Document job success despite found vulns

1fe2eb9b · Katrin Leinweber · Russell Dickenson · 08d6b67f · 1fe2eb9b
Commit 1fe2eb9b authored Oct 21, 2020 by Katrin Leinweber Committed by Russell Dickenson Oct 21, 2020
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

doc/user/application_security/index.md doc/user/application_security/index.md +8 -0

No files found.
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -566,3 +566,11 @@ Additionally, we provide a dedicated project containing the versioned legacy tem
 This can be useful for offline setups or anyone wishing to use [Auto DevOps](../../topics/autodevops/index.md).

 Instructions are available in the [legacy template project](https://gitlab.com/gitlab-org/auto-devops-v12-10).
+
+#### Vulnerabilities are found, but the job succeeds. How can I have a pipeline fail instead?
+
+This is the current default behavior, because the job's status indicates success or failure of the analyzer itself.
+Analyzer results are displayed in the [job logs](../../ci/pipelines/#expand-and-collapse-job-log-sections),
+[Merge Request widget](sast/index.md#overview)
+or [Security Dashboard](security_dashboard/index.md).
+There is [an open issue](https://gitlab.com/gitlab-org/gitlab/-/issues/235772) in which changes to this behavior are being discussed.