Merge branch...

Merge branch '335789-docs-validate-security-report-artifact-against-vendored-versions' into 'master'

Deprecate VALIDATE_SCHEMA configuration variable

See merge request gitlab-org/gitlab!82449

doc/development/integrations/secure.md

@@ -329,18 +329,40 @@ You can find the schemas for these scanners here:
 
 ### Enable report validation
 
-In GitLab 14.10 and later, report validation against the schemas is enabled. To enable report validation for versions earlier than 14.10,
-set [`VALIDATE_SCHEMA`](../../user/application_security/#enable-security-report-validation) to
-`"true"`.
+> [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/354928) in GitLab 14.9, and planned for removal in GitLab 15.0.
+DISCLAIMER:
+This page contains information related to upcoming products, features, and functionality.
+It is important to note that the information presented is for informational purposes only.
+Please do not rely on this information for purchasing or planning purposes.
+As with all projects, the items mentioned on this page are subject to change or delay.
+The development, release, and timing of any products, features, or functionality remain at the
+sole discretion of GitLab Inc.
+In GitLab 15.0 and later, report validation is enabled and enforced. Reports that fail validation
+are not ingested, and an error message displays on the corresponding pipeline.
 
-Reports that don't pass validation are not ingested by GitLab, and an error message
-displays on the corresponding pipeline.
+In GitLab 14.10 and later, report validation against the schemas is enabled but not enforced.
+Reports that fail validation are ingested but display a warning in the pipeline security tab.
 
-You should ensure that reports generated by the scanner pass validation against the schema version
-declared in your reports. GitLab uses the
+To enforce report validation for GitLab version 14.10 and earlier, set
+[`VALIDATE_SCHEMA`](../../user/application_security/#enable-security-report-validation) to `"true"`.
+
+### Report validation
+
+You must ensure that reports generated by the scanner pass validation against the schema version
+declared in your reports. Reports that don't pass validation are not ingested by GitLab, and an
+error message displays on the corresponding pipeline.
+
+Reports that use a deprecated version of the secure report schema are ingested but cause a warning
+message to display on the corresponding pipeline. If you see this warning, update your
+analyzer to use the latest available schemas.
+
+After the deprecation period for a schema version, the file is removed from GitLab. Reports that
+declare removed versions are rejected, and an error message displays on the corresponding pipeline.
+
+GitLab uses the
 [`json_schemer`](https://www.rubydoc.info/gems/json_schemer) gem to perform validation.
 
-Ongoing improvements to report validation is tracked [in this epic](https://gitlab.com/groups/gitlab-org/-/epics/6968).
+Ongoing improvements to report validation are tracked [in this epic](https://gitlab.com/groups/gitlab-org/-/epics/6968).
 In the meantime, you can see which versions are supported in the
 [source code](https://gitlab.com/gitlab-org/gitlab/-/blob/08dd756429731a0cca1e27ca9d59eea226398a7d/lib/gitlab/ci/parsers/security/validators/schema_validator.rb#L9-27).
 

doc/user/application_security/index.md

@@ -395,6 +395,8 @@ any report artifacts that failed validation.
 
 ### Enable security report validation
 
+> [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/354928) in GitLab 14.9, and planned for removal in GitLab 15.0.
+
 To enable report artifacts validation, set the `VALIDATE_SCHEMA` environment variable to `"true"`
 for the desired jobs in the `.gitlab-ci.yml` file.