Merge branch 'eread/refactor-reports-keyword-table' into 'master'

Refactor reports keyword table

See merge request gitlab-org/gitlab!73125

doc/ci/yaml/index.md

@@ -446,7 +446,7 @@ include:
   so you can only include public projects or templates.
 - Be careful when including a remote CI/CD configuration file. No pipelines or notifications
   trigger when external CI/CD configuration files change. From a security perspective,
-  this is similar to pulling a third party dependency.
+  this is similar to pulling a third-party dependency.
 
 #### `include:template`
 
@@ -2979,45 +2979,37 @@ artifacts:
 
 Use [`artifacts:reports`](#artifactsreports) to:
 
-- Collect test reports, code quality reports, and security reports from jobs.
-- Expose these reports in merge requests, pipeline views, and security dashboards.
+- Collect test reports, code quality reports, security reports, and other artifacts generated by included templates in
+  jobs.
+- Some of these reports are used to display information in:
+  - Merge requests.
+  - Pipeline views.
+  - [Security dashboards](../../user/application_security/security_dashboard/index.md).
 
 The test reports are collected regardless of the job results (success or failure).
 You can use [`artifacts:expire_in`](#artifactsexpire_in) to set up an expiration
 date for their artifacts.
 
-Some `artifacts:reports` types can be generated by multiple jobs in the same pipeline, and used by merge request or pipeline features from each job.
-
-| Keyword                                    | Multiple reports in the same pipeline? |
-|:-------------------------------------------|:--------------------------------------:|
-| `accessibility`          | **{check-circle}** Yes |
-| `api_fuzzing`            | **{check-circle}** Yes |
-| `browser_performance`    | **{dotted-circle}** No |
-| `cluster_image_scanning` | **{check-circle}** Yes |
-| `cobertura`              | **{check-circle}** Yes |
-| `codequality`            | Merge request widget: **{check-circle}** [Yes](https://gitlab.com/gitlab-org/gitlab/-/issues/271077#note_507239820).<br>Merge request diff annotations: **{dotted-circle}** [No](https://gitlab.com/gitlab-org/gitlab/-/issues/271077#note_507239820).<br>Full report: **{dotted-circle}** [No](https://gitlab.com/gitlab-org/gitlab/-/issues/9014). |
-| `container_scanning`     | **{check-circle}** Yes |
-| `coverage_fuzzing`       | **{check-circle}** Yes |
-| `dast`                   | **{check-circle}** Yes |
-| `dependency_scanning`    | **{check-circle}** Yes |
-| `dotenv`                 | Not applicable |
-| `junit`                  | **{check-circle}** Yes |
-| `license_management`     | [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36817) to `license_scanning` |
-| `license_scanning`       | **{check-circle}** Yes |
-| `load_performance`       | **{dotted-circle}** No |
-| `metrics`                | **{check-circle}** Yes |
-| `performance`            | **{dotted-circle}** No |
-| `requirements`           | **{check-circle}** Yes |
-| `sast`                   | **{check-circle}** Yes |
-| `secret_detection`       | **{check-circle}** Yes |
-| `terraform`              | **{check-circle}** Yes |
-
-If you also want to be able to browse the report output files, include the
-[`artifacts:paths`](#artifactspaths) keyword.
+Some `artifacts:reports` types can be generated by multiple jobs in the same pipeline, and used by merge request or
+pipeline features from each job.
+
+To be able to browse the report output files, include the [`artifacts:paths`](#artifactspaths) keyword.
 
 NOTE:
-Reports from [child pipelines](../pipelines/parent_child_pipelines.md) aren't supported. Track
-progress on adding support in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/215725).
+Combined reports in parent pipelines using [artifacts from child pipelines](#artifact-downloads-to-child-pipelines) is
+not supported. Track progress on adding support in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/215725).
+
+##### `artifacts:reports:accessibility` **(FREE)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/39425) in GitLab 12.8.
+
+The `accessibility` report uses [pa11y](https://pa11y.org/) to report on the accessibility impact
+of changes introduced in merge requests.
+
+GitLab can display the results of one or more reports in the merge request
+[accessibility widget](../../user/project/merge_requests/accessibility_testing.md#accessibility-merge-request-widget).
+
+For more information, see [Accessibility testing](../../user/project/merge_requests/accessibility_testing.md).
 
 ##### `artifacts:reports:api_fuzzing` **(ULTIMATE)**
 
@@ -3027,8 +3019,12 @@ progress on adding support in [this issue](https://gitlab.com/gitlab-org/gitlab/
 The `api_fuzzing` report collects [API Fuzzing bugs](../../user/application_security/api_fuzzing/index.md)
 as artifacts.
 
-The collected API Fuzzing report uploads to GitLab as an artifact and is summarized in merge
-requests and the pipeline view. It's also used to provide data for security dashboards.
+GitLab can display the results of one or more reports in:
+
+- The merge request [security widget](../../user/application_security/api_fuzzing/index.md#view-details-of-an-api-fuzzing-vulnerability).
+- The [Project Vulnerability report](../../user/application_security/vulnerability_report/index.md).
+- The pipeline [**Security** tab](../../user/application_security/security_dashboard/index.md#pipeline-security).
+- The [security dashboard](../../user/application_security/api_fuzzing/index.md#security-dashboard).
 
 ##### `artifacts:reports:browser_performance` **(PREMIUM)**
 
@@ -3037,75 +3033,103 @@ requests and the pipeline view. It's also used to provide data for security dash
 The `browser_performance` report collects [Browser Performance Testing metrics](../../user/project/merge_requests/browser_performance_testing.md)
 as artifacts.
 
-The collected Browser Performance report uploads to GitLab as an artifact and displays in merge requests.
+GitLab can display the results of one report in the merge request
+[browser performance testing widget](../../user/project/merge_requests/browser_performance_testing.md#how-browser-performance-testing-works).
+
+GitLab cannot display the combined results of multiple `browser_performance` reports.
 
 ##### `artifacts:reports:cluster_image_scanning` **(ULTIMATE)**
 
 > - Introduced in GitLab 14.1.
 > - Requires GitLab Runner 14.1 and above.
 
-The `cluster_image_scanning` report collects `CLUSTER_IMAGE_SCANNING` vulnerabilities
-as artifacts.
+The `cluster_image_scanning` report collects `CLUSTER_IMAGE_SCANNING` vulnerabilities. The collected
+`CLUSTER_IMAGE_SCANNING` report uploads to GitLab as an artifact.
 
-The collected `CLUSTER_IMAGE_SCANNING` report uploads to GitLab as an artifact and
-is summarized in the pipeline view. It's also used to provide data for security
-dashboards.
+GitLab can display the results of one or more reports in:
+
+- The [security dashboard](../../user/application_security/security_dashboard/index.md).
+- The [Project Vulnerability report](../../user/application_security/vulnerability_report/index.md).
 
 ##### `artifacts:reports:cobertura`
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3708) in GitLab 12.9.
 
 The `cobertura` report collects [Cobertura coverage XML files](../../user/project/merge_requests/test_coverage_visualization.md).
-The collected Cobertura coverage reports upload to GitLab as an artifact
-and display in merge requests.
+The collected Cobertura coverage reports upload to GitLab as an artifact.
+
+GitLab can display the results of one or more reports in the merge request
+[diff annotations](../../user/project/merge_requests/test_coverage_visualization.md).
 
-Cobertura was originally developed for Java, but there are many
-third party ports for other languages like JavaScript, Python, Ruby, and so on.
+Cobertura was originally developed for Java, but there are many third-party ports for other languages such as
+JavaScript, Python, and Ruby.
 
 ##### `artifacts:reports:codequality`
 
 > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2.
 
-The `codequality` report collects [Code Quality issues](../../user/project/merge_requests/code_quality.md)
-as artifacts.
+The `codequality` report collects [code quality issues](../../user/project/merge_requests/code_quality.md). The
+collected code quality report uploads to GitLab as an artifact.
+
+GitLab can display the results of:
 
-The collected Code Quality report uploads to GitLab as an artifact and is summarized in merge requests.
+- One or more reports in the merge request [code quality widget](../../user/project/merge_requests/code_quality.md#code-quality-widget).
+- Only one report in:
+  - The merge request [diff annotations](../../user/project/merge_requests/code_quality.md#code-quality-in-diff-view).
+    Track progress on adding support for multiple reports in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/271077).
+  - The [full report](../metrics_reports.md). Track progress on adding support for multiple reports in
+    [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/9014).
 
 ##### `artifacts:reports:container_scanning` **(ULTIMATE)**
 
-The `container_scanning` report collects [Container Scanning vulnerabilities](../../user/application_security/container_scanning/index.md)
-as artifacts.
+The `container_scanning` report collects [Container Scanning vulnerabilities](../../user/application_security/container_scanning/index.md).
+The collected Container Scanning report uploads to GitLab as an artifact.
+
+GitLab can display the results of one or more reports in:
 
-The collected Container Scanning report uploads to GitLab as an artifact and
-is summarized in merge requests and the pipeline view. It's also used to provide data for security
-dashboards.
+- The merge request [container scanning widget](../../user/application_security/container_scanning/index.md).
+- The pipeline [**Security** tab](../../user/application_security/security_dashboard/index.md#pipeline-security).
+- The [security dashboard](../../user/application_security/security_dashboard/index.md).
+- The [Project Vulnerability report](../../user/application_security/vulnerability_report/index.md).
 
 ##### `artifacts:reports:coverage_fuzzing` **(ULTIMATE)**
 
 > - Introduced in GitLab 13.4.
 > - Requires GitLab Runner 13.4 or later.
 
-The `coverage_fuzzing` report collects [coverage fuzzing bugs](../../user/application_security/coverage_fuzzing/index.md)
-as artifacts.
+The `coverage_fuzzing` report collects [coverage fuzzing bugs](../../user/application_security/coverage_fuzzing/index.md).
+The collected coverage fuzzing report uploads to GitLab as an artifact.
+GitLab can display the results of one or more reports in:
 
-The collected coverage fuzzing report uploads to GitLab as an artifact and is summarized in merge
-requests and the pipeline view. It's also used to provide data for security dashboards.
+- The merge request [coverage fuzzing widget](../../user/application_security/coverage_fuzzing/index.md#interacting-with-the-vulnerabilities).
+- The pipeline [**Security** tab](../../user/application_security/security_dashboard/index.md#pipeline-security).
+- The [Project Vulnerability report](../../user/application_security/vulnerability_report/index.md).
+- The [security dashboard](../../user/application_security/security_dashboard/index.md).
 
 ##### `artifacts:reports:dast` **(ULTIMATE)**
 
-The `dast` report collects [DAST vulnerabilities](../../user/application_security/dast/index.md)
-as artifacts.
+The `dast` report collects [DAST vulnerabilities](../../user/application_security/dast/index.md). The collected DAST
+report uploads to GitLab as an artifact.
 
-The collected DAST report uploads to GitLab as an artifact and is summarized in merge requests and the pipeline view. It's also used to provide data for security
-dashboards.
+GitLab can display the results of one or more reports in:
+
+- The merge request [security widget](../../user/application_security/dast/index.md#view-details-of-a-vulnerability-detected-by-dast).
+- The pipeline [**Security** tab](../../user/application_security/security_dashboard/index.md#pipeline-security).
+- The [Project Vulnerability report](../../user/application_security/vulnerability_report/index.md).
+- The [security dashboard](../../user/application_security/security_dashboard/index.md).
 
 ##### `artifacts:reports:dependency_scanning` **(ULTIMATE)**
 
-The `dependency_scanning` report collects [Dependency Scanning vulnerabilities](../../user/application_security/dependency_scanning/index.md)
-as artifacts.
+The `dependency_scanning` report collects [Dependency Scanning vulnerabilities](../../user/application_security/dependency_scanning/index.md).
+The collected Dependency Scanning report uploads to GitLab as an artifact.
 
-The collected Dependency Scanning report uploads to GitLab as an artifact and is summarized in merge requests and the pipeline view. It's also used to provide data for security
-dashboards.
+GitLab can display the results of one or more reports in:
+
+- The merge request [dependency scanning widget](../../user/application_security/dependency_scanning/index.md#overview).
+- The pipeline [**Security** tab](../../user/application_security/security_dashboard/index.md#pipeline-security).
+- The [security dashboard](../../user/application_security/security_dashboard/index.md).
+- The [Project Vulnerability report](../../user/application_security/vulnerability_report/index.md).
+- The [dependency list](../../user/application_security/dependency_list/).
 
 ##### `artifacts:reports:dotenv`
 
@@ -3130,10 +3154,9 @@ The exceptions to the [original dotenv rules](https://github.com/motdotla/dotenv
 
 ##### `artifacts:reports:junit`
 
-The `junit` report collects [JUnit report format XML files](https://www.ibm.com/docs/en/adfz/developer-for-zos/14.1.0?topic=formats-junit-xml-format)
-as artifacts. Although JUnit was originally developed in Java, there are many
-third party ports for other
-languages like JavaScript, Python, Ruby, and so on.
+The `junit` report collects [JUnit report format XML files](https://www.ibm.com/docs/en/adfz/developer-for-zos/14.1.0?topic=formats-junit-xml-format).
+The collected Unit test reports upload to GitLab as an artifact. Although JUnit was originally developed in Java, there
+are many third-party ports for other languages such as JavaScript, Python, and Ruby.
 
 See [Unit test reports](../unit_test_reports.md) for more details and examples.
 Below is an example of collecting a JUnit report format XML file from Ruby's RSpec test tool:
@@ -3149,62 +3172,72 @@ rspec:
       junit: rspec.xml
 ```
 
-The collected Unit test reports upload to GitLab as an artifact and display in merge requests.
+GitLab can display the results of one or more reports in:
+
+- The merge request [code quality widget](../../ci/unit_test_reports.md#how-it-works).
+- The [full report](../../ci/unit_test_reports.md#viewing-unit-test-reports-on-gitlab).
 
-If the JUnit tool you use exports to multiple XML files, specify
-multiple test report paths in a single job to
-concatenate them into a single file. Use a filename pattern (`junit: rspec-*.xml`),
-an array of filenames (`junit: [rspec-1.xml, rspec-2.xml, rspec-3.xml]`), or a
-combination thereof (`junit: [rspec.xml, test-results/TEST-*.xml]`).
+Some JUnit tools export to multiple XML files. You can specify multiple test report paths in a single job to
+concatenate them into a single file. Use either:
+
+- A filename pattern (`junit: rspec-*.xml`).
+- an array of filenames (`junit: [rspec-1.xml, rspec-2.xml, rspec-3.xml]`).
+- A Combination of both (`junit: [rspec.xml, test-results/TEST-*.xml]`).
 
 ##### `artifacts:reports:license_scanning` **(ULTIMATE)**
 
 > Introduced in GitLab 12.8.
 
-The `license_scanning` report collects [Licenses](../../user/compliance/license_compliance/index.md)
-as artifacts.
+The License Compliance report collects [Licenses](../../user/compliance/license_compliance/index.md). The License
+Compliance report uploads to GitLab as an artifact.
 
-The License Compliance report uploads to GitLab as an artifact and displays automatically
-in merge requests and the pipeline view. The report provides data for security dashboards.
+GitLab can display the results of one or more reports in:
+
+- The merge request [license compliance widget](../../user/compliance/license_compliance/index.md).
+- The [license list](../../user/compliance/license_compliance/index.md#license-list).
 
 ##### `artifacts:reports:load_performance` **(PREMIUM)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35260) in GitLab 13.2.
 > - Requires GitLab Runner 11.5 and above.
 
-The `load_performance` report collects [Load Performance Testing metrics](../../user/project/merge_requests/load_performance_testing.md)
-as artifacts.
+The `load_performance` report collects [Load Performance Testing metrics](../../user/project/merge_requests/load_performance_testing.md).
+The report is uploaded to GitLab as an artifact.
 
-The report is uploaded to GitLab as an artifact and is
-shown in merge requests automatically.
+GitLab can display the results of only one report in the merge request
+[load testing widget](../../user/project/merge_requests/load_performance_testing.md#how-load-performance-testing-works).
+
+GitLab cannot display the combined results of multiple `load_performance` reports.
 
 ##### `artifacts:reports:metrics` **(PREMIUM)**
 
-The `metrics` report collects [Metrics](../metrics_reports.md)
-as artifacts.
+The `metrics` report collects [Metrics](../metrics_reports.md). The collected Metrics report uploads to GitLab as an
+artifact.
 
-The collected Metrics report uploads to GitLab as an artifact and displays in merge requests.
+GitLab can display the results of one or more reports in the merge request
+[metrics reports widget](../../ci/metrics_reports.md#metrics-reports).
 
 ##### `artifacts:reports:requirements` **(ULTIMATE)**
 
 > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2859) in GitLab 13.1.
 
-The `requirements` report collects `requirements.json` files as artifacts.
+The `requirements` report collects `requirements.json` files. The collected Requirements report uploads to GitLab as an
+artifact and existing [requirements](../../user/project/requirements/index.md) are marked as Satisfied.
 
-The collected Requirements report uploads to GitLab as an artifact and
-existing [requirements](../../user/project/requirements/index.md) are
-marked as Satisfied.
+GitLab can display the results of one or more reports in the
+[project requirements](../../user/project/requirements/index.md#view-a-requirement).
 
 ##### `artifacts:reports:sast`
 
 > - [Moved](https://gitlab.com/groups/gitlab-org/-/epics/2098) from GitLab Ultimate to GitLab Free in 13.3.
 
-The `sast` report collects [SAST vulnerabilities](../../user/application_security/sast/index.md)
-as artifacts.
+The `sast` report collects [SAST vulnerabilities](../../user/application_security/sast/index.md). The collected SAST
+report uploads to GitLab as an artifact.
+
+GitLab can display the results of one or more reports in:
 
-The collected SAST report uploads to GitLab as an artifact and is summarized
-in merge requests and the pipeline view. It's also used to provide data for security
-dashboards.
+- The merge request [SAST widget](../../user/application_security/sast/index.md#static-application-security-testing-sast).
+- The [security dashboard](../../user/application_security/security_dashboard/index.md).
 
 ##### `artifacts:reports:secret_detection`
 
@@ -3212,22 +3245,27 @@ dashboards.
 > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/222788) to GitLab Free in 13.3.
 > - Requires GitLab Runner 11.5 and above.
 
-The `secret-detection` report collects [detected secrets](../../user/application_security/secret_detection/index.md)
-as artifacts.
+The `secret-detection` report collects [detected secrets](../../user/application_security/secret_detection/index.md).
+The collected Secret Detection report is uploaded to GitLab.
+
+GitLab can display the results of one or more reports in:
 
-The collected Secret Detection report is uploaded to GitLab as an artifact and summarized
-in the merge requests and pipeline view. It's also used to provide data for security
-dashboards.
+- The merge request [secret scanning widget](../../user/application_security/secret_detection/index.md).
+- The [pipeline **Security** tab](../../user/application_security/index.md#view-security-scan-information-in-the-pipeline-security-tab).
+- The [security dashboard](../../user/application_security/security_dashboard/index.md).
 
 ##### `artifacts:reports:terraform`
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207528) in GitLab 13.0.
 > - Requires [GitLab Runner](https://docs.gitlab.com/runner/) 11.5 and above.
 
-The `terraform` report obtains a Terraform `tfplan.json` file. [JQ processing required to remove credentials](../../user/infrastructure/iac/mr_integration.md#configure-terraform-report-artifacts). The collected Terraform
-plan report uploads to GitLab as an artifact and displays
-in merge requests. For more information, see
-[Output `terraform plan` information into a merge request](../../user/infrastructure/iac/mr_integration.md).
+The `terraform` report obtains a Terraform `tfplan.json` file. [JQ processing required to remove credentials](../../user/infrastructure/iac/mr_integration.md#configure-terraform-report-artifacts).
+The collected Terraform plan report uploads to GitLab as an artifact.
+
+GitLab can display the results of one or more reports in the merge request
+[terraform widget](../../user/infrastructure/iac/mr_integration.md#output-terraform-plan-information-into-a-merge-request).
+
+For more information, see [Output `terraform plan` information into a merge request](../../user/infrastructure/iac/mr_integration.md).
 
 #### `artifacts:untracked`