DAST** or
   **Configure DAST**.
 1. Select the desired **Scanner profile**, or select **Create scanner profile** and save a
@@ -288,12 +289,14 @@ can be conveniently pasted into the `.gitlab-ci.yml` file.
 1. Select **Generate code snippet**. A modal opens with the YAML snippet corresponding to the
   options you selected.
 1. Do one of the following:
-   1. Select **Copy code only** to copy the snippet to your clipboard.
-   1. Select **Copy code and open `.gitlab-ci.yml` file** to copy the snippet to your clipboard. The
-   CI/CD Editor then opens.
+   1. To copy the snippet to your clipboard, select **Copy code only**.
+   1. To add the snippet to your project's `.gitlab-ci.yml` file, select
+      **Copy code and open `.gitlab-ci.yml` file**. The Pipeline Editor opens.
      1. Paste the snippet into the `.gitlab-ci.yml` file.
      1. Select the **Lint** tab to confirm the edited `.gitlab-ci.yml` file is valid.
-      1. Select **Commit changes**.
+      1. Select the **Edit** tab, then select **Commit changes**.
+
+When the snippet is committed to the `.gitlab-ci.yml` file, pipelines include a DAST job.

 #### Crawling web applications dependent on JavaScript


--- a/doc/user/application_security/dast_api/index.md
+++ b/doc/user/application_security/dast_api/index.md
@@ -84,9 +84,9 @@ the body generation is limited to these body types:
 - `application/json`
 - `application/xml`

-Follow these steps to configure DAST API in GitLab with an OpenAPI specification:
+To configure DAST API scanning with an OpenAPI specification:

-1. To use DAST API, you must [include](../../../ci/yaml/index.md#includetemplate)
+1. To use DAST API scanning, [include](../../../ci/yaml/index.md#includetemplate)
   the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml)
   that's provided as part of your GitLab installation. Add the following to your
   `.gitlab-ci.yml` file:
@@ -182,8 +182,7 @@ WARNING:
 HAR files may contain sensitive information such as authentication tokens, API keys, and session
 cookies. We recommend that you review the HAR file contents before adding them to a repository.

-Follow these steps to configure DAST API to use a HAR file that provides information about the
-target API to test:
+To configure DAST API scanning to use a HAR file:

 1. To use DAST API, you must [include](../../../ci/yaml/index.md#includetemplate)
   the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml)
@@ -282,8 +281,7 @@ Postman Collection files may contain sensitive information such as authenticatio
 and session cookies. We recommend that you review the Postman Collection file contents before adding
 them to a repository.

-Follow these steps to configure DAST API to use a Postman Collection file that provides
-information about the target API to test:
+To configure DAST API scanning to use a Postman Collection file:

 1. To use DAST API, you must [include](../../../ci/yaml/index.md#includetemplate)
   the [`DAST-API.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml)

--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -508,19 +508,18 @@ always take the latest dependency scanning artifact available.
 > - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/282533) in GitLab 14.1.
 > - [Feature flag sec_dependency_scanning_ui_enable removed](https://gitlab.com/gitlab-org/gitlab/-/issues/326005) in GitLab 14.2.

-To enable Dependency Scanning in a project, you can create a merge request
-from the Security Configuration page.
+To enable Dependency Scanning in a project, you can create a merge request:

-1. In the project where you want to enable Dependency Scanning, navigate to
-   **Security & Compliance > Configuration**.
+1. On the top bar, select **Menu > Projects** and find your project.
+1. On the left sidebar, select **Security & Compliance > Configuration**.
 1. In the **Dependency Scanning** row, select **Configure with a merge request**.
+1. Review and merge the merge request to enable Dependency Scanning.

-This automatically creates a merge request with the changes necessary to enable Dependency Scanning
-that you can review and merge to complete the configuration.
+Pipelines now include a dependency scanning job.

 ### Customizing the dependency scanning settings

-The dependency scanning settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
+The Dependency Scanning settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
 [`variables`](../../../ci/yaml/index.md#variables) parameter in `.gitlab-ci.yml`.
 For example:


--- a/doc/user/application_security/iac_scanning/index.md
+++ b/doc/user/application_security/iac_scanning/index.md
@@ -93,15 +93,14 @@ that you can download and analyze.

 ### Enable IaC Scanning via an automatic merge request

-To enable IaC Scanning in a project, you can create a merge request
-from the Security Configuration page:
+To enable IaC Scanning in a project, you can create a merge request:

 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Security & Compliance > Configuration**.
 1. In the **Infrastructure as Code (IaC) Scanning** row, select **Configure with a merge request**.
+1. Review and merge the merge request to enable IaC Scanning.

-This automatically creates a merge request with the changes necessary to enable IaC Scanning
-that you can review and merge to complete the configuration.
+Pipelines now include an IaC job.

 ## Reports JSON format


--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -190,28 +190,28 @@ always take the latest SAST artifact available.
 ### Configure SAST in the UI

 You can enable and configure SAST in the UI, either with default settings, or with customizations.
-Use the method that best meets your needs.
+The method you can use depends on your GitLab license tier.

- [Configure SAST in the UI with default settings](#configure-sast-in-the-ui-with-default-settings)
- [Configure SAST in the UI with customizations](#configure-sast-in-the-ui-with-customizations)
+- [Configure SAST in the UI with default settings](#configure-sast-in-the-ui-with-default-settings).
+- [Configure SAST in the UI with customizations](#configure-sast-in-the-ui-with-customizations). **(ULTIMATE)**

 ### Configure SAST in the UI with default settings

 > [Introduced](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#security-configuration-page-for-all-users) in GitLab 13.9

+NOTE:
+The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
+configuration file. If you have a complex GitLab configuration file it may not be parsed
+successfully, and an error may occur.
+
 To enable and configure SAST with default settings:

 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Security & Compliance** > **Configuration**.
-1. In the SAST section, select `Enable via MR`.
-1. Review the draft MR that enables SAST with the default recommended settings in the
-   `.gitlab-ci.yml` file.
-1. Merge the MR to enable SAST. You should see SAST jobs run in that MR's pipeline.
+1. In the SAST section, select **Configure with a merge request**.
+1. Review and merge the merge request to enable SAST.

-NOTE:
-The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
-configuration file. If you have a complex GitLab configuration file it may not be parsed
-successfully, and an error may occur.
+Pipelines now include a SAST job.

 ### Configure SAST in the UI with customizations **(ULTIMATE)**

@@ -219,27 +219,28 @@ successfully, and an error may occur.
 > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab 13.4.
 > - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab 13.5.

+NOTE:
+The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
+configuration file. If you have a complex GitLab configuration file it may not be parsed
+successfully, and an error may occur.
+
 To enable and configure SAST with customizations:

 1. On the top bar, select **Menu > Projects** and find your project.
 1. On the left sidebar, select **Security & Compliance > Configuration**.
-1. If the project does not have a `.gitlab-ci.yml` file, select **Enable** in the Static Application
-   Security Testing (SAST) row, otherwise select **Configure**.
+1. If the project does not have a `.gitlab-ci.yml` file, select **Enable SAST** in the Static
+   Application Security Testing (SAST) row, otherwise select **Configure SAST**.
 1. Enter the custom SAST values.

   Custom values are stored in the `.gitlab-ci.yml` file. For CI/CD variables not in the SAST
-   Configuration page, their values are left unchanged. Default values are inherited from the GitLab
-   SAST template.
+   Configuration page, their values are inherited from the GitLab SAST template.

 1. Optionally, expand the **SAST analyzers** section, select individual
   [SAST analyzers](analyzers.md) and enter custom analyzer values.
 1. Select **Create Merge Request**.
 1. Review and merge the merge request.

-NOTE:
-The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
-configuration file. If you have a complex GitLab configuration file it may not be parsed
-successfully, and an error may occur.
+Pipelines now include a SAST job.

 ### Overriding SAST jobs


--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -112,20 +112,19 @@ always take the latest Secret Detection artifact available.
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, deployed behind a feature flag, enabled by default.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/329886) in GitLab 14.1.

-To enable Secret Detection in a project, you can create a merge request
-from the Security Configuration page.
+NOTE:
+This method works best with no existing `.gitlab-ci.yml` file, or with a minimal configuration
+file. If you have a complex GitLab configuration file it may not be parsed successfully, and an
+error may occur.

-1. In the project where you want to enable Secret Detection, go to
-   **Security & Compliance > Configuration**.
-1. In the **Secret Detection** row, select **Configure with a merge request**.
+To enable Secret Detection in a project, you can create a merge request:

-This automatically creates a merge request with the changes necessary to enable Secret Detection
-that you can review and merge to complete the configuration.
+1. On the top bar, select **Menu > Projects** and find your project.
+1. On the left sidebar, select **Security & Compliance > Configuration**.
+1. In the **Secret Detection** row, select **Configure with a merge request**.
+1. Review and merge the merge request to enable Secret Detection.

-NOTE:
-The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
-configuration file. If you have a complex GitLab configuration file it may not be parsed
-successfully, and an error may occur.
+Pipelines now include a Secret Detection job.

 ### Customizing settings