Fix spelling issues in documentation

Take care of more spelling issues: edit the words, put them in code
tags, or add them to the spelling exceptions list.

doc/.vale/gitlab/spelling-exceptions.txt

@@ -70,6 +70,7 @@ burstable
 cacheable
 callstack
 callstacks
+Camo
 CentOS
 Certbot
 changeset
@@ -105,6 +106,7 @@ crosslinks
 Crossplane
 CrowdIn
 CSV
+cybersecurity
 Dangerfile
 datetime
 Debian
@@ -129,6 +131,7 @@ dequarantined
 dequarantining
 DevOps
 discoverability
+dismissable
 Disqus
 Divio
 Dockerfile
@@ -233,6 +236,7 @@ issuables
 Istio
 Jaeger
 jasmine-jquery
+Javafuzz
 JavaScript
 Jenkins
 Jenkinsfile
@@ -251,6 +255,7 @@ keytab
 keytabs
 Kibana
 Kinesis
+Klar
 Knative
 Kramdown
 Kroki
@@ -263,6 +268,7 @@ Laravel
 ldapsearch
 Lefthook
 Leiningen
+libFuzzer
 Libravatar
 liveness
 Lograge
@@ -479,6 +485,7 @@ serverless
 sharding
 shfmt
 Shibboleth
+Shopify
 Sidekiq
 Silverlight
 Sisense
@@ -553,7 +560,10 @@ transpile
 transpiles
 transpiling
 Trello
+triaged
+triages
 triaging
+Truststore
 Twilio
 Twitter
 TypeScript
@@ -586,6 +596,8 @@ unindexed
 unlink
 unlinking
 unlinks
+unmappable
+unmapped
 unmergeable
 unmerged
 unmerges
@@ -595,6 +607,7 @@ unoptimize
 unoptimized
 unoptimizes
 unoptimizing
+unpatched
 unprioritized
 unprotect
 unprotected

doc/integration/jira_development_panel.md

@@ -173,26 +173,26 @@ If there was an issue with SSL/TLS, this error message is generated.
   as GitLab is the TLS client.
 - The Jira Development Panel integration requires Jira to connect to GitLab, which
   causes Jira to be the TLS client. If your GitLab server's certificate is not
-  issued by a public certificate authority, the Java truststore on Jira's server
+  issued by a public certificate authority, the Java Truststore on Jira's server
   needs to have the appropriate certificate added to it (such as your organization's
   root certificate).
 
 Refer to Atlassian's documentation and Atlassian Support for assistance setting up Jira correctly:
 
 - [Adding a certificate to the trust store](https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html).
-  - Simplest approach is to use [keytool](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html).
-  - Add additional roots to Java's default truststore (`cacerts`) to allow Jira to
+  - Simplest approach is to use [`keytool`](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html).
+  - Add additional roots to Java's default Truststore (`cacerts`) to allow Jira to
     also trust public certificate authorities.
   - If the integration stops working after upgrading Jira's Java runtime, this
-    might be because the `cacerts` truststore got replaced.
+    might be because the `cacerts` Truststore got replaced.
 
 - [Troubleshooting connectivity up to and including TLS handshaking](https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html),
   using the a java class called `SSLPoke`.
 
-- Download the class from Atlassian's knowledgebase to Jira's server, for example to `/tmp`.
+- Download the class from Atlassian's knowledge base to Jira's server, for example to `/tmp`.
 - Use the same Java runtime as Jira.
 - Pass all networking-related parameters that Jira is called with, such as proxy
-  settings or an alternative root truststore (`-Djavax.net.ssl.trustStore`):
+  settings or an alternative root Truststore (`-Djavax.net.ssl.trustStore`):
 
 ```shell
 ${JAVA_HOME}/bin/java -Djavax.net.ssl.trustStore=/var/atlassian/application-data/jira/cacerts -classpath /tmp SSLPoke gitlab.example.com 443
@@ -211,7 +211,7 @@ The requested scope is invalid, unknown, or malformed.
 
 Potential resolutions:
 
-- Verify the URL shown in the browser after being redirected from Jira in step 5 of [Jira DVCS Connector Setp](#jira-dvcs-connector-setup) includes `scope=api` within the query string.
+- Verify the URL shown in the browser after being redirected from Jira in step 5 of [Jira DVCS Connector Setup](#jira-dvcs-connector-setup) includes `scope=api` within the query string.
 - If `scope=api` is missing from the URL, return to [GitLab account configuration](#gitlab-account-configuration-for-dvcs) and ensure the application you created in step 1 has the `api` box checked under scopes.
 
 ##### Jira error adding account and no repositories listed
@@ -252,7 +252,7 @@ resynchronize the information. To do so:
 
 You can integrate GitLab.com and Jira Cloud using the [GitLab for Jira](https://marketplace.atlassian.com/apps/1221011/gitlab-com-for-jira-cloud) app in the Atlassian Marketplace.
 
-This method is recommended when using GitLab.com and Jira Cloud because data is synchronized in realtime, while the DVCS connector updates data only once per hour. If you are not using both of these environments, use the [Jira DVCS Connector](#jira-dvcs-configuration) method.
+This method is recommended when using GitLab.com and Jira Cloud because data is synchronized in real-time, while the DVCS connector updates data only once per hour. If you are not using both of these environments, use the [Jira DVCS Connector](#jira-dvcs-configuration) method.
 
 <i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
 For a walkthrough of the integration with GitLab for Jira, watch [Configure GitLab Jira Integration using Marketplace App](https://youtu.be/SwR-g1s1zTo) on YouTube.

doc/subscriptions/gitlab_com/index.md

@@ -22,7 +22,7 @@ When applied to:
 - A **group**, the group, all subgroups, and all projects under the selected
   group on GitLab.com contains the features of the associated tier. GitLab recommends
   choosing a group plan when managing an organization's projects and users.
-- A **personal userspace**, all projects contain features with the
+- A **personal user space**, all projects contain features with the
   subscription applied, but as it's not a group, group features aren't available.
 
 You can read more about [common misconceptions](https://about.gitlab.com/handbook/marketing/strategic-marketing/enablement/dotcom-subscriptions/#common-misconceptions) regarding a GitLab.com subscription to help avoid issues.

doc/topics/autodevops/customize.md

@@ -163,7 +163,7 @@ to override the default chart values by setting `HELM_UPGRADE_EXTRA_ARGS` to `--
 You can customize the `helm upgrade` command used in the [auto-deploy-image](https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image)
 by passing options to the command with the `HELM_UPGRADE_EXTRA_ARGS` variable.
 For example, set the value of `HELM_UPGRADE_EXTRA_ARGS` to `--no-hooks` to disable
-pre and post upgrade hooks when the command is executed.
+pre-upgrade and post-upgrade hooks when the command is executed.
 
 See [the official documentation](https://helm.sh/docs/helm/helm_upgrade/) for the full
 list of options.

doc/topics/autodevops/upgrading_auto_deploy_dependencies.md

@@ -153,7 +153,7 @@ steps to upgrade to v2:
 
 ### Use a specific version of Auto Deploy dependencies
 
-To use a specifc version of Auto Deploy dependencies, specify the previous Auto Deploy
+To use a specific version of Auto Deploy dependencies, specify the previous Auto Deploy
 stable template that contains the [desired version of `auto-deploy-image` and `auto-deploy-app`](#verify-dependency-versions).
 
 For example, if the template is bundled in GitLab v13.3, change your `.gitlab-ci.yml` to:

doc/topics/git/git_rebase.md

@@ -160,7 +160,7 @@ a macOS's `ZSH` shell, and you want to **squash** all the three commits
    from `pick` to `squash` (or `s`). Do the same to the **third** commit.
    The first commit should be left **unchanged** (`pick`) as we want to squash
    the second and third into the first.
-1. Press <kbd>Esc</kbd> to leave the editing mode.
+1. Press <kbd>Escape</kbd> to leave the editing mode.
 1. Type `:wq` to "write" (save) and "quit".
 1. Git outputs the commit message so you have a chance to edit it:
    - All lines starting with `#` will be ignored and not included in the commit

doc/topics/gitlab_flow.md

@@ -38,8 +38,12 @@ For a video introduction of how this works in GitLab, see [GitLab Flow](https://
 
 ## Git flow and its problems
 
+<!-- vale gitlab.Spelling = NO -->
+
 ![Git Flow timeline by Vincent Driessen, used with permission](img/gitlab_flow_gitdashflow.png)
 
+<!-- vale gitlab.Spelling = YES -->
+
 Git flow was one of the first proposals to use Git branches, and it has received a lot of attention.
 It suggests a `master` branch and a separate `develop` branch, as well as supporting branches for features, releases, and hotfixes.
 The development happens on the `develop` branch, moves to a release branch, and is finally merged into the `master` branch.

doc/university/training/topics/getting_started.md

@@ -21,7 +21,7 @@ comments: false
   git clone <url>
   ```
 
-## Central Repos
+## Central Repositories
 
 - To instantiate a central repository a `--bare` flag is required.
 - Bare repositories don't allow file editing or committing changes.
@@ -34,7 +34,7 @@ comments: false
 ## Instantiate workflow with clone
 
 1. Create a project in your user namespace.
-   - Choose to import from 'Any Repo by URL' and use <https://gitlab.com/gitlab-org/training-examples.git>.
+   - Choose to import from **Any Repository by URL** and use <https://gitlab.com/gitlab-org/training-examples.git>.
 1. Create a '`Workspace`' directory in your home directory.
 1. Clone the '`training-examples`' project.
 

doc/university/training/user_training.md

@@ -102,7 +102,7 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQEL17Ufacg8cDhlQMS5NhV8z3GHZdhCrZbl4gz you@example.
 ## Create a project
 
 - Create a project in your user namespace.
-  - Choose to import from 'Any Repo by URL' and use <https://gitlab.com/gitlab-org/training-examples.git>.
+  - Choose to import from **Any Repository by URL** and use <https://gitlab.com/gitlab-org/training-examples.git>.
 - Create a '`development`' or '`workspace`' directory in your home directory.
 - Clone the '`training-examples`' project.
 
@@ -214,9 +214,13 @@ Create your first merge request:
 
 ## Feedback and Collaboration resources
 
+<!-- vale gitlab.Spelling = NO -->
+
 Review the Thoughtbot code-review guide for suggestions to follow when reviewing merge requests:
 <https://github.com/thoughtbot/guides/tree/master/code-review>.
 
+<!-- vale gitlab.Spelling = YES -->
+
 See GitLab merge requests for examples: <https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests>.
 
 ## Explore GitLab projects

doc/user/admin_area/settings/sign_up_restrictions.md

@@ -94,7 +94,7 @@ Feature.enable(:admin_new_user_signups_cap)
 WARNING:
 This feature might not be available to you. Check the **version history** note above for details.
 
-The soft email confirmation improves the signup experience for new users by allowing
+The soft email confirmation improves the sign-up experience for new users by allowing
 them to sign in without an immediate confirmation when an email confirmation is required.
 GitLab shows the user a reminder to confirm their email address, and the user can't
 create or update pipelines until their email address is confirmed.

doc/user/analytics/ci_cd_analytics.md

@@ -22,12 +22,12 @@ View pipeline duration history:
 
 ![Pipeline duration](img/pipelines_duration_chart.png)
 
-## DORA4 Metrics 
+## DORA4 Metrics
 
 Customer experience is a key metric. Users want to measure platform stability and other
 post-deployment performance KPIs, and set targets for customer behavior, experience, and financial
 impact. Tracking and measuring these indicators solves an important pain point. Similarly, creating
-views that manage products, not projects or repos, provides users with a more relevant data set.
+views that manage products, not projects or repositories, provides users with a more relevant data set.
 Since GitLab is a tool for the entire DevOps life-cycle, information from different workflows is
 integrated and can be used to measure the success of the teams.
 

doc/user/analytics/issue_analytics.md

@@ -10,7 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/196561) in [GitLab Premium](https://about.gitlab.com/pricing/) 12.9.
 
 Issue Analytics is a bar graph which illustrates the number of issues created each month.
-The default timespan is 13 months, which includes the current month, and the 12 months
+The default time span is 13 months, which includes the current month, and the 12 months
 prior.
 
 To access the chart, navigate to your project sidebar and select **{chart}** **Analytics > Issue Analytics**.

doc/user/application_security/container_scanning/index.md

@@ -182,7 +182,7 @@ scanning by using the following environment variables:
 | `CLAIR_DB_IMAGE`               | `arminc/clair-db:latest` | The Docker image name and tag for the [PostgreSQL server hosting the vulnerabilities definitions](https://hub.docker.com/r/arminc/clair-db). It can be useful to override this value with a specific version, for example, to provide a consistent set of vulnerabilities for integration testing purposes, or to refer to a locally hosted vulnerabilities database for an on-premise offline installation. |
 | `CLAIR_DB_IMAGE_TAG`           | `latest`      | (**DEPRECATED - use `CLAIR_DB_IMAGE` instead**) The Docker image tag for the [PostgreSQL server hosting the vulnerabilities definitions](https://hub.docker.com/r/arminc/clair-db). It can be useful to override this value with a specific version, for example, to provide a consistent set of vulnerabilities for integration testing purposes. |
 | `CLAIR_OUTPUT`                 | `Unknown`     | Severity level threshold. Vulnerabilities with severity level higher than or equal to this threshold are outputted. Supported levels are `Unknown`, `Negligible`, `Low`, `Medium`, `High`, `Critical` and `Defcon1`. |
-| `CLAIR_TRACE`                  | `"false"`     | Set to true to enable more verbose output from the clair server process. |
+| `CLAIR_TRACE`                  | `"false"`     | Set to true to enable more verbose output from the Clair server process. |
 | `CLAIR_VULNERABILITIES_DB_URL` | `clair-vulnerabilities-db` | (**DEPRECATED - use `CLAIR_DB_CONNECTION_STRING` instead**) This variable is explicitly set in the [services section](https://gitlab.com/gitlab-org/gitlab/-/blob/898c5da43504eba87b749625da50098d345b60d6/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml#L23) of the `Container-Scanning.gitlab-ci.yml` file and defaults to `clair-vulnerabilities-db`. This value represents the address that the [PostgreSQL server hosting the vulnerabilities definitions](https://hub.docker.com/r/arminc/clair-db) is running on and **shouldn't be changed** unless you're running the image locally as described in the [Running the standalone container scanning tool](#running-the-standalone-container-scanning-tool) section. |
 | `CI_APPLICATION_REPOSITORY`    | `$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG` | Docker repository URL for the image to be scanned. |
 | `CI_APPLICATION_TAG`           | `$CI_COMMIT_SHA` | Docker repository tag for the image to be scanned. |
@@ -192,7 +192,7 @@ scanning by using the following environment variables:
 | `DOCKER_PASSWORD`              | `$CI_REGISTRY_PASSWORD` | Password for accessing a Docker registry requiring authentication. |
 | `DOCKER_USER`                  | `$CI_REGISTRY_USER` | Username for accessing a Docker registry requiring authentication. |
 | `DOCKERFILE_PATH`              | `Dockerfile`  | The path to the `Dockerfile` to be used for generating remediations. By default, the scanner looks for a file named `Dockerfile` in the root directory of the project, so this variable should only be configured if your `Dockerfile` is in a non-standard location, such as a subdirectory. See [Solutions for vulnerabilities](#solutions-for-vulnerabilities-auto-remediation) for more details. |
-| `KLAR_TRACE`                   | `"false"`     | Set to true to enable more verbose output from klar. |
+| `KLAR_TRACE`                   | `"false"`     | Set to true to enable more verbose output from Klar. |
 | `REGISTRY_INSECURE`            | `"false"`     | Allow [Klar](https://github.com/optiopay/klar) to access insecure registries (HTTP only). Should only be set to `true` when testing the image locally. |
 | `SECURE_ANALYZERS_PREFIX`      | `"registry.gitlab.com/gitlab-org/security-products/analyzers"` | Set the Docker registry base address from which to download the analyzer. |
 | `SECURE_LOG_LEVEL`             | `info`        | Set the minimum logging level. Messages of this logging level or higher are output. From highest to lowest severity, the logging levels are: `fatal`, `error`, `warn`, `info`, `debug`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10880) in GitLab 13.1. |

doc/user/application_security/coverage_fuzzing/index.md

@@ -27,12 +27,12 @@ Docker image with the fuzz engine to run your app.
 |----------|----------------|---------|
 | C/C++    | [libFuzzer](https://llvm.org/docs/LibFuzzer.html) | [c-cpp-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/c-cpp-fuzzing-example) |
 | GoLang   | [go-fuzz (libFuzzer support)](https://github.com/dvyukov/go-fuzz) | [go-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example) |
-| Swift    | [libfuzzer](https://github.com/apple/swift/blob/master/docs/libFuzzerIntegration.md) | [swift-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/swift-fuzzing-example) |
+| Swift    | [libFuzzer](https://github.com/apple/swift/blob/master/docs/libFuzzerIntegration.md) | [swift-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/swift-fuzzing-example) |
 | Rust     | [cargo-fuzz (libFuzzer support)](https://github.com/rust-fuzz/cargo-fuzz) | [rust-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/rust-fuzzing-example) |
-| Java     | [javafuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/javafuzz) (recommended) | [javafuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/javafuzz-fuzzing-example) |
+| Java     | [Javafuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/javafuzz) (recommended) | [javafuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/javafuzz-fuzzing-example) |
 | Java     | [JQF](https://github.com/rohanpadhye/JQF) (not preferred) | [jqf-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/java-fuzzing-example) |
-| JavaScript | [jsfuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/jsfuzz)| [jsfuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/jsfuzz-fuzzing-example) |
-| Python | [pythonfuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/pythonfuzz)| [pythonfuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/pythonfuzz-fuzzing-example) |
+| JavaScript | [`jsfuzz`](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/jsfuzz)| [jsfuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/jsfuzz-fuzzing-example) |
+| Python | [`pythonfuzz`](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/pythonfuzz)| [pythonfuzz-fuzzing-example](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/pythonfuzz-fuzzing-example) |
 
 ## Configuration
 
@@ -107,7 +107,7 @@ There are two types of jobs:
 
 Here's our current suggestion for configuring your fuzz target's timeout:
 
-- Set `COVFUZZ_BRANCH` to the branch where you want to run long-running (async) fuzzing
+- Set `COVFUZZ_BRANCH` to the branch where you want to run long-running (asynchronous) fuzzing
   jobs. This is `master` by default.
 - Use regression or short-running fuzzing jobs for other branches or merge requests.
 
@@ -188,14 +188,14 @@ To use coverage fuzzing in an offline environment, follow these steps:
    `NEW_URL_GITLAB_COV_FUZ` is the URL of the private `gitlab-cov-fuzz` clone that you set up in the
    first step.
 
-### Continuous fuzzing (long-running async fuzzing jobs)
+### Continuous fuzzing (long-running asynchronous fuzzing jobs)
 
 It's also possible to run the fuzzing jobs longer and without blocking your main pipeline. This
 configuration uses the GitLab [parent-child pipelines](../../../ci/parent_child_pipelines.md).
 The full example is available in the [repository](https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example/-/tree/continuous_fuzzing#running-go-fuzz-from-ci).
 This example uses Go, but is applicable for any other supported languages.
 
-The suggested workflow in this scenario is to have long-running, async fuzzing jobs on a
+The suggested workflow in this scenario is to have long-running, asynchronous fuzzing jobs on a
 main/development branch, and short, blocking sync fuzzing jobs on all other branches and MRs. This
 is a good way to balance the needs of letting a developer's per-commit pipeline complete quickly,
 and also giving the fuzzer a large amount of time to fully explore and test the app.
@@ -217,7 +217,7 @@ sync_fuzzing:
 
 async_fuzzing:
   variables:
-    COVFUZZ_ADDITIONAL_ARGS: '-max_total_time=3600'  
+    COVFUZZ_ADDITIONAL_ARGS: '-max_total_time=3600'
   trigger:
     include: .covfuzz-ci.yml
   rules:
@@ -252,9 +252,9 @@ vulnerability:
   vulnerability can be Detected, Confirmed, Dismissed, or Resolved.
 - Project: The project in which the vulnerability exists.
 - Crash type: The type of crash or weakness in the code. This typically maps to a [CWE](https://cwe.mitre.org/).
-- Crash state: A normalized version of the stacktrace, containing the last three functions of the
+- Crash state: A normalized version of the stack trace, containing the last three functions of the
   crash (without random addresses).
-- Stacktrace snippet: The last few lines of the stacktrace, which shows details about the crash.
+- Stack trace snippet: The last few lines of the stack trace, which shows details about the crash.
 - Identifier: The vulnerability's identifier. This maps to either a [CVE](https://cve.mitre.org/)
   or [CWE](https://cwe.mitre.org/).
 - Severity: The vulnerability's severity. This can be Critical, High, Medium, Low, Info, or Unknown.

doc/user/application_security/dependency_scanning/index.md

@@ -67,7 +67,7 @@ The following languages and dependency managers are supported:
 | [npm](https://www.npmjs.com/), [yarn](https://classic.yarnpkg.com/en/) 1.x | JavaScript | `package-lock.json`, `npm-shrinkwrap.json`, `yarn.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
 | [npm](https://www.npmjs.com/), [yarn](https://classic.yarnpkg.com/en/) 1.x | JavaScript | `package.json` | [Retire.js](https://retirejs.github.io/retire.js/) |
 | [NuGet](https://www.nuget.org/) 4.9+ | .NET, C# | [`packages.lock.json`](https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files#enabling-lock-file) | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
-| [setuptools](https://setuptools.readthedocs.io/en/latest/), [pip](https://pip.pypa.io/en/stable/), [Pipenv](https://pipenv.pypa.io/en/latest/) (*1*) | Python | `setup.py`, `requirements.txt`, `requirements.pip`, `requires.txt`, `Pipfile`, `Pipfile.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
+| [`setuptools`](https://setuptools.readthedocs.io/en/latest/), [pip](https://pip.pypa.io/en/stable/), [Pipenv](https://pipenv.pypa.io/en/latest/) (*1*) | Python | `setup.py`, `requirements.txt`, `requirements.pip`, `requires.txt`, `Pipfile`, `Pipfile.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
 | [sbt](https://www.scala-sbt.org/) 1.2 and below ([Ivy](http://ant.apache.org/ivy/)) | Scala | `build.sbt` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
 
 1. [Pipenv](https://pipenv.pypa.io/en/latest/) projects are scanned when a `Pipfile` is present.
@@ -188,7 +188,7 @@ The following variables are used for configuring specific analyzers (used for a
 | `DS_PIP_DEPENDENCY_PATH`                | `gemnasium-python` |                              | Path to load Python pip dependencies from. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12412) in GitLab 12.2) |
 | `DS_PYTHON_VERSION`                     | `retire.js`        |                              | Version of Python. If set to 2, dependencies are installed using Python 2.7 instead of Python 3.6. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12296) in GitLab 12.1, [removed](https://www.python.org/doc/sunset-python-2/) in GitLab 13.7)|
 | `DS_JAVA_VERSION`                       | `gemnasium-maven`  | `11`                         | Version of Java. Available versions: `8`, `11`, `13`, `14`. Maven and Gradle use the Java version specified by this value. |
-| `MAVEN_CLI_OPTS`                        | `gemnasium-maven`  | `"-DskipTests --batch-mode"` | List of command line arguments that are passed to `maven` by the analyzer. See an example for [using private repositories](../index.md#using-private-maven-repos). |
+| `MAVEN_CLI_OPTS`                        | `gemnasium-maven`  | `"-DskipTests --batch-mode"` | List of command line arguments that are passed to `maven` by the analyzer. See an example for [using private repositories](../index.md#using-private-maven-repositories). |
 | `GRADLE_CLI_OPTS`                       | `gemnasium-maven`  |                              | List of command line arguments that are passed to `gradle` by the analyzer. |
 | `SBT_CLI_OPTS`                          | `gemnasium-maven`  |                              | List of command-line arguments that the analyzer passes to `sbt`. |
 | `BUNDLER_AUDIT_UPDATE_DISABLED`         | `bundler-audit`    | `"false"`                    | Disable automatic updates for the `bundler-audit` analyzer. Useful if you're running dependency scanning in an offline, air-gapped environment.|
@@ -198,12 +198,12 @@ The following variables are used for configuring specific analyzers (used for a
 | `RETIREJS_NODE_ADVISORY_DB`             | `retire.js`        | `https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json` | Path or URL to `retire.js` node vulnerability data file. Note that if the URL hosting the data file uses a custom SSL certificate, for example in an offline installation, you can pass the certificate in the `ADDITIONAL_CA_CERT_BUNDLE` environment variable. |
 | `RETIREJS_ADVISORY_DB_INSECURE`         | `retire.js`        | `false`                      | Enable fetching remote JS and Node vulnerability data files (defined by the `RETIREJS_JS_ADVISORY_DB` and `RETIREJS_NODE_ADVISORY_DB` variables) from hosts using an insecure or self-signed SSL (TLS) certificate. |
 
-### Using private Maven repos
+### Using private Maven repositories
 
 If your private Maven repository requires login credentials,
 you can use the `MAVEN_CLI_OPTS` environment variable.
 
-Read more on [how to use private Maven repositories](../index.md#using-private-maven-repos).
+Read more on [how to use private Maven repositories](../index.md#using-private-maven-repositories).
 
 ## Interacting with the vulnerabilities
 
@@ -375,7 +375,7 @@ Here are the requirements for using dependency scanning in an offline environmen
   This advisory database is constantly being updated, so you must periodically sync your local copy with GitLab.
 
 - _Only if scanning Ruby projects_: Host an offline Git copy of the [advisory database](https://github.com/rubysec/ruby-advisory-db).
-- _Only if scanning npm/yarn projects_: Host an offline copy of the [retire.js](https://github.com/RetireJS/retire.js/) [node](https://github.com/RetireJS/retire.js/blob/master/repository/npmrepository.json) and [js](https://github.com/RetireJS/retire.js/blob/master/repository/jsrepository.json) advisory databases.
+- _Only if scanning npm/yarn projects_: Host an offline copy of the [`retire.js`](https://github.com/RetireJS/retire.js/) [node](https://github.com/RetireJS/retire.js/blob/master/repository/npmrepository.json) and [`js`](https://github.com/RetireJS/retire.js/blob/master/repository/jsrepository.json) advisory databases.
 
 Note that GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy),
 meaning the runner tries to pull Docker images from the GitLab container registry even if a local
@@ -460,7 +460,7 @@ BUNDLER_AUDIT_ADVISORY_DB_REF_NAME: "master"
 BUNDLER_AUDIT_ADVISORY_DB_URL: "gitlab.example.com/ruby-advisory-db.git"
 ```
 
-#### Python (setuptools)
+#### Python (setup tools)
 
 When using self-signed certificates for your private PyPi repository, no extra job configuration (aside
 from the template `.gitlab-ci.yml` above) is needed. However, you must update your `setup.py` to
@@ -526,5 +526,5 @@ scanning job might be triggered even if the scanner doesn't support your project
 
 ### Issues building projects with npm or yarn packages relying on Python 2
 
-Python 2 was removed (see: [Python 2 sunsetting](https://www.python.org/doc/sunset-python-2/)) from the `retire.js` analyzer in GitLab 13.7 (analyzer version 2.10.1). Projects using packages
+[Python 2 was removed](https://www.python.org/doc/sunset-python-2/) from the `retire.js` analyzer in GitLab 13.7 (analyzer version 2.10.1). Projects using packages
 with a dependency on this version of Python should use `retire.js` version 2.10.0 or lower (for example, `registry.gitlab.com/gitlab-org/security-products/analyzers/retire.js:2.10.0`).

doc/user/application_security/index.md

@@ -395,11 +395,11 @@ must be created. A [security scanner job](#security-scanning-tools) must be enab
 job must be enabled for `License-Check`. When the proper jobs aren't configured, the following
 appears:
 
-![Unconfigured Approval Rules](img/unconfigured_security_approval_rules_and_jobs_v13_4.png)
+![Un-configured Approval Rules](img/unconfigured_security_approval_rules_and_jobs_v13_4.png)
 
 If at least one security scanner is enabled, you can enable the `Vulnerability-Check` approval rule. If a license scanning job is enabled, you can enable the `License-Check` rule.
 
-![Unconfigured Approval Rules with valid pipeline jobs](img/unconfigured_security_approval_rules_and_enabled_jobs_v13_4.png)
+![Un-configured Approval Rules with valid pipeline jobs](img/unconfigured_security_approval_rules_and_enabled_jobs_v13_4.png)
 
 For this approval group, you must set the number of approvals required to greater than zero. You
 must have Maintainer or Owner [permissions](../permissions.md#project-members-permissions)
@@ -446,7 +446,7 @@ environment.
 
 Read how to [operate the Secure scanners in an offline environment](offline_deployments/index.md).
 
-## Using private Maven repos
+## Using private Maven repositories
 
 If you have a private Apache Maven repository that requires login credentials,
 you can use the `MAVEN_CLI_OPTS` environment variable

doc/user/application_security/offline_deployments/index.md

@@ -53,7 +53,7 @@ internally-hosted registry or provide access to the individual scanner images.
 
 You must also ensure that your app has access to common package repositories
 that are not hosted on GitLab.com, such as npm, yarn, or Ruby gems. Packages
-from these repos can be obtained by temporarily connecting to a network or by
+from these repositories can be obtained by temporarily connecting to a network or by
 mirroring the packages inside your own offline network.
 
 ### Interacting with the vulnerabilities
@@ -132,7 +132,7 @@ a bastion, and used only for this specific project.
 #### Scheduling the updates
 
 By default, this project's pipeline runs only once, when the `.gitlab-ci.yml` is added to the
-repo. To update the GitLab security scanners and signatures, it's necessary to run this pipeline
+repository. To update the GitLab security scanners and signatures, it's necessary to run this pipeline
 regularly. GitLab provides a way to [schedule pipelines](../../../ci/pipelines/schedules.md). For
 example, you can set this up to download and store the Docker images every week.
 

doc/user/application_security/sast/index.md

@@ -335,7 +335,7 @@ it via [custom environment variables](#custom-environment-variables).
 If your private Maven repository requires login credentials,
 you can use the `MAVEN_CLI_OPTS` environment variable.
 
-Read more on [how to use private Maven repositories](../index.md#using-private-maven-repos).
+Read more on [how to use private Maven repositories](../index.md#using-private-maven-repositories).
 
 ### Enabling Kubesec analyzer
 

doc/user/application_security/vulnerabilities/severities.md

@@ -37,33 +37,33 @@ the following tables:
 
 |  GitLab analyzer                                                                                       | Outputs severity levels? | Native severity level type | Native severity level example      |
 |--------------------------------------------------------------------------------------------------------|--------------------------|----------------------------|------------------------------------|
-| [security-code-scan](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan)     | **{dotted-circle}** No   | N/A                        | N/A                                |
-| [brakeman](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman)                         | **{dotted-circle}** No   | N/A                        | N/A                                |
-| [sobelow](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow)                           | **{check-circle}** Yes   | N/A                        | Hardcodes all severity levels to `Unknown` |
-| [nodejs-scan](https://gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan)                   | **{check-circle}** Yes   | String                     | `INFO`, `WARNING`, `ERROR`         |
-| [flawfinder](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder)                     | **{check-circle}** Yes   | Integer                    | `0`, `1`, `2`, `3`, `4`, `5`       |
-| [eslint](https://gitlab.com/gitlab-org/security-products/analyzers/eslint)                             | **{check-circle}** Yes   | N/A                        | Hardcodes all severity levels to `Unknown` |
-| [SpotBugs](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs)                         | **{check-circle}** Yes   | Integer                    | `1`, `2`, `3`, `11`, `12`, `18`    |
-| [gosec](https://gitlab.com/gitlab-org/security-products/analyzers/gosec)                               | **{check-circle}** Yes   | String                     | `HIGH`, `MEDIUM`, `LOW`            |
-| [bandit](https://gitlab.com/gitlab-org/security-products/analyzers/bandit)                             | **{check-circle}** Yes   | String                     | `HIGH`, `MEDIUM`, `LOW`            |
-| [phpcs-security-audit](https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit) | **{check-circle}** Yes   | String                     | `ERROR`, `WARNING`                 |
-| [pmd-apex](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex)                         | **{check-circle}** Yes   | Integer                    | `1`, `2`, `3`, `4`, `5`            |
-| [kubesec](https://gitlab.com/gitlab-org/security-products/analyzers/kubesec)                           | **{check-circle}** Yes   | String                     | `CriticalSeverity`, `InfoSeverity` |
-| [secrets](https://gitlab.com/gitlab-org/security-products/analyzers/secrets)                           | **{check-circle}** Yes   | N/A                        | Hardcodes all severity levels to `Critical` |
+| [`security-code-scan`](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan)     | **{dotted-circle}** No   | N/A                        | N/A                                |
+| [`brakeman`](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman)                         | **{dotted-circle}** No   | N/A                        | N/A                                |
+| [`sobelow`](https://gitlab.com/gitlab-org/security-products/analyzers/sobelow)                           | **{check-circle}** Yes   | N/A                        | Hardcodes all severity levels to `Unknown` |
+| [`nodejs-scan`](https://gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan)                   | **{check-circle}** Yes   | String                     | `INFO`, `WARNING`, `ERROR`         |
+| [`flawfinder`](https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder)                     | **{check-circle}** Yes   | Integer                    | `0`, `1`, `2`, `3`, `4`, `5`       |
+| [`eslint`](https://gitlab.com/gitlab-org/security-products/analyzers/eslint)                             | **{check-circle}** Yes   | N/A                        | Hardcodes all severity levels to `Unknown` |
+| [`SpotBugs`](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs)                         | **{check-circle}** Yes   | Integer                    | `1`, `2`, `3`, `11`, `12`, `18`    |
+| [`gosec`](https://gitlab.com/gitlab-org/security-products/analyzers/gosec)                               | **{check-circle}** Yes   | String                     | `HIGH`, `MEDIUM`, `LOW`            |
+| [`bandit`](https://gitlab.com/gitlab-org/security-products/analyzers/bandit)                             | **{check-circle}** Yes   | String                     | `HIGH`, `MEDIUM`, `LOW`            |
+| [`phpcs-security-audit`](https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit) | **{check-circle}** Yes   | String                     | `ERROR`, `WARNING`                 |
+| [`pmd-apex`](https://gitlab.com/gitlab-org/security-products/analyzers/pmd-apex)                         | **{check-circle}** Yes   | Integer                    | `1`, `2`, `3`, `4`, `5`            |
+| [`kubesec`](https://gitlab.com/gitlab-org/security-products/analyzers/kubesec)                           | **{check-circle}** Yes   | String                     | `CriticalSeverity`, `InfoSeverity` |
+| [`secrets`](https://gitlab.com/gitlab-org/security-products/analyzers/secrets)                           | **{check-circle}** Yes   | N/A                        | Hardcodes all severity levels to `Critical` |
 
 ## Dependency Scanning
 
 | GitLab analyzer                                                                          | Outputs severity levels?     | Native severity level type | Native severity level example       |
 |------------------------------------------------------------------------------------------|------------------------------|----------------------------|-------------------------------------|
-| [bundler-audit](https://gitlab.com/gitlab-org/security-products/analyzers/bundler-audit) | **{check-circle}** Yes       | String                     | `low`, `medium`, `high`, `critical` |
-| [retire.js](https://gitlab.com/gitlab-org/security-products/analyzers/retire.js)         | **{check-circle}** Yes       | String                     | `low`, `medium`, `high`, `critical` |
-| [gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium)         | **{check-circle}** Yes       | CVSS v2.0 Rating and CVSS v3.1 Qualitative Severity Rating | `(AV:N/AC:L/Au:S/C:P/I:P/A:N)`, `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H` |
+| [`bundler-audit`](https://gitlab.com/gitlab-org/security-products/analyzers/bundler-audit) | **{check-circle}** Yes       | String                     | `low`, `medium`, `high`, `critical` |
+| [`retire.js`](https://gitlab.com/gitlab-org/security-products/analyzers/retire.js)         | **{check-circle}** Yes       | String                     | `low`, `medium`, `high`, `critical` |
+| [`gemnasium`](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium)         | **{check-circle}** Yes       | CVSS v2.0 Rating and CVSS v3.1 Qualitative Severity Rating | `(AV:N/AC:L/Au:S/C:P/I:P/A:N)`, `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H` |
 
 ## Container Scanning
 
 | GitLab analyzer                                                        | Outputs severity levels? | Native severity level type | Native severity level example                                |
 |------------------------------------------------------------------------|--------------------------|----------------------------|--------------------------------------------------------------|
-| [klar](https://gitlab.com/gitlab-org/security-products/analyzers/klar) | **{check-circle}** Yes   | String                     | `Negligible`, `Low`, `Medium`, `High`, `Critical`, `Defcon1` |
+| [`klar`](https://gitlab.com/gitlab-org/security-products/analyzers/klar) | **{check-circle}** Yes   | String                     | `Negligible`, `Low`, `Medium`, `High`, `Critical`, `Defcon1` |
 
 ## Fuzz Testing
 

doc/user/asciidoc.md

@@ -186,8 +186,12 @@ Attach a block or paragraph to a list item using a list continuation (which you
 * [ ] not checked
 ```
 
+<!-- vale gitlab.Spelling = NO -->
+
 #### Callout
 
+<!-- vale gitlab.Spelling = YES -->
+
 ```plaintext
 // enable callout bubbles by adding `:icons: font` to the document header
 [,ruby]

doc/user/compliance/license_compliance/index.md

@@ -222,7 +222,7 @@ If you still need to run tests during `mvn install`, add `-DskipTests=false` to
 If you have a private Maven repository which requires login credentials,
 you can use the `MAVEN_CLI_OPTS` environment variable.
 
-Read more on [how to use private Maven repositories](../../application_security/index.md#using-private-maven-repos).
+Read more on [how to use private Maven repositories](../../application_security/index.md#using-private-maven-repositories).
 
 You can also use `MAVEN_CLI_OPTS` to connect to a trusted Maven repository that uses a self-signed
 or internally trusted certificate. For example:

doc/user/gitlab_com/index.md

@@ -632,7 +632,7 @@ rate limits that are not configurable, and therefore also used on GitLab.com.
 We use [Fluentd](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#fluentd) to parse our logs. Fluentd sends our logs to
 [Stackdriver Logging](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#stackdriver) and [Cloud Pub/Sub](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#cloud-pubsub).
 Stackdriver is used for storing logs long-term in Google Cold Storage (GCS). Cloud Pub/Sub
-is used to forward logs to an [Elastic cluster](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#elastic) using [pubsubbeat](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#pubsubbeat-vms).
+is used to forward logs to an [Elastic cluster](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#elastic) using [`pubsubbeat`](https://gitlab.com/gitlab-com/runbooks/tree/master/logging/doc#pubsubbeat-vms).
 
 You can view more information in our runbooks such as: