Commit c3c5d6fb authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'docs/13496-use-security-dashboard-in-pipelines-view' into 'master'

Update Pipeline Security Dashboard documentation

See merge request gitlab-org/gitlab-ce!32396
parents 3a5fc82e c742ee76
...@@ -357,9 +357,10 @@ The following documentation relates to the DevOps **Secure** stage: ...@@ -357,9 +357,10 @@ The following documentation relates to the DevOps **Secure** stage:
| [Dependency List](user/application_security/dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. | | [Dependency List](user/application_security/dependency_list/index.md) **(ULTIMATE)** | View your project's dependencies and their known vulnerabilities. |
| [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. | | [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. | | [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. |
| [Group Security Dashboard](user/application_security/security_dashboard/index.md) **(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. | | [Group Security Dashboard](user/application_security/security_dashboard/index.md#group-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. |
| [License Compliance](user/application_security/license_compliance/index.md) **(ULTIMATE)** | Search your project's dependencies for their licenses. | | [License Compliance](user/application_security/license_compliance/index.md) **(ULTIMATE)** | Search your project's dependencies for their licenses. |
| [Project Security Dashboard](user/application_security/security_dashboard/index.md) **(ULTIMATE)** | View the latest security reports for your project. | | [Pipeline Security Dashboard](user/application_security/security_dashboard/index.md#pipeline-security-dashboard) **(ULTIMATE)** | View the security reports for your project's pipelines. |
| [Project Security Dashboard](user/application_security/security_dashboard/index.md#project-security-dashboard) **(ULTIMATE)** | View the latest security reports for your project. |
| [Static Application Security Testing (SAST)](user/application_security/sast/index.md) **(ULTIMATE)** | Analyze source code for known vulnerabilities. | | [Static Application Security Testing (SAST)](user/application_security/sast/index.md) **(ULTIMATE)** | Analyze source code for known vulnerabilities. |
## New to Git and GitLab? ## New to Git and GitLab?
......
...@@ -127,7 +127,7 @@ build: ...@@ -127,7 +127,7 @@ build:
## Security Dashboard ## Security Dashboard
The Security Dashboard is a good place to get an overview of all the security The Security Dashboard is a good place to get an overview of all the security
vulnerabilities in your groups and projects. Read more about the vulnerabilities in your groups, projects and pipelines. Read more about the
[Security Dashboard](../security_dashboard/index.md). [Security Dashboard](../security_dashboard/index.md).
## Interacting with the vulnerabilities ## Interacting with the vulnerabilities
......
...@@ -198,7 +198,7 @@ variable value. ...@@ -198,7 +198,7 @@ variable value.
## Security Dashboard ## Security Dashboard
The Security Dashboard is a good place to get an overview of all the security The Security Dashboard is a good place to get an overview of all the security
vulnerabilities in your groups and projects. Read more about the vulnerabilities in your groups, projects and pipelines. Read more about the
[Security Dashboard](../security_dashboard/index.md). [Security Dashboard](../security_dashboard/index.md).
## Interacting with the vulnerabilities ## Interacting with the vulnerabilities
......
...@@ -314,7 +314,7 @@ the report JSON unless stated otherwise. Presence of optional fields depends on ...@@ -314,7 +314,7 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
## Security Dashboard ## Security Dashboard
The Security Dashboard is a good place to get an overview of all the security The Security Dashboard is a good place to get an overview of all the security
vulnerabilities in your groups and projects. Read more about the vulnerabilities in your groups, projects and pipelines. Read more about the
[Security Dashboard](../security_dashboard/index.md). [Security Dashboard](../security_dashboard/index.md).
## Interacting with the vulnerabilities ## Interacting with the vulnerabilities
......
...@@ -333,20 +333,10 @@ CI/CD configuration file to turn it on. Results are available in the SAST report ...@@ -333,20 +333,10 @@ CI/CD configuration file to turn it on. Results are available in the SAST report
GitLab currently includes [Gitleaks](https://github.com/zricethezav/gitleaks) and [TruffleHog](https://github.com/dxa4481/truffleHog) checks. GitLab currently includes [Gitleaks](https://github.com/zricethezav/gitleaks) and [TruffleHog](https://github.com/dxa4481/truffleHog) checks.
## Security report under pipelines
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/3776)
in [GitLab Ultimate](https://about.gitlab.com/pricing) 10.6.
Visit any pipeline page which has a `sast` job and you will be able to see
the security report tab with the listed vulnerabilities (if any).
![Security Report](img/security_report.png)
## Security Dashboard ## Security Dashboard
The Security Dashboard is a good place to get an overview of all the security The Security Dashboard is a good place to get an overview of all the security
vulnerabilities in your groups and projects. Read more about the vulnerabilities in your groups, projects and pipelines. Read more about the
[Security Dashboard](../security_dashboard/index.md). [Security Dashboard](../security_dashboard/index.md).
## Interacting with the vulnerabilities ## Interacting with the vulnerabilities
......
...@@ -5,7 +5,7 @@ type: reference, howto ...@@ -5,7 +5,7 @@ type: reference, howto
# GitLab Security Dashboard **(ULTIMATE)** # GitLab Security Dashboard **(ULTIMATE)**
The Security Dashboard is a good place to get an overview of all the security The Security Dashboard is a good place to get an overview of all the security
vulnerabilities in your groups and projects. vulnerabilities in your groups, projects and pipelines.
You can also drill down into a vulnerability and get extra information, see which You can also drill down into a vulnerability and get extra information, see which
project it comes from, the file it's in, and various metadata to help you analyze project it comes from, the file it's in, and various metadata to help you analyze
...@@ -26,7 +26,7 @@ The Security Dashboard supports the following reports: ...@@ -26,7 +26,7 @@ The Security Dashboard supports the following reports:
## Requirements ## Requirements
To use the project or group security dashboard: To use the group, project or pipeline security dashboard:
1. At least one project inside a group must be configured with at least one of 1. At least one project inside a group must be configured with at least one of
the [supported reports](#supported-reports). the [supported reports](#supported-reports).
...@@ -34,6 +34,16 @@ To use the project or group security dashboard: ...@@ -34,6 +34,16 @@ To use the project or group security dashboard:
1. [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 or newer must be used. 1. [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 or newer must be used.
If you're using the shared Runners on GitLab.com, this is already the case. If you're using the shared Runners on GitLab.com, this is already the case.
## Pipeline Security Dashboard
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/13496) in [GitLab Ultimate](https://about.gitlab.com/pricing) 12.3.
At the pipeline level, the Security Dashboard displays the vulnerabilities present in the branch of the project the pipeline was run against.
Visit the page for any pipeline which has run any of the [supported reports](#supported-reports). Click the **Security** tab to view the Security Dashboard.
![Pipeline Security Dashboard](img/pipeline_security_dashboard_v12_3.png)
## Project Security Dashboard ## Project Security Dashboard
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/6165) in [GitLab Ultimate](https://about.gitlab.com/pricing) 11.1. > [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/6165) in [GitLab Ultimate](https://about.gitlab.com/pricing) 11.1.
...@@ -46,8 +56,7 @@ for your project. Use it to find and fix vulnerabilities affecting the ...@@ -46,8 +56,7 @@ for your project. Use it to find and fix vulnerabilities affecting the
## Group Security Dashboard ## Group Security Dashboard
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/6709) in > [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/6709) in [GitLab Ultimate](https://about.gitlab.com/pricing) 11.5.
> [GitLab Ultimate](https://about.gitlab.com/pricing) 11.5.
The group Security Dashboard gives an overview of the vulnerabilities of all the The group Security Dashboard gives an overview of the vulnerabilities of all the
projects in a group and its subgroups. projects in a group and its subgroups.
......
...@@ -98,7 +98,7 @@ back to both GitLab and GitHub when completed. ...@@ -98,7 +98,7 @@ back to both GitLab and GitHub when completed.
1. The result of the job will be visible directly from the pipeline view: 1. The result of the job will be visible directly from the pipeline view:
![security report](img/gemnasium/report.png) ![Security Dashboard](../../application_security/security_dashboard/img/pipeline_security_dashboard_v12_3.png)
NOTE: **Note:** NOTE: **Note:**
If you don't commit very often to your project, you may want to use If you don't commit very often to your project, you may want to use
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment