Commit 91fc3ef5 authored by Denys Mishunov's avatar Denys Mishunov

Merge branch 'docs/326728-document-ds-enable-via-mr' into 'master'

Enable the secDependencyScanningUiEnable feature flag by default

See merge request gitlab-org/gitlab!58363
parents 18a218b4 132a5d6f
......@@ -78,6 +78,9 @@ You can configure the following security controls:
- Secret Detection
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Secret Detection. For more details, see [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
- Dependency Scanning
- Select **Configure via Merge Request** to create a merge request with the changes required to
enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
## Enable or disable UI redesign **(FREE SELF)**
......
......@@ -110,6 +110,31 @@ The results are saved as a
that you can later download and analyze. Due to implementation limitations, we
always take the latest dependency scanning artifact available.
### Enable Dependency Scanning via an automatic merge request
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4908) in GitLab 14.1.
> - [Deployed behind a feature flag](../../../user/feature_flags.md), enabled by default.
> - Enabled on GitLab.com.
> - Recommended for production use.
> - For GitLab self-managed instances, GitLab administrators can opt to [disable it](#enable-or-disable-configure-dependency-scanning-via-a-merge-request). **(ULTIMATE SELF)**
WARNING:
This feature might not be available to you. Check the **version history** note above for details.
There can be
[risks when disabling released features](../../../user/feature_flags.md#risks-when-disabling-released-features).
Refer to this feature's version history for more details.
To enable Dependency Scanning in a project, you can create a merge request
from the Security Configuration page.
1. In the project where you want to enable Dependency Scanning, navigate to
**Security & Compliance > Configuration**.
1. In the **Dependency Scanning** row, select **Configure via Merge Request**.
This automatically creates a merge request with the changes necessary to enable Dependency Scanning
that you can review and merge to complete the configuration.
### Customizing the dependency scanning settings
The dependency scanning settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
......@@ -656,3 +681,22 @@ with a dependency on this version of Python should use `retire.js` version 2.10.
### Error: `dependency_scanning is used for configuration only, and its script should not be executed`
For information on this, see the [GitLab Secure troubleshooting section](../index.md#error-job-is-used-for-configuration-only-and-its-script-should-not-be-executed).
### Enable or disable Configure Dependency Scanning via a Merge Request
Configure Dependency Scanning via a Merge Request is under development but ready for production use.
It is deployed behind a feature flag that is **enabled by default**.
[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
can opt to disable it.
To disable it:
```ruby
Feature.disable(:sec_dependency_scanning_ui_enable)
```
To enable it:
```ruby
Feature.enable(:sec_dependency_scanning_ui_enable)
```
......@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/326005
milestone: '13.11'
type: development
group: group::composition analysis
default_enabled: false
default_enabled: true
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment