Doc Consistency: user/application_security - static analysis

9beeca4e · Niklas · Russell Dickenson · 4d9c946d · 9beeca4e · 9beeca4e
Commit 9beeca4e authored Oct 22, 2021 by Niklas Committed by Russell Dickenson Oct 22, 2021
5 changed files
--- a/doc/user/application_security/configuration/index.md
+++ b/doc/user/application_security/configuration/index.md
@@ -7,9 +7,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Security Configuration **(FREE)**

-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.6. **(ULTIMATE)**
-> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4. **(ULTIMATE)**
-> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4. **(ULTIMATE)**
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in GitLab 12.6.
+> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4.
+> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4.
 > - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
 > - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2.

@@ -38,31 +38,31 @@ Select **Configuration history** to see the `.gitlab-ci.yml` file's history.

 You can configure the following security controls:

- Static Application Security Testing (SAST) **(FREE)**
+- [Static Application Security Testing](../sast/index.md) (SAST)
  - Select **Enable SAST** to configure SAST for the current project.
    For more details, read [Configure SAST in the UI](../sast/index.md#configure-sast-in-the-ui).
- Dynamic Application Security Testing (DAST) **(ULTIMATE)**
+- [Dynamic Application Security Testing](../dast/index.md) (DAST)
  - Select **Enable DAST** to configure DAST for the current project.
  - Select **Manage scans** to manage the saved DAST scans, site profiles, and scanner profiles.
    For more details, read [DAST on-demand scans](../dast/index.md#on-demand-scans).
- Dependency Scanning **(ULTIMATE)**
+- [Dependency Scanning](../dependency_scanning/index.md)
  - Select **Configure via Merge Request** to create a merge request with the changes required to
    enable Dependency Scanning. For more details, see [Enable Dependency Scanning via an automatic merge request](../dependency_scanning/index.md#enable-dependency-scanning-via-an-automatic-merge-request).
- Container Scanning **(ULTIMATE)**
+- [Container Scanning](../container_scanning/index.md)
  - Can be configured with `.gitlab-ci.yml`. For more details, read [Container Scanning](../../../user/application_security/container_scanning/index.md#configuration).
- Cluster Image Scanning **(ULTIMATE)**
+- [Cluster Image Scanning](../cluster_image_scanning/index.md)
  - Can be configured with `.gitlab-ci.yml`. For more details, read [Cluster Image Scanning](../../../user/application_security/cluster_image_scanning/#configuration).
- Secret Detection
+- [Secret Detection](../secret_detection/index.md)
  - Select **Configure via Merge Request** to create a merge request with the changes required to
    enable Secret Detection. For more details, read [Enable Secret Detection via an automatic merge request](../secret_detection/index.md#enable-secret-detection-via-an-automatic-merge-request).
- API Fuzzing **(ULTIMATE)**
+- [API Fuzzing](../api_fuzzing/index.md)
  - Select **Enable API Fuzzing** to use API Fuzzing for the current project. For more details, read [API Fuzzing](../../../user/application_security/api_fuzzing/index.md#enable-web-api-fuzzing).
- Coverage Fuzzing **(ULTIMATE)**
+- [Coverage Fuzzing](../coverage_fuzzing/index.md)
  - Can be configured with `.gitlab-ci.yml`. For more details, read [Coverage Fuzzing](../../../user/application_security/coverage_fuzzing/index.md#configuration).

 ## Compliance **(ULTIMATE)**

 You can configure the following security controls:

- License Compliance **(ULTIMATE)**
+- [License Compliance](../../../user/compliance/license_compliance/index.md)
  - Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#configuration).
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -33,17 +33,17 @@ GitLab uses the following tools to scan and report known vulnerabilities found i

 | Secure scanning tool                                                         | Description                                                            |
 |:-----------------------------------------------------------------------------|:-----------------------------------------------------------------------|
-| [Container Scanning](container_scanning/index.md) **(ULTIMATE)**                 | Scan Docker containers for known vulnerabilities.                      |
-| [Dependency List](dependency_list/index.md) **(ULTIMATE)**                       | View your project's dependencies and their known vulnerabilities.      |
-| [Dependency Scanning](dependency_scanning/index.md) **(ULTIMATE)**               | Analyze your dependencies for known vulnerabilities.                   |
-| [Dynamic Application Security Testing (DAST)](dast/index.md) **(ULTIMATE)**      | Analyze running web applications for known vulnerabilities.            |
-| [DAST API](dast_api/index.md) **(ULTIMATE)**                                     | Analyze running web APIs for known vulnerabilities.            |
-| [API fuzzing](api_fuzzing/index.md) **(ULTIMATE)**                               | Find unknown bugs and vulnerabilities in web APIs with fuzzing.        |
-| [Secret Detection](secret_detection/index.md)                                    | Analyze Git history for leaked secrets.                                |
-| [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)**                 | View vulnerabilities in all your projects and groups.                  |
-| [Static Application Security Testing (SAST)](sast/index.md)                      | Analyze source code for known vulnerabilities.                         |
-| [Coverage fuzzing](coverage_fuzzing/index.md) **(ULTIMATE)**                     | Find unknown bugs and vulnerabilities with coverage-guided fuzzing.    |
-| [Cluster Image Scanning](cluster_image_scanning/index.md) **(ULTIMATE)**         | Scan Kubernetes clusters for known vulnerabilities.                      |
+| [Container Scanning](container_scanning/index.md)                            | Scan Docker containers for known vulnerabilities.                      |
+| [Dependency List](dependency_list/index.md)                                  | View your project's dependencies and their known vulnerabilities.      |
+| [Dependency Scanning](dependency_scanning/index.md)                          | Analyze your dependencies for known vulnerabilities.                   |
+| [Dynamic Application Security Testing (DAST)](dast/index.md)                 | Analyze running web applications for known vulnerabilities.            |
+| [DAST API](dast_api/index.md)                                                | Analyze running web APIs for known vulnerabilities.            |
+| [API fuzzing](api_fuzzing/index.md)                                          | Find unknown bugs and vulnerabilities in web APIs with fuzzing.        |
+| [Secret Detection](secret_detection/index.md)                                | Analyze Git history for leaked secrets.                                |
+| [Security Dashboard](security_dashboard/index.md)                            | View vulnerabilities in all your projects and groups.                  |
+| [Static Application Security Testing (SAST)](sast/index.md)                  | Analyze source code for known vulnerabilities.                         |
+| [Coverage fuzzing](coverage_fuzzing/index.md)                                | Find unknown bugs and vulnerabilities with coverage-guided fuzzing.    |
+| [Cluster Image Scanning](cluster_image_scanning/index.md)                    | Scan Kubernetes clusters for known vulnerabilities.                      |

 ## Security scanning with Auto DevOps

@@ -185,7 +185,7 @@ By default, the vulnerability report does not show vulnerabilities of `dismissed

 ## Security approvals in merge requests

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.2.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9928) in GitLab 12.2.

 You can implement merge request approvals to require approval by selected users or a group when a
 merge request would introduce one of the following security issues:

--- a/doc/user/application_security/sast/analyzers.md
+++ b/doc/user/application_security/sast/analyzers.md
@@ -6,8 +6,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # SAST Analyzers **(FREE)**

-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.3.
-> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) to GitLab Free in 13.3.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3.
+> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.

 SAST relies on underlying third party tools that are wrapped into what we call
 "Analyzers". An analyzer is a

--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -7,8 +7,8 @@ type: reference, howto

 # Static Application Security Testing (SAST) **(FREE)**

-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 10.3.
-> - All open source (OSS) analyzers were moved to GitLab Free in GitLab 13.3.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3.
+> - All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.

 NOTE:
 The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
@@ -20,7 +20,7 @@ Testing (SAST) to check your source code for known vulnerabilities. When a pipel
 the results of the SAST analysis are processed and shown in the pipeline's Security tab. If the
 pipeline is associated with a merge request, the SAST analysis is compared with the results of
 the target branch's analysis (if available). The results of that comparison are shown in the merge
-request. **(ULTIMATE)** If the pipeline is running from the default branch, the results of the SAST
+request. If the pipeline is running from the default branch, the results of the SAST
 analysis are available in the [security dashboards](../security_dashboard/index.md).

 ![SAST results shown in the MR widget](img/sast_results_in_mr_v14_0.png)
@@ -197,7 +197,7 @@ Use the method that best meets your needs.
 - [Configure SAST in the UI with default settings](#configure-sast-in-the-ui-with-default-settings)
 - [Configure SAST in the UI with customizations](#configure-sast-in-the-ui-with-customizations)

-### Configure SAST in the UI with default settings **(FREE)**
+### Configure SAST in the UI with default settings

 > [Introduced](https://about.gitlab.com/releases/2021/02/22/gitlab-13-9-released/#security-configuration-page-for-all-users) in GitLab 13.9

@@ -217,9 +217,9 @@ successfully, and an error may occur.

 ### Configure SAST in the UI with customizations **(ULTIMATE)**

-> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab Ultimate 13.3.
-> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab Ultimate 13.4.
-> - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab Ultimate 13.5.
+> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3659) in GitLab 13.3.
+> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in GitLab 13.4.
+> - [Improved](https://gitlab.com/groups/gitlab-org/-/epics/3635) in GitLab 13.5.

 To enable and configure SAST with customizations:

@@ -402,7 +402,7 @@ To create a custom ruleset:

 ### False Positive Detection **(ULTIMATE)**

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292686) in GitLab 14.2.
+> Introduced in GitLab 14.2.

 Vulnerabilities that have been detected and are false positives will be flagged as false positives in the security dashboard.

@@ -423,7 +423,7 @@ Read more on [how to use private Maven repositories](../index.md#using-private-m

 ### Enabling Kubesec analyzer

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12752) in GitLab Ultimate 12.6.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12752) in GitLab 12.6.

 You need to set `SCAN_KUBERNETES_MANIFESTS` to `"true"` to enable the
 Kubesec analyzer. In `.gitlab-ci.yml`, define:
@@ -569,7 +569,7 @@ Some analyzers can be customized with CI/CD variables.

 #### Custom CI/CD variables

-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18193) in GitLab Ultimate 12.5.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18193) in GitLab 12.5.

 In addition to the aforementioned SAST configuration CI/CD variables,
 all [custom variables](../../../ci/variables/index.md#custom-cicd-variables) are propagated

--- a/doc/user/application_security/secret_detection/index.md
+++ b/doc/user/application_security/secret_detection/index.md
@@ -7,8 +7,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Secret Detection **(FREE)**

-> - [Introduced](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9.
-> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) in 13.3.
+> - [Introduced](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) in GitLab 11.9.
+> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.

 A recurring problem when developing applications is that developers may unintentionally commit
 secrets and credentials to their remote repositories. If other people have access to the source,
@@ -138,9 +138,9 @@ The results are saved as a
 that you can later download and analyze. Due to implementation limitations, we
 always take the latest Secret Detection artifact available.

-### Enable Secret Detection via an automatic merge request **(FREE)**
+### Enable Secret Detection via an automatic merge request

-> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, behind a feature flag, enabled by default.
+> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4496) in GitLab 13.11, deployed behind a feature flag, enabled by default.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/329886) in GitLab 14.1.

 To enable Secret Detection in a project, you can create a merge request