Merge branch 'docs-update-sast-failure-report' into 'master'

Improve documentation around SAST failures in pipeline See merge request gitlab-org/gitlab!29299

Merge branch 'docs-update-sast-failure-report' into 'master'
Improve documentation around SAST failures in pipeline See merge request gitlab-org/gitlab!29299
2edff148 · Russell Dickenson · 191b9600 · 8a3f6502 · 2edff148 · 2edff148
Commit 2edff148 authored Apr 26, 2020 by Russell Dickenson
3 changed files
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -51,6 +51,9 @@ However, DAST can be [configured](#full-scan)
 to also perform a so-called "active scan". That is, attack your application and produce a more extensive security report.
 It can be very useful combined with [Review Apps](../../../ci/review_apps/index.md).

+NOTE: **Note:**
+A pipeline may consist of multiple jobs, including SAST and DAST scanning. If any job fails to finish for any reason, the security dashboard will not show DAST scanner output. For example, if the DAST job finishes but the SAST job fails, the security dashboard will not show DAST results. The analyzer will output an [exit code](../../../development/integrations/secure.md#exit-code) on failure.
+
 ## Use cases

 It helps you automatically find security vulnerabilities in your running web

--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -36,6 +36,9 @@ The results are sorted by the priority of the vulnerability:
 1. Unknown
 1. Everything else

+NOTE: **Note:**
+A pipeline consists of multiple jobs, including SAST and DAST scanning. If any job fails to finish for any reason, the security dashboard will not show SAST scanner output. For example, if the SAST job finishes but the DAST job fails, the security dashboard will not show SAST results. The analyzer will output an [exit code](../../../development/integrations/secure.md#exit-code) on failure.
+
 ## Use cases

 - Your code has a potentially dangerous attribute in a class, or unsafe code

--- a/doc/user/application_security/security_dashboard/index.md
+++ b/doc/user/application_security/security_dashboard/index.md
@@ -44,6 +44,9 @@ Visit the page for any pipeline which has run any of the [supported reports](#su

 ![Pipeline Security Dashboard](img/pipeline_security_dashboard_v12_6.png)

+NOTE: **Note:**
+A pipeline consists of multiple jobs, including SAST and DAST scanning. If any job fails to finish for any reason, the security dashboard will not show SAST scanner output. For example, if the SAST job finishes but the DAST job fails, the security dashboard will not show SAST results. The analyzer will output an [exit code](../../../development/integrations/secure.md#exit-code) on failure.
+
 ## Project Security Dashboard

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/6165) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.1.