Commit 25b46820 authored by Olivier Gonzalez's avatar Olivier Gonzalez Committed by Achilleas Pipinellis

Add documentation for Dependency Scanning feature

parent 9ce6169a
...@@ -49,6 +49,10 @@ There's also a collection of repositories with [example projects](https://gitlab ...@@ -49,6 +49,10 @@ There's also a collection of repositories with [example projects](https://gitlab
**(Ultimate)** [Scan your code for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/sast.html) **(Ultimate)** [Scan your code for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/sast.html)
## Dependency Scanning
**(Ultimate)** [Scan your dependencies for vulnerabilities](https://docs.gitlab.com/ee/ci/examples/dependency_scanning.html)
## Container Scanning ## Container Scanning
[Scan your Docker images for vulnerabilities](container_scanning.md) [Scan your Docker images for vulnerabilities](container_scanning.md)
......
...@@ -20,6 +20,7 @@ project in an easy and automatic way: ...@@ -20,6 +20,7 @@ project in an easy and automatic way:
1. [Auto Test](#auto-test) 1. [Auto Test](#auto-test)
1. [Auto Code Quality](#auto-code-quality) 1. [Auto Code Quality](#auto-code-quality)
1. [Auto SAST (Static Application Security Testing)](#auto-sast) 1. [Auto SAST (Static Application Security Testing)](#auto-sast)
1. [Auto Dependency Scanning](#auto-dependency-scanning)
1. [Auto Container Scanning](#auto-container-scanning) 1. [Auto Container Scanning](#auto-container-scanning)
1. [Auto Review Apps](#auto-review-apps) 1. [Auto Review Apps](#auto-review-apps)
1. [Auto DAST (Dynamic Application Security Testing)](#auto-dast) 1. [Auto DAST (Dynamic Application Security Testing)](#auto-dast)
...@@ -209,7 +210,7 @@ target branches are also ...@@ -209,7 +210,7 @@ target branches are also
> Introduced in [GitLab Ultimate][ee] 10.3. > Introduced in [GitLab Ultimate][ee] 10.3.
Static Application Security Testing (SAST) uses the Static Application Security Testing (SAST) uses the
[gl-sast Docker image](https://gitlab.com/gitlab-org/gl-sast) to run static [SAST Docker image](https://gitlab.com/gitlab-org/security-products/sast) to run static
analysis on the current code and checks for potential security issues. Once the analysis on the current code and checks for potential security issues. Once the
report is created, it's uploaded as an artifact which you can later download and report is created, it's uploaded as an artifact which you can later download and
check out. check out.
...@@ -217,6 +218,19 @@ check out. ...@@ -217,6 +218,19 @@ check out.
In GitLab Ultimate, any security warnings are also In GitLab Ultimate, any security warnings are also
[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html). [shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/sast.html).
### Auto Dependency Scanning
> Introduced in [GitLab Ultimate][ee] 10.7.
Dependency Scanning uses the
[Dependency Scanning Docker image](https://gitlab.com/gitlab-org/security-products/dependency-scanning)
to run analysis on the project dependencies and checks for potential security issues. Once the
report is created, it's uploaded as an artifact which you can later download and
check out.
In GitLab Ultimate, any security warnings are also
[shown in the merge request widget](https://docs.gitlab.com/ee/user/project/merge_requests/dependency_scanning.html).
### Auto Container Scanning ### Auto Container Scanning
> Introduced in GitLab 10.4. > Introduced in GitLab 10.4.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment