Commit 20c92d49 authored by Craig Norris's avatar Craig Norris

Remove old GitLab vers from Static Analysis docs

parent 064131ae
...@@ -6,8 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w ...@@ -6,8 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# SAST Analyzers **(FREE)** # SAST Analyzers **(FREE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3. > [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.
> - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.
SAST relies on underlying third party tools that are wrapped into what we call SAST relies on underlying third party tools that are wrapped into what we call
"Analyzers". An analyzer is a "Analyzers". An analyzer is a
......
...@@ -2,13 +2,11 @@ ...@@ -2,13 +2,11 @@
stage: Secure stage: Secure
group: Static Analysis group: Static Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
type: reference, howto
--- ---
# Static Application Security Testing (SAST) **(FREE)** # Static Application Security Testing (SAST) **(FREE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3775) in GitLab 10.3. > All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.
> - All open source (OSS) analyzers were moved from GitLab Ultimate to GitLab Free in GitLab 13.3.
NOTE: NOTE:
The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/) The whitepaper ["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
...@@ -168,10 +166,9 @@ To configure SAST for a project you can: ...@@ -168,10 +166,9 @@ To configure SAST for a project you can:
### Configure SAST manually ### Configure SAST manually
For GitLab 11.9 and later, to enable SAST you must [include](../../../ci/yaml/index.md#includetemplate) To enable SAST you must [include](../../../ci/yaml/index.md#includetemplate)
the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
provided as a part of your GitLab installation. For GitLab versions earlier than 11.9, you provided as a part of your GitLab installation.
can copy and use the job as defined that template.
Add the following to your `.gitlab-ci.yml` file: Add the following to your `.gitlab-ci.yml` file:
......
--- ---
type: reference, howto
stage: Secure stage: Secure
group: Static Analysis group: Static Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
...@@ -7,15 +6,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w ...@@ -7,15 +6,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
# Secret Detection **(FREE)** # Secret Detection **(FREE)**
> - [Introduced](https://about.gitlab.com/releases/2019/03/22/gitlab-11-9-released/#detect-secrets-and-credentials-in-the-repository) in GitLab 11.9. > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) from GitLab Ultimate to GitLab Free in 13.3.
A recurring problem when developing applications is that developers may unintentionally commit A recurring problem when developing applications is that developers may unintentionally commit
secrets and credentials to their remote repositories. If other people have access to the source, secrets and credentials to their remote repositories. If other people have access to the source,
or if the project is public, the sensitive information is then exposed and can be leveraged by or if the project is public, the sensitive information is then exposed and can be leveraged by
malicious users to gain access to resources like deployment environments. malicious users to gain access to resources like deployment environments.
GitLab 11.9 includes a new check called Secret Detection. It scans the content of the repository GitLab includes a check called Secret Detection. It scans the content of the repository
to find API keys and other information that should not be there. to find API keys and other information that should not be there.
GitLab displays identified secrets visibly in a few places: GitLab displays identified secrets visibly in a few places:
......
...@@ -2,13 +2,11 @@ ...@@ -2,13 +2,11 @@
stage: Secure stage: Secure
group: Static Analysis group: Static Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
type: reference, howto
--- ---
# Code Quality **(FREE)** # Code Quality **(FREE)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in GitLab 9.3. > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2.
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.
To ensure your project's code stays simple, readable, and easy to contribute to, To ensure your project's code stays simple, readable, and easy to contribute to,
you can use [GitLab CI/CD](../../../ci/index.md) to analyze your source code quality. you can use [GitLab CI/CD](../../../ci/index.md) to analyze your source code quality.
...@@ -32,8 +30,7 @@ Code Quality: ...@@ -32,8 +30,7 @@ Code Quality:
## Code Quality Widget ## Code Quality Widget
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/1984) in GitLab 9.3. > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2.
> - Made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) in 13.2.
Going a step further, GitLab can show the Code Quality report right Going a step further, GitLab can show the Code Quality report right
in the merge request widget area if a report from the target branch is available to compare to: in the merge request widget area if a report from the target branch is available to compare to:
...@@ -69,9 +66,6 @@ the merge request's diff view displays an indicator next to lines with new Code ...@@ -69,9 +66,6 @@ the merge request's diff view displays an indicator next to lines with new Code
## Example configuration ## Example configuration
This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker. This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker.
It requires GitLab 11.11 or later, and GitLab Runner 11.5 or later. If you are using
GitLab 11.4 or earlier, you can view the deprecated job definitions in the
[documentation archive](https://docs.gitlab.com/12.10/ee/user/project/merge_requests/code_quality.html#previous-job-definitions).
- Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker). - Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../../../ci/docker/using_docker_build.md#use-the-docker-executor-with-the-docker-image-docker-in-docker).
- Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently. - Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment