Commit 06de4db1 authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre

Merge branch 'secure-ci-template-standard-variable-note' into 'master'

Copy edit variables comments in Secure CI templates

See merge request gitlab-org/gitlab!62274
parents 33e92506 d4f0216a
...@@ -102,7 +102,7 @@ How you enable container scanning depends on your GitLab version: ...@@ -102,7 +102,7 @@ How you enable container scanning depends on your GitLab version:
`container_scanning` job's [`before_script`](../../../ci/yaml/README.md#before_script) `container_scanning` job's [`before_script`](../../../ci/yaml/README.md#before_script)
and [`after_script`](../../../ci/yaml/README.md#after_script) and [`after_script`](../../../ci/yaml/README.md#after_script)
blocks may not work with the new version. To roll back to the previous [`alpine:3.11.3`](https://hub.docker.com/_/alpine)-based blocks may not work with the new version. To roll back to the previous [`alpine:3.11.3`](https://hub.docker.com/_/alpine)-based
Docker image, you can specify the major version through the [`CS_MAJOR_VERSION`](#available-variables) Docker image, you can specify the major version through the [`CS_MAJOR_VERSION`](#available-cicd-variables)
variable. variable.
- GitLab 13.9 [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/322656) integration with - GitLab 13.9 [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/322656) integration with
[Trivy](https://github.com/aquasecurity/trivy) by upgrading `CS_MAJOR_VERSION` from `3` to `4`. [Trivy](https://github.com/aquasecurity/trivy) by upgrading `CS_MAJOR_VERSION` from `3` to `4`.
...@@ -159,7 +159,7 @@ include: ...@@ -159,7 +159,7 @@ include:
There may be cases where you want to customize how GitLab scans your containers. For example, you There may be cases where you want to customize how GitLab scans your containers. For example, you
may want to enable more verbose output, access a Docker registry that requires may want to enable more verbose output, access a Docker registry that requires
authentication, and more. To change such settings, use the [`variables`](../../../ci/yaml/README.md#variables) authentication, and more. To change such settings, use the [`variables`](../../../ci/yaml/README.md#variables)
parameter in your `.gitlab-ci.yml` to set [CI/CD variables](#available-variables). parameter in your `.gitlab-ci.yml` to set [CI/CD variables](#available-cicd-variables).
The variables you set in your `.gitlab-ci.yml` overwrite those in The variables you set in your `.gitlab-ci.yml` overwrite those in
`Container-Scanning.gitlab-ci.yml`. `Container-Scanning.gitlab-ci.yml`.
...@@ -201,7 +201,7 @@ variables: ...@@ -201,7 +201,7 @@ variables:
make a change to this heading, make sure to update the documentation URLs used in the" make a change to this heading, make sure to update the documentation URLs used in the"
container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)" --> container scanning tool (https://gitlab.com/gitlab-org/security-products/analyzers/klar)" -->
#### Available variables #### Available CI/CD variables
You can [configure](#customizing-the-container-scanning-settings) both analyzers by using the following CI/CD variables: You can [configure](#customizing-the-container-scanning-settings) both analyzers by using the following CI/CD variables:
...@@ -289,7 +289,7 @@ taking the following steps: ...@@ -289,7 +289,7 @@ taking the following steps:
that instead of overriding this variable, you can use `CS_MAJOR_VERSION`. that instead of overriding this variable, you can use `CS_MAJOR_VERSION`.
1. Remove any variables that are only applicable to Clair. For a complete list of these variables, 1. Remove any variables that are only applicable to Clair. For a complete list of these variables,
see the [available variables](#available-variables). see the [available variables](#available-cicd-variables).
1. Make any [necessary customizations](#customizing-the-container-scanning-settings) to the 1. Make any [necessary customizations](#customizing-the-container-scanning-settings) to the
`Trivy` scanner. We strongly recommended that you minimize customizations, as they `Trivy` scanner. We strongly recommended that you minimize customizations, as they
might require changes in future GitLab major releases. might require changes in future GitLab major releases.
...@@ -711,7 +711,7 @@ Some vulnerabilities can be fixed by applying the solution that GitLab ...@@ -711,7 +711,7 @@ Some vulnerabilities can be fixed by applying the solution that GitLab
automatically generates. automatically generates.
To enable remediation support, the scanning tool _must_ have access to the `Dockerfile` specified by To enable remediation support, the scanning tool _must_ have access to the `Dockerfile` specified by
the [`DOCKERFILE_PATH`](#available-variables) CI/CD variable. To ensure that the scanning tool the [`DOCKERFILE_PATH`](#available-cicd-variables) CI/CD variable. To ensure that the scanning tool
has access to this has access to this
file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/runners/README.md#git-strategy) in file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/runners/README.md#git-strategy) in
your `.gitlab-ci.yml` file by following the instructions described in this document's your `.gitlab-ci.yml` file by following the instructions described in this document's
......
...@@ -44,7 +44,7 @@ dast: ...@@ -44,7 +44,7 @@ dast:
DAST_BROWSER_SCAN: "true" DAST_BROWSER_SCAN: "true"
``` ```
### Available variables ### Available CI/CD variables
The browser-based crawler can be configured using CI/CD variables. The browser-based crawler can be configured using CI/CD variables.
...@@ -72,7 +72,7 @@ The browser-based crawler can be configured using CI/CD variables. ...@@ -72,7 +72,7 @@ The browser-based crawler can be configured using CI/CD variables.
| `DAST_BROWSER_AUTH_VERIFICATION_SELECTOR` | selector | `css:.user-photo` | Verifies successful authentication by checking for presence of a selector once the login form has been submitted. | | `DAST_BROWSER_AUTH_VERIFICATION_SELECTOR` | selector | `css:.user-photo` | Verifies successful authentication by checking for presence of a selector once the login form has been submitted. |
| `DAST_BROWSER_AUTH_VERIFICATION_LOGIN_FORM` | boolean | `true` | Verifies successful authentication by checking for the lack of a login form once the login form has been submitted. | | `DAST_BROWSER_AUTH_VERIFICATION_LOGIN_FORM` | boolean | `true` | Verifies successful authentication by checking for the lack of a login form once the login form has been submitted. |
The [DAST variables](index.md#available-variables) `SECURE_ANALYZERS_PREFIX`, `DAST_FULL_SCAN_ENABLED`, `DAST_AUTO_UPDATE_ADDONS`, `DAST_EXCLUDE_RULES`, `DAST_REQUEST_HEADERS`, `DAST_HTML_REPORT`, `DAST_MARKDOWN_REPORT`, `DAST_XML_REPORT`, The [DAST variables](index.md#available-cicd-variables) `SECURE_ANALYZERS_PREFIX`, `DAST_FULL_SCAN_ENABLED`, `DAST_AUTO_UPDATE_ADDONS`, `DAST_EXCLUDE_RULES`, `DAST_REQUEST_HEADERS`, `DAST_HTML_REPORT`, `DAST_MARKDOWN_REPORT`, `DAST_XML_REPORT`,
`DAST_INCLUDE_ALPHA_VULNERABILITIES`, `DAST_PATHS_FILE`, `DAST_PATHS`, `DAST_ZAP_CLI_OPTIONS`, and `DAST_ZAP_LOG_CONFIGURATION` are also compatible with browser-based crawler scans. `DAST_INCLUDE_ALPHA_VULNERABILITIES`, `DAST_PATHS_FILE`, `DAST_PATHS`, `DAST_ZAP_CLI_OPTIONS`, and `DAST_ZAP_LOG_CONFIGURATION` are also compatible with browser-based crawler scans.
#### Selectors #### Selectors
...@@ -284,9 +284,9 @@ This can come at a cost of increased scan time. ...@@ -284,9 +284,9 @@ This can come at a cost of increased scan time.
You can manage the trade-off between coverage and scan time with the following measures: You can manage the trade-off between coverage and scan time with the following measures:
- Limit the number of actions executed by the browser with the [variable](#available-variables) `DAST_BROWSER_MAX_ACTIONS`. The default is `10,000`. - Limit the number of actions executed by the browser with the [variable](#available-cicd-variables) `DAST_BROWSER_MAX_ACTIONS`. The default is `10,000`.
- Limit the page depth that the browser-based crawler will check coverage on with the [variable](#available-variables) `DAST_BROWSER_MAX_DEPTH`. The crawler uses a breadth-first search strategy, so pages with smaller depth are crawled first. The default is `10`. - Limit the page depth that the browser-based crawler will check coverage on with the [variable](#available-cicd-variables) `DAST_BROWSER_MAX_DEPTH`. The crawler uses a breadth-first search strategy, so pages with smaller depth are crawled first. The default is `10`.
- Vertically scaling the runner and using a higher number of browsers with [variable](#available-variables) `DAST_BROWSER_NUMBER_OF_BROWSERS`. The default is `3`. - Vertically scaling the runner and using a higher number of browsers with [variable](#available-cicd-variables) `DAST_BROWSER_NUMBER_OF_BROWSERS`. The default is `3`.
## Debugging scans using logging ## Debugging scans using logging
......
...@@ -270,7 +270,7 @@ authorization credentials. By default, the following headers are masked: ...@@ -270,7 +270,7 @@ authorization credentials. By default, the following headers are masked:
- `Set-Cookie` (values only). - `Set-Cookie` (values only).
- `Cookie` (values only). - `Cookie` (values only).
Using the [`DAST_MASK_HTTP_HEADERS` CI/CD variable](#available-variables), you can list the Using the [`DAST_MASK_HTTP_HEADERS` CI/CD variable](#available-cicd-variables), you can list the
headers whose values you want masked. For details on how to mask headers, see headers whose values you want masked. For details on how to mask headers, see
[Customizing the DAST settings](#customizing-the-dast-settings). [Customizing the DAST settings](#customizing-the-dast-settings).
...@@ -348,7 +348,7 @@ and potentially damage them. You could even take down your production environmen ...@@ -348,7 +348,7 @@ and potentially damage them. You could even take down your production environmen
For that reason, you should use domain validation. For that reason, you should use domain validation.
Domain validation is not required by default. It can be required by setting the Domain validation is not required by default. It can be required by setting the
[CI/CD variable](#available-variables) `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` to `"true"`. [CI/CD variable](#available-cicd-variables) `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` to `"true"`.
```yaml ```yaml
include: include:
...@@ -661,7 +661,7 @@ is no longer supported. When overriding the template, you must use [`rules`](../ ...@@ -661,7 +661,7 @@ is no longer supported. When overriding the template, you must use [`rules`](../
The DAST settings can be changed through CI/CD variables by using the The DAST settings can be changed through CI/CD variables by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
These variables are documented in [available variables](#available-variables). These variables are documented in [available variables](#available-cicd-variables).
For example: For example:
...@@ -677,7 +677,7 @@ variables: ...@@ -677,7 +677,7 @@ variables:
Because the template is [evaluated before](../../../ci/yaml/README.md#include) the pipeline Because the template is [evaluated before](../../../ci/yaml/README.md#include) the pipeline
configuration, the last mention of the variable takes precedence. configuration, the last mention of the variable takes precedence.
### Available variables ### Available CI/CD variables
DAST can be [configured](#customizing-the-dast-settings) using CI/CD variables. DAST can be [configured](#customizing-the-dast-settings) using CI/CD variables.
......
...@@ -112,7 +112,7 @@ always take the latest dependency scanning artifact available. ...@@ -112,7 +112,7 @@ always take the latest dependency scanning artifact available.
### Customizing the dependency scanning settings ### Customizing the dependency scanning settings
The dependency scanning settings can be changed through [CI/CD variables](#available-variables) by using the The dependency scanning settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
For example: For example:
...@@ -157,7 +157,7 @@ gemnasium-dependency_scanning: ...@@ -157,7 +157,7 @@ gemnasium-dependency_scanning:
dependencies: ["build"] dependencies: ["build"]
``` ```
### Available variables ### Available CI/CD variables
Dependency scanning can be [configured](#customizing-the-dependency-scanning-settings) Dependency scanning can be [configured](#customizing-the-dependency-scanning-settings)
using environment variables. using environment variables.
......
...@@ -48,7 +48,7 @@ GitLab, but users can also integrate their own **custom images**. ...@@ -48,7 +48,7 @@ GitLab, but users can also integrate their own **custom images**.
For an analyzer to be considered Generally Available, it is expected to minimally For an analyzer to be considered Generally Available, it is expected to minimally
support the following features: support the following features:
- [Customizable configuration](index.md#available-variables) - [Customizable configuration](index.md#available-cicd-variables)
- [Customizable rulesets](index.md#customize-rulesets) - [Customizable rulesets](index.md#customize-rulesets)
- [Scan projects](index.md#supported-languages-and-frameworks) - [Scan projects](index.md#supported-languages-and-frameworks)
- [Multi-project support](index.md#multi-project-support) - [Multi-project support](index.md#multi-project-support)
......
...@@ -202,7 +202,7 @@ page: ...@@ -202,7 +202,7 @@ page:
### Customizing the SAST settings ### Customizing the SAST settings
The SAST settings can be changed through [CI/CD variables](#available-variables) The SAST settings can be changed through [CI/CD variables](#available-cicd-variables)
by using the by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
In the following example, we include the SAST template and at the same time we In the following example, we include the SAST template and at the same time we
...@@ -411,7 +411,7 @@ the vendored directory. This configuration can vary per analyzer but in the case ...@@ -411,7 +411,7 @@ the vendored directory. This configuration can vary per analyzer but in the case
can use `MAVEN_REPO_PATH`. See can use `MAVEN_REPO_PATH`. See
[Analyzer settings](#analyzer-settings) for the complete list of available options. [Analyzer settings](#analyzer-settings) for the complete list of available options.
### Available variables ### Available CI/CD variables
SAST can be [configured](#customizing-the-sast-settings) using CI/CD variables. SAST can be [configured](#customizing-the-sast-settings) using CI/CD variables.
......
...@@ -160,7 +160,7 @@ that you can review and merge to complete the configuration. ...@@ -160,7 +160,7 @@ that you can review and merge to complete the configuration.
### Customizing settings ### Customizing settings
The Secret Detection scan settings can be changed through [CI/CD variables](#available-variables) The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables)
by using the by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
...@@ -196,7 +196,7 @@ secret_detection: ...@@ -196,7 +196,7 @@ secret_detection:
Because the template is [evaluated before](../../../ci/yaml/README.md#include) Because the template is [evaluated before](../../../ci/yaml/README.md#include)
the pipeline configuration, the last mention of the variable takes precedence. the pipeline configuration, the last mention of the variable takes precedence.
#### Available variables #### Available CI/CD variables
Secret Detection can be customized by defining available CI/CD variables: Secret Detection can be customized by defining available CI/CD variables:
...@@ -298,7 +298,7 @@ want to perform a full secret scan. Running a secret scan on the full history ca ...@@ -298,7 +298,7 @@ want to perform a full secret scan. Running a secret scan on the full history ca
especially for larger repositories with lengthy Git histories. We recommend not setting this CI/CD variable especially for larger repositories with lengthy Git histories. We recommend not setting this CI/CD variable
as part of your normal job definition. as part of your normal job definition.
A new configuration variable ([`SECRET_DETECTION_HISTORIC_SCAN`](#available-variables)) A new configuration variable ([`SECRET_DETECTION_HISTORIC_SCAN`](#available-cicd-variables))
can be set to change the behavior of the GitLab Secret Detection scan to run on the entire Git history of a repository. can be set to change the behavior of the GitLab Secret Detection scan to run on the entire Git history of a repository.
We have created a [short video walkthrough](https://youtu.be/wDtc_K00Y0A) showcasing how you can perform a full history secret scan. We have created a [short video walkthrough](https://youtu.be/wDtc_K00Y0A) showcasing how you can perform a full history secret scan.
......
...@@ -121,7 +121,7 @@ always take the latest License Compliance artifact available. Behind the scenes, ...@@ -121,7 +121,7 @@ always take the latest License Compliance artifact available. Behind the scenes,
[GitLab License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder) [GitLab License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder)
is used to detect the languages/frameworks and in turn analyzes the licenses. is used to detect the languages/frameworks and in turn analyzes the licenses.
The License Compliance settings can be changed through [CI/CD variables](#available-variables) by using the The License Compliance settings can be changed through [CI/CD variables](#available-cicd-variables) by using the
[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. [`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`.
### When License Compliance runs ### When License Compliance runs
...@@ -129,7 +129,7 @@ The License Compliance settings can be changed through [CI/CD variables](#availa ...@@ -129,7 +129,7 @@ The License Compliance settings can be changed through [CI/CD variables](#availa
When using the GitLab `License-Scanning.gitlab-ci.yml` template, the License Compliance job doesn't When using the GitLab `License-Scanning.gitlab-ci.yml` template, the License Compliance job doesn't
wait for other stages to complete. wait for other stages to complete.
### Available variables ### Available CI/CD variables
License Compliance can be configured using CI/CD variables. License Compliance can be configured using CI/CD variables.
...@@ -265,11 +265,11 @@ license_scanning: ...@@ -265,11 +265,11 @@ license_scanning:
### Custom root certificates for Python ### Custom root certificates for Python
You can supply a custom root certificate to complete TLS verification by using the You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables). `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
#### Using private Python repositories #### Using private Python repositories
If you have a private Python repository you can use the `PIP_INDEX_URL` [CI/CD variable](#available-variables) If you have a private Python repository you can use the `PIP_INDEX_URL` [CI/CD variable](#available-cicd-variables)
to specify its location. to specify its location.
### Configuring npm projects ### Configuring npm projects
...@@ -292,7 +292,7 @@ registry = https://npm.example.com ...@@ -292,7 +292,7 @@ registry = https://npm.example.com
#### Custom root certificates for npm #### Custom root certificates for npm
You can supply a custom root certificate to complete TLS verification by using the You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables). `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
To disable TLS verification you can provide the [`strict-ssl`](https://docs.npmjs.com/using-npm/config/#strict-ssl) To disable TLS verification you can provide the [`strict-ssl`](https://docs.npmjs.com/using-npm/config/#strict-ssl)
setting. setting.
...@@ -323,7 +323,7 @@ npmRegistryServer: "https://npm.example.com" ...@@ -323,7 +323,7 @@ npmRegistryServer: "https://npm.example.com"
#### Custom root certificates for Yarn #### Custom root certificates for Yarn
You can supply a custom root certificate to complete TLS verification by using the You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables). `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
### Configuring Bower projects ### Configuring Bower projects
...@@ -347,7 +347,7 @@ For example: ...@@ -347,7 +347,7 @@ For example:
#### Custom root certificates for Bower #### Custom root certificates for Bower
You can supply a custom root certificate to complete TLS verification by using the You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables), or by `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
specifying a `ca` setting in a [`.bowerrc`](https://bower.io/docs/config/#bowerrc-specification) specifying a `ca` setting in a [`.bowerrc`](https://bower.io/docs/config/#bowerrc-specification)
file. file.
...@@ -368,7 +368,7 @@ source "https://gems.example.com" ...@@ -368,7 +368,7 @@ source "https://gems.example.com"
#### Custom root certificates for Bundler #### Custom root certificates for Bundler
You can supply a custom root certificate to complete TLS verification by using the You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables), or by `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
specifying a [`BUNDLE_SSL_CA_CERT`](https://bundler.io/v2.0/man/bundle-config.1.html) specifying a [`BUNDLE_SSL_CA_CERT`](https://bundler.io/v2.0/man/bundle-config.1.html)
[variable](../../../ci/variables/README.md#custom-cicd-variables) [variable](../../../ci/variables/README.md#custom-cicd-variables)
in the job definition. in the job definition.
...@@ -392,7 +392,7 @@ my-registry = { index = "https://my-intranet:8080/git/index" } ...@@ -392,7 +392,7 @@ my-registry = { index = "https://my-intranet:8080/git/index" }
To supply a custom root certificate to complete TLS verification, do one of the following: To supply a custom root certificate to complete TLS verification, do one of the following:
- Use the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables). - Use the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
- Specify a [`CARGO_HTTP_CAINFO`](https://doc.rust-lang.org/cargo/reference/environment-variables.html) - Specify a [`CARGO_HTTP_CAINFO`](https://doc.rust-lang.org/cargo/reference/environment-variables.html)
[variable](../../../ci/variables/README.md#custom-cicd-variables) [variable](../../../ci/variables/README.md#custom-cicd-variables)
in the job definition. in the job definition.
...@@ -425,7 +425,7 @@ For example: ...@@ -425,7 +425,7 @@ For example:
#### Custom root certificates for Composer #### Custom root certificates for Composer
You can supply a custom root certificate to complete TLS verification by using the You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables), or by `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by
specifying a [`COMPOSER_CAFILE`](https://getcomposer.org/doc/03-cli.md#composer-cafile) specifying a [`COMPOSER_CAFILE`](https://getcomposer.org/doc/03-cli.md#composer-cafile)
[variable](../../../ci/variables/README.md#custom-cicd-variables) [variable](../../../ci/variables/README.md#custom-cicd-variables)
in the job definition. in the job definition.
...@@ -499,7 +499,7 @@ You can provide custom certificates by adding a `.conan/cacert.pem` file to the ...@@ -499,7 +499,7 @@ You can provide custom certificates by adding a `.conan/cacert.pem` file to the
setting [`CA_CERT_PATH`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-cacert-path) setting [`CA_CERT_PATH`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-cacert-path)
to `.conan/cacert.pem`. to `.conan/cacert.pem`.
If you specify the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables), this If you specify the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), this
variable's X.509 certificates are installed in the Docker image's default trust store and Conan is variable's X.509 certificates are installed in the Docker image's default trust store and Conan is
configured to use this as the default `CA_CERT_PATH`. configured to use this as the default `CA_CERT_PATH`.
...@@ -507,7 +507,7 @@ configured to use this as the default `CA_CERT_PATH`. ...@@ -507,7 +507,7 @@ configured to use this as the default `CA_CERT_PATH`.
To configure [Go modules](https://github.com/golang/go/wiki/Modules) To configure [Go modules](https://github.com/golang/go/wiki/Modules)
based projects, specify [CI/CD variables](https://golang.org/pkg/cmd/go/#hdr-Environment_variables) based projects, specify [CI/CD variables](https://golang.org/pkg/cmd/go/#hdr-Environment_variables)
in the `license_scanning` job's [variables](#available-variables) section in `.gitlab-ci.yml`. in the `license_scanning` job's [variables](#available-cicd-variables) section in `.gitlab-ci.yml`.
If a project has [vendored](https://golang.org/pkg/cmd/go/#hdr-Vendor_Directories) its modules, If a project has [vendored](https://golang.org/pkg/cmd/go/#hdr-Vendor_Directories) its modules,
then the combination of the `vendor` directory and `mod.sum` file are used to detect the software then the combination of the `vendor` directory and `mod.sum` file are used to detect the software
...@@ -556,7 +556,7 @@ For example: ...@@ -556,7 +556,7 @@ For example:
#### Custom root certificates for NuGet #### Custom root certificates for NuGet
You can supply a custom root certificate to complete TLS verification by using the You can supply a custom root certificate to complete TLS verification by using the
`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-variables). `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables).
### Migration from `license_management` to `license_scanning` ### Migration from `license_management` to `license_scanning`
...@@ -816,7 +816,7 @@ license_scanning: ...@@ -816,7 +816,7 @@ license_scanning:
ASDF_RUBY_VERSION: '2.7.2' ASDF_RUBY_VERSION: '2.7.2'
``` ```
A full list of variables can be found in [CI/CD variables](#available-variables). A full list of variables can be found in [CI/CD variables](#available-cicd-variables).
To find out what tools are pre-installed in the `license_scanning` Docker image use the following command: To find out what tools are pre-installed in the `license_scanning` Docker image use the following command:
......
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/
# Configure the scanning tool through the environment variables. # Configure API fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-variables # List of available variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-cicd-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
stages: stages:
- build - build
......
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/
# Configure the scanning tool through the environment variables. # Configure API fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-variables # List of available variables: https://docs.gitlab.com/ee/user/application_security/api_fuzzing/#available-cicd-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables: variables:
FUZZAPI_VERSION: "1" FUZZAPI_VERSION: "1"
......
...@@ -10,7 +10,8 @@ ...@@ -10,7 +10,8 @@
# - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the # - For auto-remediation, a readable Dockerfile in the root of the project or as defined by the
# DOCKERFILE_PATH variable. # DOCKERFILE_PATH variable.
# #
# For more information, see https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables # Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
variables: variables:
# Setting this variable will affect all Security templates (e.g.: SAST, Dependency Scanning) # Setting this variable will affect all Security templates (e.g.: SAST, Dependency Scanning)
......
# Read more about this feature https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing # Read more about this feature https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing
# Configure the fuzzing tool through the environment variables. # Configure coverage fuzzing with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#available-cicd-variables # List of available variables: https://docs.gitlab.com/ee/user/application_security/coverage_fuzzing/#available-cicd-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables: variables:
# Which branch we want to run full fledged long running fuzzing jobs. # Which branch we want to run full fledged long running fuzzing jobs.
......
...@@ -13,9 +13,8 @@ ...@@ -13,9 +13,8 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html
# Configure the scanning tool with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html) # Configure DAST API scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of variables available to configure the DAST API scanning tool: # List of available variables: https://docs.gitlab.com/ee/user/application_security/dast_api/index.html#available-cicd-variables
# https://docs.gitlab.com/ee/user/application_security/dast_api/index.html#available-cicd-variables
variables: variables:
# Setting this variable affects all Security templates # Setting this variable affects all Security templates
......
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
# Configure the scanning tool through the environment variables. # Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables # List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
stages: stages:
- build - build
......
...@@ -13,9 +13,8 @@ ...@@ -13,9 +13,8 @@
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
# Configure the scanning tool through the environment variables. # Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables # List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables: variables:
DAST_VERSION: 1 DAST_VERSION: 1
......
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
# #
# Configure the scanning tool through the environment variables. # Configure dependency scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://gitlab.com/gitlab-org/security-products/dependency-scanning#settings # List of available variables: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables: variables:
# Setting this variable will affect all Security templates # Setting this variable will affect all Security templates
......
# Read more about this feature here: https://docs.gitlab.com/ee/user/compliance/license_compliance/index.html # Read more about this feature here: https://docs.gitlab.com/ee/user/compliance/license_compliance/index.html
# #
# Configure the scanning tool through the environment variables. # Configure license scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://gitlab.com/gitlab-org/security-products/analyzers/license-finder#settings # List of available variables: https://docs.gitlab.com/ee/user/compliance/license_compliance/#available-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables: variables:
# Setting this variable will affect all Security templates # Setting this variable will affect all Security templates
......
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/sast/
# #
# Configure the scanning tool through the environment variables. # Configure SAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://gitlab.com/gitlab-org/security-products/sast#settings # List of available variables: https://docs.gitlab.com/ee/user/application_security/sast/index.html#available-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables: variables:
# Setting this variable will affect all Security templates # Setting this variable will affect all Security templates
......
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/secret_detection # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/secret_detection
# #
# Configure the scanning tool through the environment variables. # Configure secret detection with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of the variables: https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-variables # List of available variables: https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-variables
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
variables: variables:
SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment