Commit 7a939996 authored by Russell Dickenson's avatar Russell Dickenson

Merge branch 'tmccaslin-configuration-doc-edits' into 'master'

Fixes to configuration tool docs for SAST and Secret Detection

See merge request gitlab-org/gitlab!72320
parents a1ce1804 b5d31db0
...@@ -189,26 +189,60 @@ The results are saved as a ...@@ -189,26 +189,60 @@ The results are saved as a
that you can later download and analyze. Due to implementation limitations, we that you can later download and analyze. Due to implementation limitations, we
always take the latest SAST artifact available. always take the latest SAST artifact available.
### Configure SAST in the UI **(ULTIMATE)** ### Configure SAST in the UI
You can enable and configure SAST in the UI, either with default settings, or with customizations.
Use the method that best meets your needs.
- [Configure SAST in the UI with default settings](#configure-sast-in-the-ui-with-default-settings)
- [Configure SAST in the UI with customizations](#configure-sast-in-the-ui-with-customizations)
### Configure SAST in the UI with default settings **(FREE)**
> [Introduced](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#security-configuration-page-for-all-users) in GitLab 13.9
To enable and configure SAST with default settings:
1. On the top bar, select **Menu > Projects** and find your project.
1. On the left sidebar, select **Security & Compliance** > **Configuration**.
1. In the SAST section, select `Enable via MR`.
1. Review the draft MR that enables SAST with the default recommended settings in the
`.gitlab-ci.yml` file.
1. Merge the MR to enable SAST. You should see SAST jobs run in that MR's pipeline.
NOTE:
The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
configuration file. If you have a complex GitLab configuration file it may not be parsed
successfully, and an error may occur.
### Configure SAST in the UI with customizations **(ULTIMATE)**
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3. > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3.
> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab Ultimate 13.4. > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab Ultimate 13.4.
> - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab Ultimate 13.5. > - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab Ultimate 13.5.
You can enable and configure SAST with a basic configuration using the **SAST Configuration** To enable and configure SAST with customizations:
page:
1. From the project's home page, go to **Security & Compliance** > **Configuration** in the 1. On the top bar, select **Menu > Projects** and find your project.
left sidebar. 1. On the left sidebar, select **Security & Compliance > Configuration**.
1. If the project does not have a `.gitlab-ci.yml` file, click **Enable** in the Static Application Security Testing (SAST) row, otherwise click **Configure**. 1. If the project does not have a `.gitlab-ci.yml` file, select **Enable** in the Static Application
Security Testing (SAST) row, otherwise select **Configure**.
1. Enter the custom SAST values. 1. Enter the custom SAST values.
Custom values are stored in the `.gitlab-ci.yml` file. For CI/CD variables not in the SAST Configuration page, their values are left unchanged. Default values are inherited from the GitLab SAST template. Custom values are stored in the `.gitlab-ci.yml` file. For CI/CD variables not in the SAST
Configuration page, their values are left unchanged. Default values are inherited from the GitLab
SAST template.
1. Optionally, expand the **SAST analyzers** section, select individual [SAST analyzers](analyzers.md) and enter custom analyzer values. 1. Optionally, expand the **SAST analyzers** section, select individual
1. Click **Create Merge Request**. [SAST analyzers](analyzers.md) and enter custom analyzer values.
1. Select **Create Merge Request**.
1. Review and merge the merge request. 1. Review and merge the merge request.
NOTE:
The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
configuration file. If you have a complex GitLab configuration file it may not be parsed
successfully, and an error may occur.
### Customizing the SAST settings ### Customizing the SAST settings
The SAST settings can be changed through [CI/CD variables](#available-cicd-variables) The SAST settings can be changed through [CI/CD variables](#available-cicd-variables)
......
...@@ -138,7 +138,7 @@ The results are saved as a ...@@ -138,7 +138,7 @@ The results are saved as a
that you can later download and analyze. Due to implementation limitations, we that you can later download and analyze. Due to implementation limitations, we
always take the latest Secret Detection artifact available. always take the latest Secret Detection artifact available.
### Enable Secret Detection via an automatic merge request **(ULTIMATE SELF)** ### Enable Secret Detection via an automatic merge request **(FREE)**
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, behind a feature flag, enabled by default. > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, behind a feature flag, enabled by default.
> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/329886) in GitLab 14.1. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/329886) in GitLab 14.1.
...@@ -153,6 +153,11 @@ from the Security Configuration page. ...@@ -153,6 +153,11 @@ from the Security Configuration page.
This automatically creates a merge request with the changes necessary to enable Secret Detection This automatically creates a merge request with the changes necessary to enable Secret Detection
that you can review and merge to complete the configuration. that you can review and merge to complete the configuration.
NOTE:
The configuration tool works best with no existing `.gitlab-ci.yml` file, or with a minimal
configuration file. If you have a complex GitLab configuration file it may not be parsed
successfully, and an error may occur.
### Customizing settings ### Customizing settings
The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables) The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment