@@ -11,9 +11,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
...
@@ -11,9 +11,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)**
> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)**
> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)**
> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)**
> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
> - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2.
WARNING:
This feature might not be available to you. Check the **version history** note above for details.
The Security Configuration page displays what security scans are available, links to documentation and also simple enablement tools for the current project.
The Security Configuration page displays what security scans are available, links to documentation and also simple enablement tools for the current project.
...
@@ -22,35 +20,37 @@ then in the left sidebar go to **Security & Compliance > Configuration**.
...
@@ -22,35 +20,37 @@ then in the left sidebar go to **Security & Compliance > Configuration**.
For each security control the page displays:
For each security control the page displays:
-**Security Control:** Name, description, and a documentation link.
- Its name, description and a documentation link.
-**Manage:** A management option or a documentation link.
- Whether or not it is available.
- A configuration button or a link to its configuration guide.
## UI redesign
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.0 for GitLab Free and Premium, behind a feature flag, disabled by default.
> - Enabled on GitLab.com for Free & Premium.
> - Recommended for production use.
> - It can be enabled or disabled for a single project.
> - To use in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-ui-redesign). **(FREE SELF)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/333109) in 14.1 for GitLab Ultimate, behind a feature flag, disabled by default.
> - Disabled on GitLab.com.
> - Not recommended for production use.
> - It can be enabled or disabled for a single project.
> - To use in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-ui-redesign-for-ultimate). **(ULTIMATE SELF)**
WARNING:
## Security testing
This feature might not be available to you. Check the **version history** note above for details.
The Security Configuration page has been redesigned in GitLab Free and Premium.
You can configure the following security controls:
The same functionality exists as before, but presented in a more extensible
way.
For each security control the page displays:
- Auto DevOps
- Click **Enable Auto DevOps** on the alert to enable it for the current project. For more details, see [Auto DevOps](../../../topics/autodevops/index.md).
- SAST
- Click **Enable SAST** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
- DAST **(ULTIMATE)**
- Click **Enable DAST** to use DAST for the current Project. To manage the available DAST profiles used for on-demand scans Click **Manage Scans**. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans).
- Dependency Scanning **(ULTIMATE)**
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
- Its name, description and a documentation link.
- Container Scanning **(ULTIMATE)**
- Whether or not it is available.
- Can be configured via `.gitlab-ci.yml`. For more details, see [Container Scanning](../../../user/application_security/container_scanning/index.md#configuration).
- A configuration button or a link to its configuration guide.
- Cluster Image Scanning **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see [Cluster Image Scanning](../../../user/application_security/cluster_image_scanning/#configuration).
- Secret Detection
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Secret Detection. For more details, see [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
- API Fuzzing **(ULTIMATE)**
- Click **Enable API Fuzzing** to use API Fuzzing for the current Project. For more details, see [API Fuzzing](../../../user/application_security/api_fuzzing/index.md#enable-web-api-fuzzing).
- Coverage Fuzzing **(ULTIMATE)**
- Can be configured via `.gitlab-ci.yml`. For more details, see [Coverage Fuzzing](../../../user/application_security/coverage_fuzzing/index.md#configuration).
## Status **(ULTIMATE)**
## Status **(ULTIMATE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6.
...
@@ -63,71 +63,11 @@ _enabled_.
...
@@ -63,71 +63,11 @@ _enabled_.
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
all security features are configured by default.
all security features are configured by default.
For SAST, click **View history** to see the `.gitlab-ci.yml` file's history.
Click **View history** to see the `.gitlab-ci.yml` file's history.
## Manage **(ULTIMATE)**
## Compliance **(ULTIMATE)**
You can configure the following security controls:
You can configure the following security controls:
- Auto DevOps
- License Compliance **(ULTIMATE)**
- Click **Enable Auto DevOps** to enable it for the current project. For more details, see [Auto DevOps](../../../topics/autodevops/index.md).
- Can be configured via `.gitlab-ci.yml`. For more details, see [License Compliance](../../../user/compliance/license_compliance/index.md#configuration).
- SAST
- Click either **Enable** or **Configure** to use SAST for the current project. For more details, see [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
- DAST Profiles
- Click **Manage** to manage the available DAST profiles used for on-demand scans. For more details, see [DAST on-demand scans](../dast/index.md#on-demand-scans).
- Secret Detection
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Secret Detection. For more details, see [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
- Dependency Scanning
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
## Enable or disable UI redesign **(FREE SELF)**
The Security Configuration redesign is under development, but is ready for
production use. It is deployed behind a feature flag that is **disabled by
default**.
[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) can enable it.
'Several security scans are enabled because %{linkStart}Auto DevOps%{linkEnd} is enabled on this project',
)
:__(
`The status of the table below only applies to the default branch and is based on the %{linkStart}latest pipeline%{linkEnd}. Once you've enabled a scan for the default branch, any subsequent feature branch you create will include the scan.`,
__('Automatically create merge requests for vulnerabilities that have fixes available.')
}}
<template#help>{{__('Available for dependency and container scanning')}}</template>
</gl-form-checkbox>
<footerclass="gl-bg-blue-100 gl-px-5 gl-py-3">
<gl-sprintf
:message="
__(
'%{containerScanningLinkStart}Container Scanning%{containerScanningLinkEnd} and/or %{dependencyScanningLinkStart}Dependency Scanning%{dependencyScanningLinkEnd} must be enabled. %{securityBotLinkStart}GitLab-Security-Bot%{securityBotLinkEnd} will be the author of the auto-created merge request. %{moreInfoLinkStart}More information%{moreInfoLinkEnd}.',
'given gitlabCiPresent is $gitlabCiPresent, autoDevopsEnabled is $autoDevopsEnabled, dismissed is $dismissed, canEnableAutoDevops is $canEnableAutoDevops',
msgid "%{completedWeight} of %{totalWeight} weight completed"
msgid "%{completedWeight} of %{totalWeight} weight completed"
msgstr ""
msgstr ""
msgid "%{containerScanningLinkStart}Container Scanning%{containerScanningLinkEnd} and/or %{dependencyScanningLinkStart}Dependency Scanning%{dependencyScanningLinkEnd} must be enabled. %{securityBotLinkStart}GitLab-Security-Bot%{securityBotLinkEnd} will be the author of the auto-created merge request. %{moreInfoLinkStart}More information%{moreInfoLinkEnd}."
msgstr ""
msgid "%{cores} cores"
msgid "%{cores} cores"
msgstr ""
msgstr ""
...
@@ -4896,9 +4893,6 @@ msgstr ""
...
@@ -4896,9 +4893,6 @@ msgstr ""
msgid "Automatically close associated incident when a recovery alert notification resolves an alert"
msgid "Automatically close associated incident when a recovery alert notification resolves an alert"
msgstr ""
msgstr ""
msgid "Automatically create merge requests for vulnerabilities that have fixes available."
msgstr ""
msgid "Automatically resolved"
msgid "Automatically resolved"
msgstr ""
msgstr ""
...
@@ -4914,9 +4908,6 @@ msgstr ""
...
@@ -4914,9 +4908,6 @@ msgstr ""
msgid "Available ID"
msgid "Available ID"
msgstr ""
msgstr ""
msgid "Available for dependency and container scanning"
msgstr ""
msgid "Available group runners: %{runners}"
msgid "Available group runners: %{runners}"
msgstr ""
msgstr ""
...
@@ -29235,12 +29226,6 @@ msgstr ""
...
@@ -29235,12 +29226,6 @@ msgstr ""
msgid "SecurityConfiguration|An error occurred while creating the merge request."
msgid "SecurityConfiguration|An error occurred while creating the merge request."
msgstr ""
msgstr ""
msgid "SecurityConfiguration|Available for on-demand DAST"
msgstr ""
msgid "SecurityConfiguration|Available with %{linkStart}upgrade or free trial%{linkEnd}"
msgstr ""
msgid "SecurityConfiguration|Available with Ultimate"
msgid "SecurityConfiguration|Available with Ultimate"
msgid "SecurityConfiguration|Customize common SAST settings to suit your requirements. Configuration changes made here override those provided by GitLab and are excluded from updates. For details of more advanced configuration options, see the %{linkStart}GitLab SAST documentation%{linkEnd}."
msgid "SecurityConfiguration|Customize common SAST settings to suit your requirements. Configuration changes made here override those provided by GitLab and are excluded from updates. For details of more advanced configuration options, see the %{linkStart}GitLab SAST documentation%{linkEnd}."
msgstr ""
msgstr ""
msgid "SecurityConfiguration|Enable"
msgstr ""
msgid "SecurityConfiguration|Enable %{feature}"
msgid "SecurityConfiguration|Enable %{feature}"
msgstr ""
msgstr ""
...
@@ -29292,30 +29271,18 @@ msgstr ""
...
@@ -29292,30 +29271,18 @@ msgstr ""
msgid "SecurityConfiguration|Enabled"
msgid "SecurityConfiguration|Enabled"
msgstr ""
msgstr ""
msgid "SecurityConfiguration|Enabled with Auto DevOps"
msgstr ""
msgid "SecurityConfiguration|Feature documentation for %{featureName}"
msgstr ""
msgid "SecurityConfiguration|High-level vulnerability statistics across projects and groups"
msgid "SecurityConfiguration|High-level vulnerability statistics across projects and groups"
msgstr ""
msgstr ""
msgid "SecurityConfiguration|Immediately begin risk analysis and remediation with application security features. Start with SAST and Secret Detection, available to all plans. Upgrade to Ultimate to get all features, including:"
msgid "SecurityConfiguration|Immediately begin risk analysis and remediation with application security features. Start with SAST and Secret Detection, available to all plans. Upgrade to Ultimate to get all features, including:"
msgstr ""
msgstr ""
msgid "SecurityConfiguration|Manage"
msgstr ""
msgid "SecurityConfiguration|Manage profiles for use by DAST scans."
msgid "SecurityConfiguration|Manage profiles for use by DAST scans."
msgstr ""
msgstr ""
msgid "SecurityConfiguration|Manage scans"
msgid "SecurityConfiguration|Manage scans"
msgstr ""
msgstr ""
msgid "SecurityConfiguration|More information"
msgstr ""
msgid "SecurityConfiguration|More scan types, including Container Scanning, DAST, Dependency Scanning, Fuzzing, and Licence Compliance"
msgid "SecurityConfiguration|More scan types, including Container Scanning, DAST, Dependency Scanning, Fuzzing, and Licence Compliance"
msgid "SecurityConfiguration|The status of the tools only applies to the default branch and is based on the %{linkStart}latest pipeline%{linkEnd}."
msgid "SecurityConfiguration|The status of the tools only applies to the default branch and is based on the %{linkStart}latest pipeline%{linkEnd}."
msgstr ""
msgstr ""
...
@@ -29361,15 +29319,9 @@ msgstr ""
...
@@ -29361,15 +29319,9 @@ msgstr ""
msgid "SecurityConfiguration|Using custom settings. You won't receive automatic updates on this variable. %{anchorStart}Restore to default%{anchorEnd}"
msgid "SecurityConfiguration|Using custom settings. You won't receive automatic updates on this variable. %{anchorStart}Restore to default%{anchorEnd}"
msgstr ""
msgstr ""
msgid "SecurityConfiguration|View history"
msgstr ""
msgid "SecurityConfiguration|Vulnerability details and statistics in the merge request"
msgid "SecurityConfiguration|Vulnerability details and statistics in the merge request"
msgstr ""
msgstr ""
msgid "SecurityConfiguration|You can quickly enable all security scanning tools by enabling %{linkStart}Auto DevOps%{linkEnd}."
msgstr ""
msgid "SecurityOrchestration|An error occurred assigning your security policy project"
msgid "SecurityOrchestration|An error occurred assigning your security policy project"
msgstr ""
msgstr ""
...
@@ -30339,9 +30291,6 @@ msgstr ""
...
@@ -30339,9 +30291,6 @@ msgstr ""
msgid "Setup"
msgid "Setup"
msgstr ""
msgstr ""
msgid "Several security scans are enabled because %{linkStart}Auto DevOps%{linkEnd} is enabled on this project"
msgstr ""
msgid "Severity"
msgid "Severity"
msgstr ""
msgstr ""
...
@@ -30961,9 +30910,6 @@ msgstr ""
...
@@ -30961,9 +30910,6 @@ msgstr ""
msgid "Something went wrong while stopping this environment. Please try again."
msgid "Something went wrong while stopping this environment. Please try again."
msgstr ""
msgstr ""
msgid "Something went wrong while toggling auto-fix settings, please try again later."
msgstr ""
msgid "Something went wrong while updating a requirement."
msgid "Something went wrong while updating a requirement."
msgstr ""
msgstr ""
...
@@ -31921,15 +31867,9 @@ msgstr ""
...
@@ -31921,15 +31867,9 @@ msgstr ""
msgid "Suggest code changes which can be immediately applied in one click. Try it out!"
msgid "Suggest code changes which can be immediately applied in one click. Try it out!"
msgstr ""
msgstr ""
msgid "Suggested Solutions"
msgstr ""
msgid "Suggested change"
msgid "Suggested change"
msgstr ""
msgstr ""
msgid "Suggested solutions help link"
msgstr ""
msgid "SuggestedColors|Aztec Gold"
msgid "SuggestedColors|Aztec Gold"
msgstr ""
msgstr ""
...
@@ -33202,9 +33142,6 @@ msgstr ""
...
@@ -33202,9 +33142,6 @@ msgstr ""
msgid "The start date must be ealier than the end date."
msgid "The start date must be ealier than the end date."
msgstr ""
msgstr ""
msgid "The status of the table below only applies to the default branch and is based on the %{linkStart}latest pipeline%{linkEnd}. Once you've enabled a scan for the default branch, any subsequent feature branch you create will include the scan."
msgstr ""
msgid "The subject will be used as the title of the new issue, and the message will be the description. %{quickActionsLinkStart}Quick actions%{quickActionsLinkEnd} and styling with %{markdownLinkStart}Markdown%{markdownLinkEnd} are supported."
msgid "The subject will be used as the title of the new issue, and the message will be the description. %{quickActionsLinkStart}Quick actions%{quickActionsLinkEnd} and styling with %{markdownLinkStart}Markdown%{markdownLinkEnd} are supported."