Commit 6a18c72b authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'docs-compliance' into 'master'

Refactoring compliance docs

See merge request gitlab-org/gitlab!25735
parents 258a3366 acef3447
...@@ -359,14 +359,14 @@ The following documentation relates to the DevOps **Secure** stage: ...@@ -359,14 +359,14 @@ The following documentation relates to the DevOps **Secure** stage:
| Secure Topics | Description | | Secure Topics | Description |
|:------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------| |:------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------|
| [Compliance Dashboard](user/application_security/compliance_dashboard/index.md) **(ULTIMATE)** | View the most recent Merge Request activity in a group. | | [Compliance Dashboard](user/compliance/compliance_dashboard/index.md) **(ULTIMATE)** | View the most recent Merge Request activity in a group. |
| [Container Scanning](user/application_security/container_scanning/index.md) **(ULTIMATE)** | Use Clair to scan docker images for known vulnerabilities. | | [Container Scanning](user/application_security/container_scanning/index.md) **(ULTIMATE)** | Use Clair to scan docker images for known vulnerabilities. |
| [Dependency List](user/application_security/dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. | | [Dependency List](user/application_security/dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. |
| [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. | | [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. | | [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. |
| [Group Security Dashboard](user/application_security/security_dashboard/index.md#group-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. | | [Group Security Dashboard](user/application_security/security_dashboard/index.md#group-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. |
| [Instance Security Dashboard](user/application_security/security_dashboard/index.md#instance-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects you're interested in. | | [Instance Security Dashboard](user/application_security/security_dashboard/index.md#instance-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects you're interested in. |
| [License Compliance](user/application_security/license_compliance/index.md) **(ULTIMATE)** | Search your project's dependencies for their licenses. | | [License Compliance](user/compliance/license_compliance/index.md) **(ULTIMATE)** | Search your project's dependencies for their licenses. |
| [Pipeline Security Dashboard](user/application_security/security_dashboard/index.md#pipeline-security-dashboard) **(ULTIMATE)** | View the security reports for your project's pipelines. | | [Pipeline Security Dashboard](user/application_security/security_dashboard/index.md#pipeline-security-dashboard) **(ULTIMATE)** | View the security reports for your project's pipelines. |
| [Project Security Dashboard](user/application_security/security_dashboard/index.md#project-security-dashboard) **(ULTIMATE)** | View the latest security reports for your project. | | [Project Security Dashboard](user/application_security/security_dashboard/index.md#project-security-dashboard) **(ULTIMATE)** | View the latest security reports for your project. |
| [Static Application Security Testing (SAST)](user/application_security/sast/index.md) **(ULTIMATE)** | Analyze source code for known vulnerabilities. | | [Static Application Security Testing (SAST)](user/application_security/sast/index.md) **(ULTIMATE)** | Analyze source code for known vulnerabilities. |
......
...@@ -133,7 +133,7 @@ Its feature set is listed on the table below according to DevOps stages. ...@@ -133,7 +133,7 @@ Its feature set is listed on the table below according to DevOps stages.
| **Secure** || | **Secure** ||
| [Container Scanning](../user/application_security/container_scanning/index.md) **(ULTIMATE)** | Check your Docker containers for known vulnerabilities.| | [Container Scanning](../user/application_security/container_scanning/index.md) **(ULTIMATE)** | Check your Docker containers for known vulnerabilities.|
| [Dependency Scanning](../user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. | | [Dependency Scanning](../user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [License Compliance](../user/application_security/license_compliance/index.md) **(ULTIMATE)** | Search your project dependencies for their licenses. | | [License Compliance](../user/compliance/license_compliance/index.md) **(ULTIMATE)** | Search your project dependencies for their licenses. |
| [Security Test reports](../user/application_security/index.md) **(ULTIMATE)** | Check for app vulnerabilities. | | [Security Test reports](../user/application_security/index.md) **(ULTIMATE)** | Check for app vulnerabilities. |
## Examples ## Examples
......
--- ---
redirect_to: '../../user/application_security/license_compliance/index.md' redirect_to: '../../user/compliance/license_compliance/index.md'
--- ---
This document was moved to [another location](../../user/application_security/license_compliance/index.md). This document was moved to [another location](../../user/compliance/license_compliance/index.md).
...@@ -2268,7 +2268,7 @@ introduced in GitLab 12.8. ...@@ -2268,7 +2268,7 @@ introduced in GitLab 12.8.
> Introduced in GitLab 11.5. Requires GitLab Runner 11.5 and above. > Introduced in GitLab 11.5. Requires GitLab Runner 11.5 and above.
The `license_management` report collects [Licenses](../../user/application_security/license_compliance/index.md) The `license_management` report collects [Licenses](../../user/compliance/license_compliance/index.md)
as artifacts. as artifacts.
The collected License Compliance report will be uploaded to GitLab as an artifact and will The collected License Compliance report will be uploaded to GitLab as an artifact and will
...@@ -2279,7 +2279,7 @@ dashboards. It is not available for download through the web interface. ...@@ -2279,7 +2279,7 @@ dashboards. It is not available for download through the web interface.
> Introduced in GitLab 12.8. Requires GitLab Runner 11.5 and above. > Introduced in GitLab 12.8. Requires GitLab Runner 11.5 and above.
The `license_scanning` report collects [Licenses](../../user/application_security/license_compliance/index.md) The `license_scanning` report collects [Licenses](../../user/compliance/license_compliance/index.md)
as artifacts. as artifacts.
The License Compliance report will be uploaded to GitLab as an artifact and will The License Compliance report will be uploaded to GitLab as an artifact and will
......
...@@ -109,7 +109,7 @@ become available, you will be able to share job templates like this ...@@ -109,7 +109,7 @@ become available, you will be able to share job templates like this
Dependencies should be kept to the minimum. The introduction of a new Dependencies should be kept to the minimum. The introduction of a new
dependency should be argued in the merge request, as per our [Approval dependency should be argued in the merge request, as per our [Approval
Guidelines](../code_review.md#approval-guidelines). Both [License Guidelines](../code_review.md#approval-guidelines). Both [License
Management](../../user/application_security/license_compliance/index.md) Management](../../user/compliance/license_compliance/index.md)
**(ULTIMATE)** and [Dependency **(ULTIMATE)** and [Dependency
Scanning](../../user/application_security/dependency_scanning/index.md) Scanning](../../user/application_security/dependency_scanning/index.md)
**(ULTIMATE)** should be activated on all projects to ensure new dependencies **(ULTIMATE)** should be activated on all projects to ensure new dependencies
......
...@@ -474,7 +474,7 @@ report is created, it's uploaded as an artifact which you can later download and ...@@ -474,7 +474,7 @@ report is created, it's uploaded as an artifact which you can later download and
check out. check out.
Any licenses are also shown in the merge request widget. Read more how Any licenses are also shown in the merge request widget. Read more how
[License Compliance works](../../user/application_security/license_compliance/index.md). [License Compliance works](../../user/compliance/license_compliance/index.md).
### Auto Container Scanning **(ULTIMATE)** ### Auto Container Scanning **(ULTIMATE)**
......
--- ---
type: reference, howto redirect_to: '../../compliance/compliance_dashboard/index.md'
--- ---
# Compliance Dashboard **(ULTIMATE)** This document was moved to [another location](../../compliance/compliance_dashboard/index.md).
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/36524) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.8.
The Compliance Dashboard gives you the ability to see a group's Merge Request activity
by providing a high-level view for all projects in the group. For example, code approved
for merging into production.
## Overview
To access the Compliance Dashboard for a group, navigate to **{shield}** **Security & Compliance > Compliance** on the group's menu.
![Compliance Dashboard](img/compliance_dashboard_v12_8.png)
## Use cases
This feature is for people who care about the compliance status of projects within their group.
You can use the dashboard to:
- Get an overview of the latest Merge Request for each project.
- See if Merge Requests were approved and by whom.
## Permissions
- On [GitLab Ultimate](https://about.gitlab.com/pricing/) tier.
- By **Administrators** and **Group Owners**.
...@@ -48,8 +48,8 @@ vulnerability will then be displayed below it. ...@@ -48,8 +48,8 @@ vulnerability will then be displayed below it.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/10536) in GitLab Ultimate 12.3. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/10536) in GitLab Ultimate 12.3.
If the [License Compliance](../license_compliance/index.md) CI job is configured, If the [License Compliance](../../compliance/license_compliance/index.md) CI job is configured,
the [discovered licenses](../license_compliance/index.md#supported-languages-and-package-managers) will be displayed on this page. the [discovered licenses](../../compliance/license_compliance/index.md#supported-languages-and-package-managers) will be displayed on this page.
## Downloading the Dependency List ## Downloading the Dependency List
......
...@@ -19,12 +19,10 @@ GitLab uses the following tools to scan and report known vulnerabilities found i ...@@ -19,12 +19,10 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
| Secure scanning tool | Description | | Secure scanning tool | Description |
|:-----------------------------------------------------------------------------|:-----------------------------------------------------------------------| |:-----------------------------------------------------------------------------|:-----------------------------------------------------------------------|
| [Compliance Dashboard](compliance_dashboard/index.md) **(ULTIMATE)** | View the most recent Merge Request activity in a group. |
| [Container Scanning](container_scanning/index.md) **(ULTIMATE)** | Scan Docker containers for known vulnerabilities. | | [Container Scanning](container_scanning/index.md) **(ULTIMATE)** | Scan Docker containers for known vulnerabilities. |
| [Dependency List](dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. | | [Dependency List](dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. |
| [Dependency Scanning](dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. | | [Dependency Scanning](dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [Dynamic Application Security Testing (DAST)](dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. | | [Dynamic Application Security Testing (DAST)](dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. |
| [License Compliance](license_compliance/index.md) **(ULTIMATE)** | Search your project's dependencies for their licenses. |
| [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)** | View vulnerabilities in all your projects and groups. | | [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)** | View vulnerabilities in all your projects and groups. |
| [Static Application Security Testing (SAST)](sast/index.md) **(ULTIMATE)** | Analyze source code for known vulnerabilities. | | [Static Application Security Testing (SAST)](sast/index.md) **(ULTIMATE)** | Analyze source code for known vulnerabilities. |
...@@ -185,7 +183,7 @@ with the number of approvals required greater than zero. ...@@ -185,7 +183,7 @@ with the number of approvals required greater than zero.
Once this group is added to your project, the approval rule is enabled for all Merge Requests. To Once this group is added to your project, the approval rule is enabled for all Merge Requests. To
configure how this rule behaves, you can choose which licenses to `approve` or `blacklist` in the configure how this rule behaves, you can choose which licenses to `approve` or `blacklist` in the
[project policies for License Compliance](license_compliance/index.md#project-policies-for-license-compliance) [project policies for License Compliance](../compliance/license_compliance/index.md#project-policies-for-license-compliance)
section. section.
Any code changes cause the approvals required to reset. Any code changes cause the approvals required to reset.
......
--- ---
redirect_to: ../license_compliance/index.md redirect_to: ../../compliance/license_compliance/index.md
--- ---
This document was moved to [another location](../license_compliance/index.md). This document was moved to [another location](../../compliance/license_compliance/index.md).
---
type: reference, howto
---
# Compliance Dashboard **(ULTIMATE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/36524) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.8.
The Compliance Dashboard gives you the ability to see a group's Merge Request activity
by providing a high-level view for all projects in the group. For example, code approved
for merging into production.
## Overview
To access the Compliance Dashboard for a group, navigate to **{shield}** **Security & Compliance > Compliance** on the group's menu.
![Compliance Dashboard](img/compliance_dashboard_v12_8.png)
## Use cases
This feature is for people who care about the compliance status of projects within their group.
You can use the dashboard to:
- Get an overview of the latest Merge Request for each project.
- See if Merge Requests were approved and by whom.
## Permissions
- On [GitLab Ultimate](https://about.gitlab.com/pricing/) tier.
- By **Administrators** and **Group Owners**.
# Compliance **(ULTIMATE)**
The compliance tools provided by GitLab let you keep an eye on various aspects of your project. The
following compliance tools are available:
- [Compliance Dashboard](compliance_dashboard/index.md): View recent merge request activity across
all projects in a group. This lets you see if merge requests were approved, and by whom.
- [License Compliance](license_compliance/index.md): Search your project's dependencies for their
licenses. This lets you determine if the licenses of your project's dependencies are compatible
with your project's license.
This diff is collapsed.
...@@ -100,7 +100,7 @@ When you create a project in GitLab, you'll have access to a large number of ...@@ -100,7 +100,7 @@ When you create a project in GitLab, you'll have access to a large number of
- [Maven packages](../packages/maven_repository/index.md): your private Maven repository in GitLab. **(PREMIUM)** - [Maven packages](../packages/maven_repository/index.md): your private Maven repository in GitLab. **(PREMIUM)**
- [NPM packages](../packages/npm_registry/index.md): your private NPM package registry in GitLab. **(PREMIUM)** - [NPM packages](../packages/npm_registry/index.md): your private NPM package registry in GitLab. **(PREMIUM)**
- [Code owners](code_owners.md): specify code owners for certain files **(STARTER)** - [Code owners](code_owners.md): specify code owners for certain files **(STARTER)**
- [License Compliance](../application_security/license_compliance/index.md): approve and blacklist licenses for projects. **(ULTIMATE)** - [License Compliance](../compliance/license_compliance/index.md): approve and blacklist licenses for projects. **(ULTIMATE)**
- [Dependency List](../application_security/dependency_list/index.md): view project dependencies. **(ULTIMATE)** - [Dependency List](../application_security/dependency_list/index.md): view project dependencies. **(ULTIMATE)**
### Project integrations ### Project integrations
......
...@@ -21,7 +21,7 @@ A. Consider you are a software developer working in a team: ...@@ -21,7 +21,7 @@ A. Consider you are a software developer working in a team:
1. You gather feedback from your team 1. You gather feedback from your team
1. You work on the implementation optimizing code with [Code Quality reports](code_quality.md) **(STARTER)** 1. You work on the implementation optimizing code with [Code Quality reports](code_quality.md) **(STARTER)**
1. You verify your changes with [JUnit test reports](../../../ci/junit_test_reports.md) in GitLab CI/CD 1. You verify your changes with [JUnit test reports](../../../ci/junit_test_reports.md) in GitLab CI/CD
1. You avoid using dependencies whose license is not compatible with your project with [License Compliance reports](../../application_security/license_compliance/index.md) **(ULTIMATE)** 1. You avoid using dependencies whose license is not compatible with your project with [License Compliance reports](../../compliance/license_compliance/index.md) **(ULTIMATE)**
1. You request the [approval](merge_request_approvals.md) from your manager **(STARTER)** 1. You request the [approval](merge_request_approvals.md) from your manager **(STARTER)**
1. Your manager: 1. Your manager:
1. Pushes a commit with their final review 1. Pushes a commit with their final review
...@@ -97,6 +97,7 @@ or link to useful information directly in the merge request page: ...@@ -97,6 +97,7 @@ or link to useful information directly in the merge request page:
| [Display arbitrary job artifacts](../../../ci/yaml/README.md#artifactsexpose_as) | Configure CI pipelines with the `artifacts:expose_as` parameter to directly link to selected [artifacts](../pipelines/job_artifacts.md) in merge requests. | | [Display arbitrary job artifacts](../../../ci/yaml/README.md#artifactsexpose_as) | Configure CI pipelines with the `artifacts:expose_as` parameter to directly link to selected [artifacts](../pipelines/job_artifacts.md) in merge requests. |
| [GitLab CI/CD](../../../ci/README.md) | Build, test, and deploy your code in a per-branch basis with built-in CI/CD. | | [GitLab CI/CD](../../../ci/README.md) | Build, test, and deploy your code in a per-branch basis with built-in CI/CD. |
| [JUnit test reports](../../../ci/junit_test_reports.md) | Configure your CI jobs to use JUnit test reports, and let GitLab display a report on the merge request so that it’s easier and faster to identify the failure without having to check the entire job log. | | [JUnit test reports](../../../ci/junit_test_reports.md) | Configure your CI jobs to use JUnit test reports, and let GitLab display a report on the merge request so that it’s easier and faster to identify the failure without having to check the entire job log. |
| [License Compliance](../../compliance/license_compliance/index.md) **(ULTIMATE)** | Manage the licenses of your dependencies. |
| [Metrics Reports](../../../ci/metrics_reports.md) **(PREMIUM)** | Display the Metrics Report on the merge request so that it's fast and easy to identify changes to important metrics. | | [Metrics Reports](../../../ci/metrics_reports.md) **(PREMIUM)** | Display the Metrics Report on the merge request so that it's fast and easy to identify changes to important metrics. |
| [Multi-Project pipelines](../../../ci/multi_project_pipelines.md) **(PREMIUM)** | When you set up GitLab CI/CD across multiple projects, you can visualize the entire pipeline, including all cross-project interdependencies. | | [Multi-Project pipelines](../../../ci/multi_project_pipelines.md) **(PREMIUM)** | When you set up GitLab CI/CD across multiple projects, you can visualize the entire pipeline, including all cross-project interdependencies. |
| [Pipelines for merge requests](../../../ci/merge_request_pipelines/index.md) | Customize a specific pipeline structure for merge requests in order to speed the cycle up by running only important jobs. | | [Pipelines for merge requests](../../../ci/merge_request_pipelines/index.md) | Customize a specific pipeline structure for merge requests in order to speed the cycle up by running only important jobs. |
...@@ -112,7 +113,6 @@ generated by scanning and reporting any vulnerabilities found in your project: ...@@ -112,7 +113,6 @@ generated by scanning and reporting any vulnerabilities found in your project:
| [Container Scanning](../../application_security/container_scanning/index.md) | Analyze your Docker images for known vulnerabilities. | | [Container Scanning](../../application_security/container_scanning/index.md) | Analyze your Docker images for known vulnerabilities. |
| [Dynamic Application Security Testing (DAST)](../../application_security/dast/index.md) | Analyze your running web applications for known vulnerabilities. | | [Dynamic Application Security Testing (DAST)](../../application_security/dast/index.md) | Analyze your running web applications for known vulnerabilities. |
| [Dependency Scanning](../../application_security/dependency_scanning/index.md) | Analyze your dependencies for known vulnerabilities. | | [Dependency Scanning](../../application_security/dependency_scanning/index.md) | Analyze your dependencies for known vulnerabilities. |
| [License Compliance](../../application_security/license_compliance/index.md) | Manage the licenses of your dependencies. |
| [Static Application Security Testing (SAST)](../../application_security/sast/index.md) | Analyze your source code for known vulnerabilities. | | [Static Application Security Testing (SAST)](../../application_security/sast/index.md) | Analyze your source code for known vulnerabilities. |
## Authorization for merge requests ## Authorization for merge requests
......
--- ---
redirect_to: '../../application_security/license_compliance/index.md' redirect_to: '../../compliance/license_compliance/index.md'
--- ---
This document was moved to [another location](../../application_security/license_compliance/index.md). This document was moved to [another location](../../compliance/license_compliance/index.md).
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment