Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
7bfb38e7
Commit
7bfb38e7
authored
Oct 26, 2021
by
Russell Dickenson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix style issues noted by Vale
parent
45da3d6d
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
21 additions
and
20 deletions
+21
-20
doc/user/application_security/index.md
doc/user/application_security/index.md
+21
-20
No files found.
doc/user/application_security/index.md
View file @
7bfb38e7
...
...
@@ -368,8 +368,8 @@ variables:
### Outdated security reports
When a security report generated for a merge request becomes outdated, the merge request shows a
warning
message in the security widget and prompts you to take an appropriate action.
When a security report generated for a merge request becomes outdated, the merge request shows a
warning
message in the security widget and prompts you to take an appropriate action.
This can happen in two scenarios:
...
...
@@ -378,18 +378,18 @@ This can happen in two scenarios:
#### Source branch is behind the target branch
This means the most recent common ancestor commit between the target branch and the source branch is
not the most recent commit on the target branch. This is by far the most common situation
.
A security report can be out of date when the most recent common ancestor commit between the
target branch and the source branch is not the most recent commit on the target branch
.
In this case you must
rebase or merge to incorporate the changes from the target branch.
To fix this issue,
rebase or merge to incorporate the changes from the target branch.
![
Incorporate target branch changes
](
img/outdated_report_branch_v12_9.png
)
#### Target branch security report is out of date
This can happen for many reasons, including failed jobs or new advisories. When the merge request
shows that a
security report is out of date, you must run a new pipeline on the target branch.
You can do it quickly by following the hyperlink given
to run a new pipeline.
This can happen for many reasons, including failed jobs or new advisories. When the merge request
s
hows that a s
ecurity report is out of date, you must run a new pipeline on the target branch.
Select
**new pipeline**
to run a new pipeline.
![
Run a new pipeline
](
img/outdated_report_pipeline_v12_9.png
)
...
...
@@ -406,6 +406,7 @@ Found errors in your .gitlab-ci.yml:
```
This error appears when the included job's stage (named
`test`
) isn't declared in
`.gitlab-ci.yml`
.
To fix this issue, you can either:
-
Add a
`test`
stage in your
`.gitlab-ci.yml`
.
...
...
@@ -439,12 +440,11 @@ All the security scanning tools define their stage, so this error can occur with
### Getting warning messages `… report.json: no matching files`
This is often followed by the
[
error `No files to upload`
](
../../ci/pipelines/job_artifacts.md#error-message-no-files-to-upload
)
,
and preceded by other errors or warnings that indicate why the JSON report wasn't generated. Please
check the entire job log for such messages. If you don't find these messages, retry the failed job
after setting
`SECURE_LOG_LEVEL: "debug"`
as a
[
custom CI/CD variable
](
../../ci/variables/index.md#custom-cicd-variables
)
.
This provides useful information to investigate further.
This message is often followed by the
[
error `No files to upload`
](
../../ci/pipelines/job_artifacts.md#error-message-no-files-to-upload
)
,
and preceded by other errors or warnings that indicate why the JSON report wasn't generated. Check
the entire job log for such messages. If you don't find these messages, retry the failed job after
setting
`SECURE_LOG_LEVEL: "debug"`
as a
[
custom CI/CD variable
](
../../ci/variables/index.md#custom-cicd-variables
)
.
This provides extra information to investigate further.
### Getting error message `sast job: config key may not be used with 'rules': only/except`
...
...
@@ -542,23 +542,24 @@ involve pinning to the previous template versions, for example:
```
Additionally, we provide a dedicated project containing the versioned legacy templates.
This can be use
ful
for offline setups or anyone wishing to use
[
Auto DevOps
](
../../topics/autodevops/index.md
)
.
This can be use
d
for offline setups or anyone wishing to use
[
Auto DevOps
](
../../topics/autodevops/index.md
)
.
Instructions are available in the
[
legacy template project
](
https://gitlab.com/gitlab-org/auto-devops-v12-10
)
.
#### Vulnerabilities are found, but the job succeeds. How can I have a pipeline fail instead?
This is the current default behavior, because the job's status indicates success or failure of the analyzer itself.
Analyzer results are displayed in the
[
job logs
](
../../ci/jobs/index.md#expand-and-collapse-job-log-sections
)
,
[
Merge Request widget
](
#view-security-scan-information-in-merge-requests
)
or
[
Security Dashboard
](
security_dashboard/index.md
)
.
In these circumstances, that the job succeeds is the default behavior. The job's status indicates
success or failure of the analyzer itself. Analyzer results are displayed in the
[
job logs
](
../../ci/jobs/index.md#expand-and-collapse-job-log-sections
)
,
[
Merge Request widget
](
#view-security-scan-information-in-merge-requests
)
or
[
Security Dashboard
](
security_dashboard/index.md
)
.
### Error: job `is used for configuration only, and its script should not be executed`
[
Changes made in GitLab 13.4
](
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/41260
)
to the
`Security/Dependency-Scanning.gitlab-ci.yml`
and
`Security/SAST.gitlab-ci.yml`
templates mean that if you enable the
`sast`
or
`dependency_scanning`
jobs by setting the
`rules`
attribute,
they
will
fail with the error
`(job) is used for configuration only, and its script should not be executed`
.
they fail with the error
`(job) is used for configuration only, and its script should not be executed`
.
The
`sast`
or
`dependency_scanning`
stanzas can be used to make changes to all SAST or Dependency Scanning,
such as changing
`variables`
or the
`stage`
, but they cannot be used to define shared
`rules`
.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment